.png)
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
What smart factories keep getting wrong about cybersecurity
In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how unmanaged devices, from sensors to robotic components, often go unpatched and become entry points for attackers.
Certificate lifespans are shrinking and most organizations aren’t ready
The push for shorter TLS certificate lifespans has grown for years. Google first promoted 90-day certificates, and Apple later proposed 47-day ones, prompting the CA/Browser Forum to set a formal timeline. That plan cuts validity from one year to 200 days, then 100, and finally 47, forcing organizations to rethink certificate purchasing and management.
Stop building security goals around controls
In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks through how to align security goals with corporate priorities, why CISOs must present risk in terms leadership can act on, and how to balance innovation speed with measured risk.
AI got it wrong with high confidence. Now what?
In this Help Net Security interview, Christian Debes, Head of Data Analytics & AI at SPRYFOX, talks about the growing gap between what AI models do and what their operators can explain. He argues this gap is already a liability, particularly when decisions affect people or money and no one can say why a model produced a certain output.
Field workers don’t need more access, they need better security
In this Help Net Security interview, Chris Thompson, CISO at West Shore Home, discusses least privilege and credential hygiene for a field-based workforce. He covers access management, authentication practices, and data risk processes that support employees in the field. Thompson also outlines security awareness efforts and how field teams are integrated into an organization’s security posture.
CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)
CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday.
DarkSword: Researchers uncover another iOS exploit kit
A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify disclosed the existence of Coruna, a spy-grade iOS exploit kit that has been used in a commercial surveillance operation, by state-linked threat actors engaged in cyber espionage, and cybercriminals.
Unpatched ScreenConnect servers open to attack (CVE-2026-3564)
ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution providers. They can opt for the cloud-hosted version or can deploy it on their own servers or in their private cloud.
Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)
A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering CJ Moses revealed.
What to do in the first 24 hours of a breach
In this Help Net Security video, Arvind Parthasarathi, CEO of CYGNVS, walks through a 10-step process for handling a cybersecurity breach. The first five steps cover preparation, while the next five address what to do once a breach is underway.
Cloud misconfiguration has evolved and your controls haven’t
In this Help Net Security video, Kat Traxler, Principal Security Researcher – Public Cloud at Vectra AI, walks through two AWS misconfigurations that go beyond the basics of bucket visibility. The first is bucket name squatting, and the second is the cross-service confused deputy problem.
Fake scandal clips on Facebook bait victims into investment scams
Bitdefender researchers uncovered hundreds of scam campaigns promoted through Facebook ads that use fake news stories, celebrity impersonation, and redirect chains to funnel victims into investment fraud schemes. The activity ran through 310 malvertising campaigns distributed on Meta platforms from February 9 to March 5, 2026. The campaigns generated more than 26,000 ad sightings with localized content in more than 15 languages.
45,000 malicious IP addresses taken down, 94 suspects arrested
An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action was carried out as part of Operation Synergia III, an investigation that ran from July 18, 2025 to January 31, 2026.
Hackers tried to breach Poland’s nuclear research centre
Poland’s National Centre for Nuclear Research (NCBJ) thwarted a cyberattack targeting its IT infrastructure. The attempted intrusion was detected and blocked before attackers could compromise systems or disrupt operations.
Meta ditches end-to-end encrypted messaging on Instagram
End-to-end encrypted messaging on Instagram will no longer be supported after May 8, 2026. Meta justified the move by saying the feature was rarely used, with only a small fraction of Instagram users enabling encryption. The company advised users seeking end-to-end encryption to switch to WhatsApp, where it is enabled by default.
Hidden instructions in README files can make AI agents leak data
Developers rely on AI coding agents to set up projects, install dependencies, and run commands by following instructions in repository README files, which provide setup guidance for software projects. New research identifies a security risk when attackers hide malicious instructions in those documents.
Millions of UK firms on alert after Companies House data exposure
Companies House, the UK’s official company registry, said its WebFiling service is back online after being shut down on Friday to fix a security issue that may have exposed the personal data of millions of firms. An investigation indicates the flaw was likely introduced during an October 2025 update.
EU sanctions Chinese company behind 65,000-device hack
The EU Council has sanctioned companies from China and Iran, along with two individuals, over cyberattacks targeting its member states and partners. With the latest listings, the EU cyber sanctions regime applies to 19 individuals and 7 entities.
Global fraud losses climb to $442 billion
Online fraud is reaching more victims and generating larger losses, driven by digital tools and organized networks operating across borders. In INTERPOL’s March 2026 Global Financial Fraud Threat Assessment, financial fraud sits among the top five global crime threats, with a 54% rise in fraud related Notices and Diffusions from 2024 to 2025.
Big tech companies step in to support the open source security ecosystem
Backed by new funding commitments from major technology players, open source security efforts are moving beyond threat identification toward practical solutions for defenders. The Linux Foundation announced $12.5 million in grant funding backed by Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen open source security.
Apple starts issuing lightweight security updates between software releases
Apple is delivering small security updates, called Background Security Improvements, starting with iOS 26.1, iPadOS 26.1, and macOS 26.1. Apple describes Background Security Improvements as lightweight security releases for components such as Safari, the WebKit framework, and other system libraries, delivered through ongoing patches between software updates.
