News
-
Loblaw notifies customers after breach exposes names and contact details
Loblaw notified customers this week that a breach of a contained part of its IT network exposed names phone numbers and email addresses. The company logged customers out and there was no evidence that financial or health data were accessed.
-
Researchers identify suspected AI-assisted Slopoly backdoor used by Hive0163
Researchers identified a suspected AI-generated PowerShell backdoor called Slopoly used by the cybercrime group Hive0163 in early 2026. The backdoor established persistence and beaconed to a command server while analysts examined code patterns.
-
Authorities disrupt SocksEscort proxy network powered by AVRecon on Linux routers
Law enforcement disrupted the SocksEscort proxy network that used AVRecon to compromise Linux routers. Lumen’s Black Lotus Labs reported the network averaged about 20,000 infected devices weekly and authorities seized infrastructure and froze funds.
-
U.S. charges former DigitalMint negotiator in scheme linked to BlackCat ransomware
The Department of Justice charged Angelo Martino, a former DigitalMint ransomware negotiator, with one count of conspiracy to interfere with interstate commerce by extortion after his March 10 surrender. Allegations include sharing negotiation details with BlackCat.
-
Threat actors using modified AuraInspector to mass-scan Salesforce Experience Cloud sites
Salesforce warned that attackers are using a modified AuraInspector to mass-scan public Experience Cloud sites and extract data from overly permissive guest user profiles. Customers should review guest settings and restrict external object access.
-
BeatBanker Android malware poses as Starlink app and hijacks devices in Brazil
BeatBanker is Android malware that combines a banking trojan and Monero miner, uses a fake Starlink Play Store page for delivery and a looping MP3 to stay active. Infections were recorded in Brazil.
-
GitLab analysis exposes North Korean fake IT worker tradecraft
A technical analysis by GitLab found North Korean operators used code repositories to deliver obfuscated malware loaders and that 131 accounts were removed last year. The report lists tradecraft and more than 600 indicators.
-
Six Android malware families steal data and hijack payments, researchers find
Researchers found six Android malware families that steal data and enable financial fraud. The trojans use fake Play Store listings, accessibility abuse and screen overlays to hijack transfers including real time attacks on Brazil’s Pix system.
-
Two critical n8n flaws patched after researcher finds remote code execution risk
Two critical vulnerabilities in the n8n workflow platform were reported and patched in March 2026. A technical analysis and vendor advisories show flaws that can enable remote code execution and decryption of stored credentials.
-
Meta disables more than 150,000 accounts tied to Southeast Asia scam centres
Meta disabled more than 150,000 accounts tied to Southeast Asia scam centres and 21 arrests followed in Thailand, while new platform tools and a U.K. disruption unit aim to scale takedowns and reduce fraud.
