Security Feed2h ago

๐Ÿ”’ Security News Digest - 2026-03-18

๐Ÿ“Š 16 updates from 8 sources:

๐Ÿฆ  Malwarebytes: Researchers found font-rendering trick to hide malicious commands
https://www.malwarebytes.com/blog/news/2026/03/researchers-found-font-rendering-trick-to-hide-malicious-commands

๐Ÿ”น Security Boulevard: Researchers found font-rendering trick to hide malicious commands
https://securityboulevard.com/2026/03/researchers-found-font-rendering-trick-to-hide-malicious-commands/

๐Ÿ”น The Hacker News: OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
https://thehackernews.com/2026/03/ofac-sanctions-dprk-it-worker-network.html

๐Ÿ”น Security Boulevard: Menlo Security Adds Platform to Secure AI Agents
https://securityboulevard.com/2026/03/menlo-security-adds-platform-to-secure-ai-agents/

๐Ÿ”น SecurityWeek: Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation
https://www.securityweek.com/autonomous-offensive-security-firm-xbow-raises-120m-at-1b-valuation/

๐Ÿ”น BleepingComputer: ConnectWise patches new flaw allowing ScreenConnect hijacking
https://www.bleepingcomputer.com/news/security/connectwise-patches-new-flaw-allowing-screenconnect-hijacking/

๐Ÿ”น The Record from Recorded Future News: US intelligence chief grilled on absence of election threats in security assessment
https://therecord.media/us-intel-chief-senate-election-security-threat-assessment

๐Ÿ”น Security Boulevard: What Golden Dome Requires from Federal DevSecOps Teams
https://securityboulevard.com/2026/03/what-golden-dome-requires-from-federal-devsecops-teams/

๐Ÿ”น Security News | TechCrunch: FBI is buying location data to track US citizens, director confirms
https://techcrunch.com/2026/03/18/fbi-is-buying-location-data-to-track-us-citizens-kash-patel-wyden/

๐Ÿ”น The Record from Recorded Future News: DHS nominee Mullin pressed on restoring CISA staffing
https://therecord.media/dhs-mullin-pressed-on-restoring-cisa-staffing

๐Ÿ”น Security Boulevard: BSidesCache 2025 โ€“ How To Hide In Plain Sight: Next-Level Digital Privacy
https://securityboulevard.com/2026/03/bsidescache-2025-how-to-hide-in-plain-sight-next-level-digital-privacy/

๐Ÿ”น Security Boulevard: The SOAR Ceiling: Why Playbook Automation Has Hit Its Structural Limits
https://securityboulevard.com/2026/03/the-soar-ceiling-why-playbook-automation-has-hit-its-structural-limits/

๐Ÿ”น SecurityWeek: The Collapse of Predictive Security in the Age of Machine-Speed Attacks
https://www.securityweek.com/the-collapse-of-predictive-security-in-the-age-of-machine-speed-attacks/

๐Ÿ”น The Record from Recorded Future News: Russia-linked hackers use advanced iPhone exploit to target Ukrainians
https://therecord.media/russia-linked-hackers-use-iphone-exploit-ukraine

๐Ÿ”น BleepingComputer: CISA orders feds to patch Zimbra XSS flaw exploited in attacks
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/

๐Ÿ”น iTnews - Security: Researchers uncover 'Darksword' iPhone spyware
https://www.itnews.com.au/news/researchers-uncover-darksword-iphone-spyware-624398?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+Security+feed

#InfoSec #SecurityNews

Researchers found font-rendering trick to hide malicious commands

Researchers found a way to trick AI assistants into missing dangerous user instructions on a website.

Malwarebytes
Healthcare IT Security Robot2h ago

DATE: March 18, 2026 at 04:35PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#Stryker #WiperAttack: #Hackers Boast as Lawsuits Pile Up https://t.co/Vv2aBmOHcV

Here are any URLs found in the article text:

https://t.co/Vv2aBmOHcV

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Healthcare Privacy & HIPAA Bot5h ago

DATE: March 18, 2026 at 01:15PM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

GuardDog Telehealth Admits Improper Access to Medical Records https://t.co/1GZaFfDmIc

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

#security #healthcare #doctors #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #HIPAA #privacy #healthcaresecurity #BAA #patientrecords #telehealth #socialengineering

GuardDog Telehealth Admits Improper Access to Medical Records

A telehealth company has admitted to improperly accessing patients' medical records. GuardDog Telehealth purported to require access to patientsโ€™ medical A telehealth company has admitted to improperly accessing patient medical records. The records were accessed under the guise of treatment, but information in the records was passed to law firms. GuardDog Telehealth has agreed to be barred from accessing data exchanges and will delete all patient data.

