Research
-
Kaspersky links Coruna iOS exploit framework to Operation Triangulation, finds expanded targets
Kaspersky researchers say the Coruna exploit framework is an updated successor to the Operation Triangulation toolkit, adding support for A17 and M3 chips and iOS up to 17.2, and that its components include multiple exploit chains used in both espionage and financially motivated attacks.
-
VoidStealer uses debugger trick to extract Chrome master key, researchers say
VoidStealer, a malware-as-a-service, uses a debugger-based method that leverages hardware breakpoints to extract Chrome’s v20_master_key from memory, researchers at Gen Digital reported.
-
CanisterWorm self propagates in npm after Trivy supply chain compromise
A self propagating worm called CanisterWorm followed a Trivy supply chain compromise to infect 47 npm packages. The worm uses an ICP canister dead drop and stolen npm tokens to publish malicious package versions.
-
Critical Langflow RCE CVE-2026-33017 Exploited Within 20 Hours of Disclosure
A critical unauthenticated RCE in Langflow, CVE-2026-33017 (CVSS 9.3), was disclosed on March 17, 2026 and exploited within 20 hours. Users should apply patches, rotate secrets and restrict network access to public instances.
-
Authorities disrupt command servers for IoT botnets behind record DDoS attacks
U.S. authorities disrupted command servers for multiple IoT botnets on Thursday, targeting networks that infected at least 3 million devices and launched DDoS attacks peaking near 30 terabits per second.
-
Speagle malware hijacks Cobra DocGuard to hide data exfiltration
A technical analysis reported a new infostealer named Speagle that hijacks Cobra DocGuard servers to hide data exfiltration. The 32-bit .NET malware targets only systems with Cobra DocGuard installed and remains unattributed.
-
PolyShell flaw enables unauthenticated RCE and account takeover in Magento 2 stores
PolyShell affects Magento Open Source and Adobe Commerce version 2 installations, enabling unauthenticated code execution and stored XSS. Adobe published a fix only in a 2.4.9 alpha release while production versions remain vulnerable.
-
Critical Telnet flaw allows pre-auth remote code execution as root
A Dream Security advisory disclosed CVE-2026-32746, a CVSS 9.8 buffer overflow in GNU inetutils telnetd that allows unauthenticated remote code execution as root. Maintainers were notified on March 11 and a patch was prepared the next day.
-
Perseus Android banking malware enables device takeover and note theft
Perseus is a new Android banking trojan delivered through sideloaded IPTV apps that enables Accessibility based device takeover overlay attacks and extraction of notes and credentials, primarily targeting Turkey and Italy.
-
DarkSword iOS exploit kit used since November 2025 to steal data from iPhones running iOS 18.4 to 18.7
DarkSword is a full chain iOS exploit kit used since November 2025 to exfiltrate emails, messages and crypto wallet data from iPhones running iOS 18.4 through 18.7 according to a technical analysis.
