🔒 Security News Digest - 2026-03-23

📊 22 updates from 8 sources:

🔹 SecurityWeek: Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
https://www.securityweek.com/aquas-trivy-vulnerability-scanner-hit-by-supply-chain-attack/

🔹 Threat Intelligence: M-Trends 2026: Data, Insights, and Strategies From the Frontlines
https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026/

🔹 BleepingComputer: Varonis Atlas: Securing AI and the Data That Powers It
https://www.bleepingcomputer.com/news/security/varonis-atlas-securing-ai-and-the-data-that-powers-it/

🔹 Security News | TechCrunch: Federal immigration agents filmed making airport arrests as Trump calls in ICE to ease security line delays
https://techcrunch.com/2026/03/23/federal-immigration-agents-filmed-making-airport-arrests-as-trump-calls-in-ice-to-ease-security-line-delays/

🔹 SecurityWeek: Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware
https://www.securityweek.com/chip-services-firm-trio-tech-says-subsidiary-hit-by-ransomware/

🔹 SecurityWeek: M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds
https://www.securityweek.com/m-trends-2026-initial-access-handoff-shrinks-from-hours-to-22-seconds/

🔹 Security Boulevard: Honeytokens on the Developer Workstation: When Cleanup Takes Time
https://securityboulevard.com/2026/03/honeytokens-on-the-developer-workstation-when-cleanup-takes-time/

🔹 Security Boulevard: Female Cybersecurity Leaders to Watch in Michigan
https://securityboulevard.com/2026/03/female-cybersecurity-leaders-to-watch-in-michigan/

🔹 darkreading: Attackers Hide Infostealer in Copyright Infringement Notices
https://www.darkreading.com/cyberattacks-data-breaches/attackers-hide-infostealer-copyright-infringement-notices

🔹 Security News | TechCrunch: FBI says Iranian hackers are using Telegram to steal data in malware attacks
https://techcrunch.com/2026/03/23/fbi-says-iranian-hackers-are-using-telegram-to-steal-data-in-malware-attacks/

🦠 Malwarebytes: The March Madness scam playbook
https://www.malwarebytes.com/blog/news/2026/03/the-march-madness-scam-playbook

🔹 Security Boulevard: The March Madness scam playbook
https://securityboulevard.com/2026/03/the-march-madness-scam-playbook/

🔹 Security Boulevard: Nike’s 1.4TB IP Theft: When Ransomware Targets Trade Secrets Instead of Files
https://securityboulevard.com/2026/03/nikes-1-4tb-ip-theft-when-ransomware-targets-trade-secrets-instead-of-files/

🔹 Security Boulevard: SecurityScorecard Debuts TITAN AI to Automate Third-Party Risk Management Workflows
https://securityboulevard.com/2026/03/securityscorecard-debuts-titan-ai-to-automate-third-party-risk-management-workflows/

🔹 Security Boulevard: Webinar Recap: Cyber Risk in Wartime – Threat Intelligence, Risk Modeling, and Insurance Strategy
https://securityboulevard.com/2026/03/webinar-recap-cyber-risk-in-wartime-threat-intelligence-risk-modeling-and-insurance-strategy/

🦠 Malwarebytes: FriendlyDealer mimics official app stores to push unvetted gambling apps
https://www.malwarebytes.com/blog/scams/2026/03/friendlydealer-mimics-official-app-stores-to-push-unvetted-gambling-apps

🔹 Security Boulevard: FriendlyDealer mimics official app stores to push unvetted gambling apps
https://securityboulevard.com/2026/03/friendlydealer-mimics-official-app-stores-to-push-unvetted-gambling-apps/

🔹 Krebs on Security: ‘CanisterWorm’ Springs Wiper Attack Targeting Iran
https://krebsonsecurity.com/2026/03/canisterworm-springs-wiper-attack-targeting-iran/

🔹 SecurityWeek: RSAC 2026 Conference Announcements Summary (Pre-Event)
https://www.securityweek.com/rsac-2026-conference-announcements-summary-pre-event/

🔹 Security Boulevard: SOC 2 penetration testing requirements
https://securityboulevard.com/2026/03/soc-2-penetration-testing-requirements/

🔹 Security Boulevard: Capital One Software Expands Databolt to Protect Unstructured Data for AI Use
https://securityboulevard.com/2026/03/capital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use/

