WhatsApp introduces parent-managed accounts for pre-teens
WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. These accounts are restricted to messaging and calling and do not include access to Meta AI, Channels, Status, or location sharing. The child’s messages remain end-to-end encrypted and cannot be […]
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. The security issue, tracked as CVE-2026-2413, received a high severity score. It was discovered by Drew Webber (mcdruid), an offensive security engineer at Acquia, a software-as-a-service company […]
CISA orders feds to patch n8n RCE flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. n8n is an open-source workflow automation platform widely used in AI development for automating data ingestion, with over 50,000 weekly downloads on the npm registry and over 100 million pulls on Docker […]
Medtech giant Stryker offline after Iran-linked wiper malware attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. The medtech giant manufactures a range of products, including surgical and neurotechnology equipment. With over 53,000 employees, Stryker is a Fortune 500 company that reported global sales of $22.6 billion in 2024. Handala says they […]
New PhantomRaven NPM attack wave steals dev data via 88 packages
New attack waves from the âPhantomRavenâ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign was initially uncovered in October 2025 by researchers at cybersecurity company Koi, who said that it had been running since August and published 126 malicious packages on the npm platform. Application […]
Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
Meta is introducing new anti-scam protections across its platforms, deploying systems and user-facing warnings to protect users against scammers. The new features are designed to help catch fraud attempts before WhatsApp, Facebook, and Messenger engage with them. WhatsApp now alerts users when behavioral signals suggest a device-linking request may be fraudulent, a tactic scammers have […]
New âBlackSantaâ EDR killer spotted targeting HR departments
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. Described as “sophisticated,” the campaign mixes social engineering with advanced evasion techniques to steal sensitive information from compromised systems. It is unclear how the attack begins, but researchers at Aryaka, a network […]
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. The malware combines banking trojan functions with Monero mining, and can steal credentials, as well as tamper with cryptocurrency transactions. Kaspersky researchers discovered BeatBanker in campaigns […]
New ‘Zombie ZIP’ technique lets malware slip past security tools
A new technique dubbed âZombie ZIPâ helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. Trying to extract the files with standard utilities like WinRAR or 7-Zip results in errors or corrupted data. The technique works by manipulating ZIP headers to trick parsing engines into […]
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
Today is Microsoft’s March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three “Critical” vulnerabilities, 2 of which are remote code execution flaws and the other is an information disclosure flaw. The number of bugs in each vulnerability category is listed below: When BleepingComputer reports […]