cybersecurity17.09 min read
Rockstar Games confirms third-party breach as hackers threaten data leak and ransom
43 minutes ago•Source: Engadget
Cybersecurity News
The latest cybersecurity stories, summarized by AI
Featured Cybersecurity Stories
View original source
3.07 min•14 days ago
TA446 Expands DarkSword iOS Attacks in Broad Spear-Phishing Campaign
TA446, a Russia-linked threat group, used the DarkSword iOS exploit kit in a targeted spear-phishing operation to deliver the GHOSTBLADE dataminer and the MAYBEROBOT backdoor via password-protected ZIPs; emails spoofed Atlantic Council discussion invites and redirected iPhone users (March 26, 2026) to the exploit kit through decoy PDFs, with server-side filtering guiding iOS browsers to the kit but no sandbox escapes observed. The campaign broadened targets to government, think tanks, higher education, finance, and legal entities, suggesting opportunistic credential harvesting and intel collection. Apple warns users with Lock Screen alerts and urges updates; a leaked DarkSword version on GitHub could democratize the exploit, potentially expanding mobile threats, per researchers.
More Top Stories
2
Crunchyroll Breach: 100 GB of PII Allegedly Stolen Through Telus Partner
CyberSecurityNews•19 days ago
3
Critical UniFi Flaws Allow Full System Takeover, Patch Now
CyberSecurityNews•21 days ago
More Cybersecurity Stories
Apple Urges Patch: Hackers Target Old iPhones With New Tools
Security researchers say exploit kits DarkSword and Coruna, used by Russian intelligence and Chinese cybercriminals, can take over iPhones running older iOS versions via watering hole attacks; campaigns have targeted Ukrainians, Chinese crypto users, and residents of Saudi Arabia, Turkey, and Malaysia. Apple released iOS 26 and a patch for older devices to block these exploits, underscoring that keeping software up to date is the best defense against such hacks.
Week in Cybersecurity: Chrome 0-Days, Router Botnets, AWS Breach & Rogue AI
This weekly security digest highlights Google Chrome’s two actively exploited 0-days (CVE-2026-3909/3910) patched by Google, plus widespread router botnets like SocksEscort and KadNap leveraging firmware abuse; it also details UNC6426’s AWS breach via an nx npm supply-chain compromise and GitHub‑to‑AWS trust abuse. The roundup covers new threats such as the Roundish Roundcube toolkit, AI-agent collaboration risks, phishing targeting AWS credentials, a AppsFlyer SDK supply-chain incident, and ransomware like GIBCRYPTO, along with notable security news (Meta ending Instagram E2EE) and new defense tools like Dev Machine Guard and Trajan.
KadNap Botnet Converts ASUS Routers into a Global Residential Proxy Network
KadNap, a new botnet, hijacks ASUS routers and other edge devices to form a peer-to-peer proxy network for malicious traffic. By August 2025 it controlled about 14,000 devices, using a custom Kademlia DHT to locate C2s, though two fixed nodes connect early to the C2s, aiding takedowns. Infections start by pulling aic.sh from 212.104.141.140, establish persistence via a cron job every 55 minutes, and install an ELF payload kad. KadNap’s DHT design aims to decentralize control, but the two steady nodes undermine this to some extent. The botnet is linked to the Doppelganger proxy service, which rents infected devices as residential proxies for DDoS, credential stuffing, and brute-force campaigns. Lumen has blocked KadNap traffic on its network and will publish IOC to help others disrupt the botnet.
Critical SQL Server zero-day lets attackers escalate to full admin control
Microsoft disclosed a critical zero-day in SQL Server (CVE-2026-21262) that enables an authenticated attacker to escalate to the sysadmin role via improper access control. The flaw has a CVSS v3.1 base score of 8.8 (Important) and is exploitable over the network with low complexity and no user interaction. While not yet observed in the wild, the disclosure lowers the barrier for exploits. Microsoft has released patches for SQL Server 2016–2025; administrators should urgently apply updates, audit permissions, restrict privileged access, and upgrade unsupported versions to receive future fixes.
Iranian-Hacked Wiper Hit Stryker, Triggering Healthcare Supply Chain Fears
An Iran-linked hacktivist group, Handala, claimed a mass data-wiping attack on medical-tech company Stryker, saying 200,000 devices across 79 countries were wiped and offices shut, reportedly using a remote wipe via Microsoft Intune; Irish reports say about 5,000 staff were sent home and devices wiped, raising concerns about healthcare supply chains, though the American Hospital Association says there are no confirmed direct hospital disruptions yet as investigations continue.
AI Accelerates Cyberattacks Across the Kill Chain, Microsoft Warns
Microsoft's Threat Intelligence report finds threat actors are using generative AI to speed up and scale cyberattacks across the entire lifecycle—drafting phishing emails, creating malware, developing infrastructure, and fabricating realistic identities for remote‑worker schemes—while defenders should strengthen identity, detect credential abuse, and secure AI systems; the trend is echoed by Google and Amazon.
AI-Driven Vibeware Flood Targets Indian Government
Bitdefender flags the Pakistan-aligned Transparent Tribe for adopting AI-assisted tooling to mass-produce disposable, polyglot malware implants across Nim, Zig, Crystal and other languages, using trusted services like Slack, Discord, Supabase and Google Sheets to evade detection. The operation targets India’s government and embassies, with infection chains starting from phishing LNKs or PDF lures that trigger PowerShell and deliver backdoors such as Cobalt Strike and Havoc, followed by a suite of tools—including Warcode, NimShellcodeLoader, CreepDropper, SHEETCREEP, SupaServ, LuminousStealer, CrystalShell, ZigShell, CrystalFile, ZigLoader and others—illustrating an AI-driven shift toward vibeware and industrialized cybercrime.
Accenture to Acquire Ookla's Downdetector and Speedtest for $1.2B
Accenture is buying Ziff Davis's Connectivity division, which runs Downdetector and Speedtest (Ookla), for about $1.2 billion in cash. The move lets Ziff Davis focus on its core brands (IGN, Mashable, Everyday Health) while Accenture adds end-to-end network intelligence capabilities for AI-driven transformation. Downdetector and Speedtest will continue to operate under Ziff Davis during the transition, and the deal may take several months to finalize; Ookla’s growth in part came from 5G rollout and pandemic-era bandwidth demand.
Chrome Gemini Flaw Lets Attackers Hijack Camera and Microphone Through Privileged AI Panel (CVE-2026-0628)
Researchers from Palo Alto Networks" Unit 42 disclosed a high-severity vulnerability (CVE-2026-0628) in Chrome's Gemini AI panel that could be exploited by a malicious extension to inject code with the panel’s elevated privileges, enabling silent camera and microphone access, local file theft, screenshots, and phishing. The flaw arises from how Chrome handles the declarativeNetRequest API for gemini.google.com; when loaded inside the Gemini panel it gains browser-level rights, unlike in a normal tab. Google patched the issue on January 5, 2026, so users should update Chrome immediately; organizations should apply the patch across endpoints to mitigate enterprise risk from trusted-panel attacks.
1Password hikes prices for personal and family plans
1Password is raising the annual cost of its individual and family plans, with the individual rate jumping from about $36 to $48 per year and the family plan from $60 to $72; the new prices apply at the next renewal after March 27. It’s the biggest price increase in years, though the service remains a leading password manager and occasional discounts may still appear.