The HIPAA Journal
Healthcare Privacy & HIPAA Bot5h ago

DATE: March 18, 2026 at 01:15PM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Trinity Health and University of Pittsburgh Medical Center are notifying patients about potential unauthorized access to patient data by third parties via a Health Information Exchange (HIE).
https://t.co/v3IkxnyXvW

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

#security #healthcare #doctors #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #HIPAA #privacy #healthcaresecurity #BAA #patientrecords #telehealth #socialengineering

Trinity Health & UPMC Notify Patients About Potential Unauthorized Data Access via HIE

Trinity Health and the University of Pittsburgh Medical Center are notifying patients about potential unauthorized access to patient data by third parties Trinity Health and the University of Pittsburgh Medical Center are notifying patients about potential unauthorized access to patient data by third parties via a Health Information Exchange (HIE).

The HIPAA Journal
Healthcare Privacy & HIPAA Bot5h ago

DATE: March 18, 2026 at 01:15PM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

GuardDog Telehealth Admits Improper Access to Medical Records https://t.co/1GZaFfDmIc

Here are any URLs found in the article text:

https://t.co/1GZaFfDmIc

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

#security #healthcare #doctors #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #HIPAA #privacy #healthcaresecurity #BAA #patientrecords #telehealth #socialengineering

GuardDog Telehealth Admits Improper Access to Medical Records

A telehealth company has admitted to improperly accessing patients' medical records. GuardDog Telehealth purported to require access to patientsโ€™ medical A telehealth company has admitted to improperly accessing patient medical records. The records were accessed under the guise of treatment, but information in the records was passed to law firms. GuardDog Telehealth has agreed to be barred from accessing data exchanges and will delete all patient data.

The HIPAA Journal
Healthcare Privacy & HIPAA Bot5h ago

DATE: March 18, 2026 at 01:15PM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Trinity Health and University of Pittsburgh Medical Center are notifying patients about potential unauthorized access to patient data by third parties via a Health Information Exchange (HIE).
https://t.co/v3IkxnyXvW

Here are any URLs found in the article text:

https://t.co/v3IkxnyXvW

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

#security #healthcare #doctors #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #HIPAA #privacy #healthcaresecurity #BAA #patientrecords #telehealth #socialengineering

Trinity Health & UPMC Notify Patients About Potential Unauthorized Data Access via HIE

Trinity Health and the University of Pittsburgh Medical Center are notifying patients about potential unauthorized access to patient data by third parties Trinity Health and the University of Pittsburgh Medical Center are notifying patients about potential unauthorized access to patient data by third parties via a Health Information Exchange (HIE).

The HIPAA Journal
Security Feed5h ago

๐Ÿ”’ Security News Digest - 2026-03-18

๐Ÿ“Š 23 updates from 8 sources:

๐Ÿ”น BleepingComputer: Nordstrom's email system abused to send crypto scams to customers
https://www.bleepingcomputer.com/news/security/nordstroms-email-system-abused-to-send-crypto-scams-to-customers/

๐Ÿ”น SecurityWeek: Manifold Raises $8 Million for AI Detection and Response
https://www.securityweek.com/manifold-raises-8-million-for-ai-detection-and-response/

๐Ÿ”น Threat Intelligence: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/

๐Ÿ”น Security News | TechCrunch: Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools
https://techcrunch.com/2026/03/18/russians-caught-stealing-personal-data-from-ukrainians-with-new-advanced-iphone-hacking-tools/

๐Ÿ”น SecurityWeek: Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches
https://www.securityweek.com/the-shadow-ai-problem-how-saas-apps-are-quietly-enabling-massive-breaches/

๐Ÿ”น BleepingComputer: New โ€œDarkswordโ€ iOS exploit used in infostealer attack on iPhones
https://www.bleepingcomputer.com/news/security/new-darksword-ios-exploit-used-in-infostealer-attack-on-iphones/

๐Ÿ”น BleepingComputer: The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
https://www.bleepingcomputer.com/news/security/the-refund-fraud-economy-exploiting-major-retailers-and-payment-platforms/

๐Ÿ”น Security News | TechCrunch: Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
https://techcrunch.com/2026/03/18/marquis-says-over-672000-people-had-personal-and-financial-data-stolen-in-ransomware-attack/

๐Ÿ”น SecurityWeek: EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations
https://www.securityweek.com/eu-sanctions-chinese-iranian-firms-supporting-hacking-operations/

๐Ÿ”น Security Boulevard: Three Identity Security Trends Shaping 2026: Passwordless Adoption, Reactive Security, and the Rise of Identity Verification
https://securityboulevard.com/2026/03/three-identity-security-trends-shaping-2026-passwordless-adoption-reactive-security-and-the-rise-of-identity-verification/

๐Ÿ”น SecurityWeek: Virtual Summit Today: Supply Chain & Third-Party Risk Summit
https://www.securityweek.com/virtual-summit-today-supply-chain-third-party-risk-summit/

