Vulnerabilities
-
KadNap botnet infects over 14,000 routers using peer-to-peer DHT to hide command infrastructure
KadNap, a router malware first seen in August 2025, has infected over 14,000 devices and uses a Kademlia DHT peer-to-peer network to hide command infrastructure and provide anonymized proxy services.
-
Nine LeakyLooker flaws in Google Looker Studio could expose GCP data
Tenable found nine cross-tenant vulnerabilities in Google Looker Studio that could have allowed arbitrary SQL queries and data exfiltration across Google Cloud tenants. Google patched the flaws after a June 2025 responsible disclosure.
-
CISA adds three vulnerabilities to Known Exploited Vulnerabilities catalog and sets federal patch dates
CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalog on Monday, covering Workspace One UEM, SolarWinds Web Help Desk, and Endpoint Manager. Federal civilian agencies must apply fixes by mid and late March.
-
Dutch advisory links Russian actors to Signal and WhatsApp account hijacking campaign
A Dutch AIVD advisory links Russian state-sponsored actors to phishing that hijacks Signal and WhatsApp accounts of officials and journalists. Attacks use fake support chatbots and malicious QR codes to seize or link devices and monitor messages.
-
Malicious npm package posing as OpenClaw installer deploys RAT, steals credentials
A JFrog technical analysis reported a malicious npm package posing as an OpenClaw installer. Uploaded March 3, 2026, the package installs a RAT and steals credentials, browser data, wallets and other sensitive macOS data.
-
Two Chrome extensions weaponized after ownership transfers, affecting about 7,800 users
Two Chrome extensions were weaponized after ownership transfers, allowing remote JavaScript to bypass protections and harvest credentials. QuickLens affected about 7,000 users and ShotBird about 800 users. Users should remove unknown extensions and audit browsers.
-
CISA adds two critical Hikvision and Rockwell vulnerabilities to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency added two critical CVE-2017-7921 and CVE-2021-22681 vulnerabilities affecting Hikvision and Rockwell products to its Known Exploited Vulnerabilities catalog, both rated CVSS 9.8.
-
Self-propagating JavaScript worm vandalizes Meta-Wiki pages
Engineers restricted editing on March 5 2026 after a self-propagating JavaScript worm modified about 3,996 pages and replaced roughly 85 users’ common.js scripts. Injected code was removed and edits were reverted while investigation continues.
-
Star Citizen developer discloses January breach that exposed user account details
Cloud Imperium Games disclosed a January 21 2026 breach that gave attackers read only access to backup systems containing basic account details for an undisclosed number of users. No financial data or passwords were affected.
-
Google issues patches for 129 Android flaws including actively exploited Qualcomm zero day
Google released updates that fix 129 Android vulnerabilities, including an actively exploited zero day in a Qualcomm display component. The bulletin adds two March patch levels and addresses 10 critical flaws that can enable remote code execution.
