Cyber Security – Page 20 – Simply Secure Group

Microsoft Releases Out-of-Band Patch For Critical RRAS RCE Vulnerabilities in Windows 11

Microsoft released an out-of-band hotpatch update on March 13, 2026, addressing serious security vulnerabilities in Windows 11 versions 24H2 and 25H2. Tracked as KB5084597 and targeting OS Builds 26200.7982 and 26100.7982, this update patches three actively concerning flaws in the Windows Routing and Remote Access Service (RRAS) management tool, and notably, it does so without […]

FortiGate Firewalls Exploited in Wave of Attacks to Breach Networks and Steal Credentials

A series of intrusions in early 2026 in which threat actors compromised FortiGate Next-Generation Firewalls (NGFW) to establish persistent footholds within enterprise environments. Each case was intercepted during the lateral movement phase before the attackers could fully achieve their objectives. The attack wave uncovered by SentinelOne closely tracks three high-severity Fortinet vulnerabilities disclosed between December […]

Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets

Malicious npm Packages Target Discord Crypto Wallets JFrog security researchers Guy Korolevski and Meitar Palas uncovered a sophisticated supply chain attack on the npm ecosystem on March 12, 2026, in which threat actors disguised an information-stealing malware as a legitimate Roblox script executor. The campaign, self-named Cipher stealer, used two malicious packages bluelite-bot-manager and test-logsmodule-v-zisko, to deliver a […]

GlassWorm Campaign Uses 72 Malicious Open VSX Extensions to Broaden Reach

GlassWorm 72 Malicious Open VSX Extensions In a major escalation of supply chain attacks, the GlassWorm malware campaign has evolved to infect developer environments using transitive dependencies. On March 13, 2026, the Socket Research Team reported identifying at least 72 new malicious Open VSX extensions linked to this campaign. Instead of placing the malicious payload […]

Critical LangSmith Account Takeover Vulnerability Puts Users at Risk

Critical LangSmith Account Takeover Vulnerability Miggo Security researchers have identified a critical vulnerability in LangSmith, tracked as CVE-2026-25750, that exposes users to potential token theft and complete account takeover. As a central hub for debugging and monitoring large language model data, LangSmith processes billions of events daily, making this a high-stakes security flaw for enterprise […]

Loblaw Data Breach Hackers Accessed IT Network and Customer Information

Loblaw Data Breach Canada’s largest food and pharmacy retailer has announced an ongoing investigation into a recent corporate data breach.On March 10, 2026, the company notified its customers that unauthorized threat actors successfully infiltrated a segment of its IT network. The security incident was discovered after Loblaw detected suspicious activity within its infrastructure. According to […]

Authorities Dismantle Malicious Proxy Service Used to Deploy Malware Attacking Thousands of Users

Authorities Dismantle Malicious Proxy Service An international law enforcement operation led by the U.S. Justice Department has successfully dismantled SocksEscort, a massive residential proxy network. The malicious service compromised thousands of home and small business routers worldwide, enabling cybercriminals to mask their identities while executing large-scale financial fraud. The coordinated takedown resulted in the seizure […]

Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code

Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux, with the rollout expected to reach users over the coming days and weeks. […]

Attackers Hijack Microsoft 365 Accounts Through OAuth Device Code Abuse Without Stealing Passwords

Exposing OAuth Device Code Phishing in Microsoft Analysts at ANY.RUN has identified a sharp spike in phishing campaigns exploiting Microsoft’s OAuth Device Authorization Grant flow, with more than 180 malicious URLs detected within a single week. Unlike conventional credential harvesting, this technique routes victims through legitimate Microsoft authentication pages, making it substantially harder for security […]

Critical MediaTek Vulnerability Lets Attackers Steal Android Phone PINs in 45 Seconds

A critical vulnerability in the MediaTek Dimensity 7300 chipset allows a physical attacker to extract device PINs, decrypt on-device storage, and steal cryptocurrency wallet seed phrases in approximately 45 seconds, raising serious alarms for the roughly 25% of Android users whose devices rely on the affected chip. The vulnerability uncovered by Ledger’s Donjon security research […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.