🔹 Security Boulevard: Capital One Software Expands Databolt to Protect Unstructured Data for AI Use
https://securityboulevard.com/2026/03/capital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use-2/

#InfoSec #SecurityNews

🔒 Security News Digest - 2026-03-23

📊 13 updates from 6 sources:

🔹 BleepingComputer: FBI warns of Handala hackers using Telegram in malware attacks
https://www.bleepingcomputer.com/news/security/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/

🔹 SecurityWeek: Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
https://www.securityweek.com/tycoon-2fa-fully-operational-despite-law-enforcement-takedown/

🔹 The Hacker News: Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
https://thehackernews.com/2026/03/microsoft-warns-irs-phishing-hits-29000.html

🔹 The Record from Recorded Future News: US soldier sentenced for helping North Korean IT workers
https://therecord.media/us-soldier-sentencer-for-helping-nk-it-workers

🔹 SecurityWeek: QNAP Patches Four Vulnerabilities Exploited at Pwn2Own
https://www.securityweek.com/qnap-patches-four-vulnerabilities-exploited-at-pwn2own/

🔹 Security Boulevard: AI Readiness Assessment: How to Evaluate If Your Business Is Truly Ready for AI
https://securityboulevard.com/2026/03/ai-readiness-assessment-how-to-evaluate-if-your-business-is-truly-ready-for-ai/

🔹 The Hacker News: We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
https://thehackernews.com/2026/03/we-found-eight-attack-vectors-inside.html

🔹 BleepingComputer: Microsoft Exchange Online service change causes email access issues
https://www.bleepingcomputer.com/news/microsoft/new-exchange-online-virtual-account-blocks-email-access-via-mobile-mac-apps/

🔹 Security Boulevard: Cisco Extends Security Reach to AI Agents
https://securityboulevard.com/2026/03/cisco-extends-security-reach-to-ai-agents/

🦠 Malwarebytes: Advanced Flow will make Android sideloading safer
https://www.malwarebytes.com/blog/news/2026/03/advanced-flow-will-make-android-sideloading-safer

🔹 Security Boulevard: RSA Launches ID Plus Sovereign Deployment for Organizations That Can’t Afford Identity Downtime
https://securityboulevard.com/2026/03/rsa-launches-id-plus-sovereign-deployment-for-organizations-that-cant-afford-identity-downtime/

🔹 Security Boulevard: Ridge Security Brings Agentic AI Pentesting to SMBs With PurpleRidge 3.0
https://securityboulevard.com/2026/03/ridge-security-brings-agentic-ai-pentesting-to-smbs-with-purpleridge-3-0/

🔹 Security Boulevard: Vorlon Survey: 99% of Organizations Got Hit by a SaaS or AI Security Incident in 2025
https://securityboulevard.com/2026/03/vorlon-survey-99-of-organizations-got-hit-by-a-saas-or-ai-security-incident-in-2025/

#InfoSec #SecurityNews

🔒 Security News Digest - 2026-03-23

📊 7 updates from 4 sources:

🔹 The Hacker News: Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html

🦠 Malwarebytes: A week in security (March 16 – March 22)
https://www.malwarebytes.com/blog/uncategorized/2026/03/a-week-in-security-march-16-march-22

🔹 Security Boulevard: A week in security (March 16 – March 22)
https://securityboulevard.com/2026/03/a-week-in-security-march-16-march-22/

🔹 Security Boulevard: Building a Layered Security Stack: Identity, Network and Device Protection
https://securityboulevard.com/2026/03/building-a-layered-security-stack-identity-network-and-device-protection/

🔹 BleepingComputer: New KB5085516 emergency update fixes Microsoft account sign-in
https://www.bleepingcomputer.com/news/microsoft/new-kb5085516-emergency-update-fixes-microsoft-account-sign-in/

🔹 The Hacker News: Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html

🔹 BleepingComputer: CISA orders feds to patch DarkSword iOS flaws exploited attacks
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-darksword-ios-flaws-exploited-attacks/

#InfoSec #SecurityNews

🔹 SecurityWeek

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.

🔗 https://www.securityweek.com/oracle-releases-emergency-patch-for-critical-identity-manager-vulnerability/

🔹 Security Boulevard

The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico’s […] The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Shared Security Podcast. The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Security Boulevard.

🔗 https://securityboulevard.com/2026/03/the-real-state-of-offensive-security-ai-penetration-testing-the-road-ahead-with-andrew-wilson/

🔒 Security News Digest - 2026-03-23

📊 8 updates from 2 sources:

🔹 Security Boulevard: Is there an innovative way to manage Agentic AI risks
https://securityboulevard.com/2026/03/is-there-an-innovative-way-to-manage-agentic-ai-risks/

🔹 Security Boulevard: How capable are NHIs in managing company secrets
https://securityboulevard.com/2026/03/how-capable-are-nhis-in-managing-company-secrets/

🦠 Malwarebytes: This is all it takes to stop a train (Lock and Code S07E06)
https://www.malwarebytes.com/blog/podcast/2026/03/this-is-all-it-takes-to-stop-a-train-lock-and-code-s07e06

🔹 Security Boulevard: This is all it takes to stop a train (Lock and Code S07E06)
https://securityboulevard.com/2026/03/this-is-all-it-takes-to-stop-a-train-lock-and-code-s07e06/

🔹 Security Boulevard: Side-Channel Attack Mitigation for Quantum-Resistant MCP Metadata
https://securityboulevard.com/2026/03/side-channel-attack-mitigation-for-quantum-resistant-mcp-metadata/

🔹 Security Boulevard: Booz Allen Rolls Out Vellox, a Five-Product AI Cyber Suite Built on Adversary Tradecraft
https://securityboulevard.com/2026/03/booz-allen-rolls-out-vellox-a-five-product-ai-cyber-suite-built-on-adversary-tradecraft-2/

🔹 Security Boulevard: CTG Launches Cyber Resilience Scoring Dashboard to Give CISOs a Single Risk Number
https://securityboulevard.com/2026/03/ctg-launches-cyber-resilience-scoring-dashboard-to-give-cisos-a-single-risk-number/

🔹 Security Boulevard: Bindplane Adds Autonomous Pipeline Monitoring and Threat Intel Enrichment Ahead of RSAC
https://securityboulevard.com/2026/03/bindplane-adds-autonomous-pipeline-monitoring-and-threat-intel-enrichment-ahead-of-rsac/

#InfoSec #SecurityNews

🔒 Security News Digest - 2026-03-22

📊 5 updates from 2 sources:

🔹 Security Boulevard: When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Three
https://securityboulevard.com/2026/03/when-data-mining-conti-leaks-leads-to-actual-binaries-and-to-a-hardcoded-c2-with-an-encryption-key-on-tripod-com-part-three/

🔹 Security Boulevard: A Compilation of BitCoin Wallet Addresses from the RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation
https://securityboulevard.com/2026/03/a-compilation-of-bitcoin-wallet-addresses-from-the-ramp-russian-anonymous-marketplace-forum-members-a-compilation/

🔹 Security Boulevard: A Domains Portfolio Belonging to RAMP (Russian Anonymous Marketplace) Forum Members – A Compilation
https://securityboulevard.com/2026/03/a-domains-portfolio-belonging-to-ramp-russian-anonymous-marketplace-forum-members-a-compilation/

🔹 iTnews - Security: "CanisterWorm" supply chain malware attacks npm
https://www.itnews.com.au/news/canisterworm-supply-chain-malware-attacks-npm-624485?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+Security+feed

🔹 iTnews - Security: US, Germany, Canada disrupt botnets
https://www.itnews.com.au/news/us-germany-canada-disrupt-botnets-624497?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+Security+feed

#InfoSec #SecurityNews

🔹 Security Boulevard

BSidesSLC 2025 – Faces In The Fog – Seth Law On Unconventional User Enumeration

Author, Creator & Presenter: Seth Law, Founder of Redpoint Security Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel. The post BSidesSLC 2025 – Faces In The Fog – Seth Law On Unconventional User Enumeration appeared first on Security Boulevard.

🔗 https://securityboulevard.com/2026/03/bsidesslc-2025-faces-in-the-fog-seth-law-on-unconventional-user-enumeration/

🔹 Security News | TechCrunch

Delve accused of misleading customers with ‘fake compliance’

An anonymous Substack post accuses compliance startup Delve of “falsely” convincing “hundreds of customers they were compliant” with privacy and security regulations.

🔗 https://techcrunch.com/2026/03/22/delve-accused-of-misleading-customers-with-fake-compliance/

🔹 BleepingComputer

VoidStealer malware steals Chrome master key via debugger trick

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. [...]

🔗 https://www.bleepingcomputer.com/news/security/voidstealer-malware-steals-chrome-master-key-via-debugger-trick/