Firefox is getting a free built-in VPN
Privacy concerns often follow free VPN services, especially when unclear data practices put user information at risk. Mozilla says its version is grounded in its data principles and focus on trust, aiming to avoid the kinds of arrangements that have raised questions in the past. Privacy concerns often follow free VPN services, especially when unclear data practices put user information at risk. Mozilla says its version is grounded in its data principles and focus on trust, aiming to avoid the kinds of arrangements that have raised questions in the past.
Elite members of North Korean society fake their way into Western paychecks
Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean nationals are securing roles as remote IT contractors and full-time staff within organizations across North America and Western Europe, using standard hiring channels to get in.
Samba 4.24.0 ships Kerberos hardening and a CVE fix for domain encryption defaults
Samba 4.24.0 arrived carrying a set of Kerberos security changes aimed at Active Directory deployments. The release fixes a vulnerability, extends audit coverage for sensitive AD attributes, and introduces configuration options to counter two related Kerberos impersonation techniques.
900,000 contact records exposed in Aura data breach
Aura, the online safety service, confirmed that an unauthorized party accessed about 900,000 records, mostly names and email addresses from a marketing tool linked to a company it acquired in 2021. The incident occurred as a result of a targeted phone phishing attack that tricked one of the employees.
Secure endpoint management systems immediately, CISA urges
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that the cyberattack on Stryker Corporation serves as a signal to U.S. organizations that foreign cyber activity tied to Middle East conflicts may be spilling into their operations. Attackers breached Stryker’s internal Microsoft environment and reportedly wiped 200,000 systems, servers, and mobile devices, while extracting 50 terabytes of data.
4chan shrugs off UK regulator, refuses to pay £520,000 in fines over online safety violations
The U.K.’s media regulator Ofcom fined 4chan £450,000 under the Online Safety Act for failing to introduce age checks to stop children from accessing pornographic content on its platform. 4chan is an online forum notorious for its extreme right-wing content, gory videos, and non-consensual pornography.
Authorities disrupt four IoT botnets behind record DDoS attacks
The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, among the largest ever recorded. The four botnets targeted in the operation—Aisuru, KimWolf, JackSkid and Mossad—infected millions of devices worldwide, primarily IoT systems such as digital video recorders, web cameras and WiFi routers.
Terminated contract led to $2.5 million cyber extortion scheme
A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up to two years in prison on each of the six charges.
VulHunt: Open-source vulnerability detection framework
Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and practitioners. VulHunt Community Edition is a framework for detecting vulnerabilities in compiled software. It operates against multiple binary representations simultaneously, working across disassembly, an intermediate representation layer, and decompiled code. Targets include POSIX executables and UEFI firmware modules.
Microsoft Edge 146 adds IP privacy and local network access controls
Microsoft Edge version 146 (Stable) became available on March 13, 2026, bringing updates to tracking protection, IP privacy, and enterprise network security policies.
Microsoft zeroes in on AI-driven data risks in Fabric
New Microsoft Purview innovations for Microsoft Fabric help organizations secure data and accelerate AI adoption. The updates focus on identifying risks, preventing data oversharing, and strengthening governance and data quality across the data estate.
Your APIs are under siege, and attackers are just getting warmed up
Internet-facing systems are handling sustained levels of malicious traffic across APIs, web applications, and DDoS channels. Akamai’s State of the Internet security report places these patterns within the same operating environment, with activity increasing across each area through 2025.
Betterleaks: Open-source secrets scanner
Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and standard input for leaked credentials, API keys, tokens, and passwords.
Java 26 ships with new cryptography API and HTTP/3 support
Oracle released JDK 26, the 17th consecutive feature release delivered under the six-month cadence the project adopted in 2018. The release includes ten JDK Enhancement Proposals spanning language changes, garbage collection improvements, cryptographic tooling, and network protocol support.
EDR killers are now standard equipment in ransomware attacks
Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have become a standard component of ransomware intrusions. ESET Research tracked nearly 90 EDR killers actively used in the wild.
Google limits Android accessibility API to curb malware abuse
Google is restricting how Android apps can use accessibility features after years of abuse by banking Trojans and mobile malware. The changes, introduced in Android 17.2, limit access to the accessibility API when Advanced Protection Mode (APM) is enabled. Apps that do not serve a core accessibility function can no longer use these services, closing off a common attack vector.
Llamafile, Mozilla’s portable LLM runner, gets GPU support and a rebuilt core
Running a large language model on a single machine without cloud access or a container runtime remains a priority for practitioners working in air-gapped or resource-constrained environments. Llamafile, Mozilla-AI’s project for packaging and running LLMs as self-contained executables, has received its most significant architectural overhaul to date with version 0.10.0.
Fake AI songs streamed billions of times, netting fraudster $10 million
Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitted to one count of conspiracy to commit wire fraud, which carries a maximum sentence of five years in prison, and agreed to forfeit $8,091,843.64.
Google slows Android sideloading to trip up scammers
Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sideloading through a controlled, one-time setup. It addresses scam scenarios where attackers pressure individuals to install malicious software.
Cybersecurity jobs available right now: March 17, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: March 20, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Intel 471, Kore.ai, NinjaOne, Pindrop, Secure Code Warrior, Token Security, and Xona Systems.
from Help Net Security https://ift.tt/AF4ZzrU