๐Ÿ”น Security Boulevard: How to scale code review when AI writes code faster than you can understand it
https://securityboulevard.com/2026/03/how-to-scale-code-review-when-ai-writes-code-faster-than-you-can-understand-it/

๐Ÿ”น Security Boulevard: Your AI can write Java 25 right with SonarQube
https://securityboulevard.com/2026/03/your-ai-can-write-java-25-right-with-sonarqube/

๐Ÿ”น Red Canary: AI and browser threats stand out in the 2026 Threat Detection Report
https://redcanary.com/blog/threat-detection/2026-threat-detection-report/

๐Ÿ”น darkreading: 'Claudy Dayโ€™ Trio of Flaws Exposes Claude Users to Data Theft
https://www.darkreading.com/vulnerabilities-threats/claudy-day-trio-flaws-claude-users-data-theft

๐Ÿ”น Security Boulevard: Googleโ€™s $32B Wiz Bet: Why Security Consolidation Means Youโ€™re Losing Negotiating Power
https://securityboulevard.com/2026/03/googles-32b-wiz-bet-why-security-consolidation-means-youre-losing-negotiating-power/

๐Ÿ”น Security Boulevard: The New Insider Threat: Autonomous Systems With Excessive Permissions
https://securityboulevard.com/2026/03/the-new-insider-threat-autonomous-systems-with-excessive-permissions/

๐Ÿ”น SecurityWeek: โ€˜DarkSwordโ€™ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors
https://www.securityweek.com/darksword-ios-exploit-kit-used-by-state-sponsored-hackers-spyware-vendors/

๐Ÿ”น BleepingComputer: Marquis: Ransomware gang stole data of 672K people in cyberattack
https://www.bleepingcomputer.com/news/security/marquis-ransomware-gang-stole-data-of-672-000-people-in-2025-cyberattack/

๐Ÿ”น Security Boulevard: Everyone Is Deploying AI Agents. Almost Nobody Knows What Theyโ€™re Doing.
https://securityboulevard.com/2026/03/everyone-is-deploying-ai-agents-almost-nobody-knows-what-theyre-doing/

๐Ÿ”น SecurityWeek: Cloud Security Startup Native Exits Stealth With $42 Million in Funding
https://www.securityweek.com/cloud-security-startup-native-exits-stealth-with-42-million-in-funding/

๐Ÿ”น The Hacker News: Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
https://thehackernews.com/2026/03/interlock-ransomware-exploits-cisco-fmc.html

๐Ÿ”น BleepingComputer: Ransomware gang exploits Cisco flaw in zero-day attacks since January
https://www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/

#InfoSec #SecurityNews

Nordstrom's email system abused to send crypto scams to customers

Customers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick's Day promotion.

BleepingComputer
Healthcare Privacy & HIPAA Bot7h ago

DATE: March 18, 2026 at 11:48AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts.
https://t.co/UMoRDOVFbR

Here are any URLs found in the article text:

https://t.co/UMoRDOVFbR

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

#security #healthcare #doctors #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #HIPAA #privacy #healthcaresecurity #BAA #patientrecords #telehealth #socialengineering

PHI Exposed in Data Breaches at Cedar Valley Services; Community Nurse; Health Dimensions Group

Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts. Cedar Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts.

The HIPAA Journal
Healthcare Privacy & HIPAA Bot7h ago

DATE: March 18, 2026 at 11:48AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Data breaches have recently been announced by Delta Medical Systems in Wisconsin, Ansell Healthcare Products in New Jersey, and FuturHealth in California.
https://t.co/USqD0DPibz

Here are any URLs found in the article text:

https://t.co/USqD0DPibz

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

#security #healthcare #doctors #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #HIPAA #privacy #healthcaresecurity #BAA #patientrecords #telehealth #socialengineering

Delta Medical Systems Notifies Patients About July 2025 Cyberattack

Data breaches have recently been announced by Delta Medical Systems in Wisconsin, Ansell Healthcare Products in New Jersey, and FuturHealth in California. Data breaches have recently been announced by Delta Medical Systems in Wisconsin, Ansell Healthcare Products in New Jersey, and FuturHealth in California.

The HIPAA Journal
Healthcare Privacy & HIPAA Bot7h ago

DATE: March 18, 2026 at 11:48AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts.
https://t.co/UMoRDOVFbR

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

#security #healthcare #doctors #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #HIPAA #privacy #healthcaresecurity #BAA #patientrecords #telehealth #socialengineering

PHI Exposed in Data Breaches at Cedar Valley Services; Community Nurse; Health Dimensions Group

Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts. Cedar Data breaches have recently been reported by Cedar Valley Services and Health Dimensions Group in Minnesota, and Community Nurse in Massachusetts.

The HIPAA Journal