FBI warns of Handala hackers using Telegram in malware attacks
The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country’s Ministry of Intelligence and Security (MOIS) are using…
Month: March 2026
New CanisterWorm Steals npm Tokens and Spreads Through Compromised Publisher Accounts
A new wave of supply chain attacks is hitting the npm ecosystem through a self-propagating malware campaign known as CanisterWorm. The threat, linked to a…
Critical QNAP QVR Pro Flaw Could Let Remote Attackers Access Systems
QNAP has released an urgent security advisory regarding a critical vulnerability affecting its QVR Pro application, a widely deployed network video surveillance solution. Disclosed on…
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings,…
A week in security (March 16 – March 22)
Last week on Malwarebytes Labs: Stay safe! We don’t just report on threats—we help safeguard your entire digital identity Cybersecurity risks should never spread beyond…
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Ravie LakshmananMar 23, 2026Vulnerability / Endpoint Security Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA),…
Foster City Cyberattack Disrupts Bay Area City Services
A ransomware attack has disrupted municipal operations in Foster City, California, as officials continue to respond. The Bay Area city, home to roughly 34,000 residents, was…
Why Cyber Risk Is A Business Issue
In this Sofia Scozzari interview with TCE, the Hackmanac CEO offers a grounded look at how today’s cyber threat landscape is evolving, and where organisations…
Pentagon to adopt Palantir AI as core US military system
Palantir’s Maven artificial intelligence system will become an official program of record, US deputy secretary of Defense Steve Feinberg said in a letter to Pentagon…
Exploring Package Tracking Smishing Scams
Have you recently received a text message urging you to take action to avoid a negative outcome? Maybe you’ve just been informed you have an…
Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data
A threat actor has allegedly exfiltrated approximately 100 GB of personally identifiable information (PII) from Crunchyroll, the Sony-owned anime streaming giant, after gaining access through…
How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations –…