March, 2026 - Cybernoz

New malicious npm package ‘ambar-src’ targets developers with open source malware

Tenable Research investigated a malicious npm package with around 50,000 downloads in the public registry. We observed various detection-evasion techniques and saw it deploy multiple…

March 8, 2026 Cybernoz 8 min read

PortSwigger

Repeater Strike: manual testing, amplified

Manual testing doesn’t have to be repetitive. In this post, we’re introducing Repeater Strike – a new AI-powered Burp Suite extension designed to automate the…

March 8, 2026 Cybernoz 4 min read

TheHackerNews

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Ravie LakshmananMar 04, 2026Threat Intelligence / Application Security Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit…

March 8, 2026 Cybernoz 3 min read

Securityaffairs

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is…

March 8, 2026 Cybernoz 1 min read

Zerosalarium

Break The Protective Shell Of Windows Defender With The Folder Redirect Technique

I. INTRO During penetration testing or red team activities, the attackers are constantly pursued by Antivirus and Endpoint Detection and Response (EDR) systems. There are…

March 8, 2026 Cybernoz 5 min read

ArsTechnica

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and,…

March 8, 2026 Cybernoz 2 min read

CloudSecurity

Explore scaling options for AWS Directory Service for Microsoft Active Directory

You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can…

March 8, 2026 Cybernoz 9 min read

VendorResearch

Global coalition dismantles Tycoon 2FA phishing kit

Tycoon 2FA, a major phishing kit and platform that allowed low-skilled cybercriminals to bypass multifactor authentication and conduct large-scale adversary-in-the-middle attacks, was dismantled Wednesday by…

March 8, 2026 Cybernoz 3 min read

ThreatIntelligence-IncidentResponse

They Got In Through SonicWall. Then They Tried to Kill Every Security Tool

Summary In early February 2026, Huntress responded to an intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to gain initial access to a victim…

March 8, 2026 Cybernoz 8 min read

PortSwigger

Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling

Sometimes people think they’ve found HTTP request smuggling, when they’re actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes…

March 8, 2026 Cybernoz 5 min read

TheHackerNews

New RFP Template for AI Usage Control and AI Governance

The Hacker NewsMar 04, 2026Artificial Intelligence / SaaS Security As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green…

March 8, 2026 Cybernoz 4 min read

Zerosalarium

Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11

I. LEAD-IN As we know, after an attacker gains control of a machine on the network, the most common action they take is to…

March 8, 2026 Cybernoz 4 min read