End-of-Day report
Timeframe: Mittwoch 11-03-2026 18:00 - Donnerstag 12-03-2026 18:00
Handler: Alexander Riepl
Co-Handler: Felician Fuchs
News
New PhantomRaven NPM attack wave steals dev data via 88 packages
New attack waves from the PhantomRaven supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
https://www.bleepingcomputer.com/news/security/new-phantomraven-npm-attack-wave-steals-dev-data-via-88-packages/
US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux.
https://www.bleepingcomputer.com/news/security/us-disrupts-socksescort-proxy-network-powered-by-linux-malware/
Vollzugriff in zwei Stunden: KI-Agent hackt eigenständig KI-Plattform von McKinsey
Forscher haben einen KI-Agenten auf McKinseys Lilli-Plattform angesetzt. Er konnte Millionen von Chatnachrichten und andere Daten auslesen.
https://www.golem.de/news/vollzugriff-in-zwei-stunden-ki-agent-hackt-eigenstaendig-ki-plattform-von-mckinsey-2603-206407.html
When your IoT Device Logs in as Admin, It?s too Late!
Have you ever installed a new device on your home or company router? Even when setup instructions are straightforward, end users often skip the step that matters most: changing default credentials. The excitement of deploying a new device frequently outweighs the discipline of securing it.
https://isc.sans.edu/diary/rss/32788
Researchers Trick Perplexitys Comet AI Browser Into Phishing Scam in Under Four Minutes
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps.
https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.
https://thehackernews.com/2026/03/six-android-malware-families-target-pix.html
Exploitkit-Gefahr: Apple aktualisiert ältere iOS- und iPadOS-Versionen
Apple hat in der Nacht zum Donnerstag wichtige Aktualisierungen für Nutzer von iOS und iPadOS 15 und 16 veröffentlicht. Sie sollten schnell eingespielt werden.
https://www.heise.de/news/Exploitkit-Gefahr-Apple-aktualisiert-aeltere-iOS-und-iPadOS-Versionen-11208159.html
Taming the dragon: reverse engineering firmware with Ghidra
I stumbled into infosec the same year the NSA graced us with Ghidra. It-s by far become the most used tool in my arsenal for reverse engineering and vulnerability research. It-s free, extensible, and supports some of the quirkier architectures we come across. But its learning curve is steep. This blog post is the culmination of my learnings from spending what may be too many hours in front of Ghidra-s glaring and dated UI.
https://www.pentestpartners.com/security-blog/taming-the-dragon-reverse-engineering-firmware-with-ghidra/
Abo-Falle auf der Handyrechnung: So reagieren Sie richtig
Plötzlich ist Ihre Handyrechnung höher als gewohnt? Ein Blick auf die Rechnung zeigt: Der Grund ist ein Abo, das Sie gar nicht bewusst abgeschlossen haben. Solche Kostenfallen kommen immer wieder vor. Wir erklären, was dahinter steckt und was Sie dagegen tun können.
https://www.watchlist-internet.at/news/abo-falle-auf-der-handyrechnung-so-reagieren-sie-richtig/
Internationales Cybercrime-Netz zerschlagen, 700 Opfer in Österreich
Tausende private Router waren gekapert worden. Dadurch wurden anonym Attacken auf IT-Systeme durchgeführt und Darstellungen von Kindesmissbrauch verbreitet
https://www.derstandard.at/story/3000000312309/internationales-cybercrime-netz-zerschlagen-700-opfer-in-214sterreich
Announcing Pwn2Own Berlin for 2026
Willkommen zurück, meine Damen und Herren, zu unserem zweiten Wettbewerb in Berlin! That-s correct (if Google translate didn-t steer me wrong). After our inaugural competition last year, Pwn2Own returns to Berlin and OffensiveCon. Outside of our shipping troubles, we had an amazing time and can-t wait to get back.Last year, we added Artificial Intelligence as a category with great results.
https://www.thezdi.com/blog/2026/3/11/announcing-pwn2own-berlin-for-2026
A Nerds Life: Weeks of Firmware Teardown to Prove We Were Right
This blog post is a follow-up to our previous post describing how we managed to extract the firmware of asmartwatch. It contains many references and detailsintroduced in our previous post, readers are therefore advised to read it first.
http://blog.quarkslab.com/nerd-life-weeks-firmware-teardown-we-were-right.html
InTune Compromise Allows Attackers to Remotely Wipe Medical Supply Company Devices
A hacktivist group with links to Iran-s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker-s largest hub outside of the United States, said the company sent home more than 5,000 workers there today.
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/
Vulnerabilities
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication.
https://www.bleepingcomputer.com/news/security/sqli-flaw-in-elementor-ally-plugin-impacts-250k-plus-wordpress-sites/
Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands
Pillar Research team found a zero-click, unauthenticated RCE in n8n. Anyone who can reach a public multi-step form with an HTML rendering can execute shell commands on the server. We worked with the n8n team to fix it. If you use n8n Cloud, youre already protected. If youre self-hosting, update to 2.10.1 / 2.9.3 / 1.123.22 now.
https://www.pillar.security/blog/zero-click-unauthenticated-rce-in-n8n-a-contact-form-that-executes-shell-commands
Aruba-Switches mit AOS-CX: Angreifer können Admin-Passwort zurücksetzen
HPEs Netzwerkbetriebssystem Aruba Networking AOS-CX ist verwundbar. Die Entwickler haben mehrere Sicherheitslücken geschlossen.
https://www.heise.de/news/Aruba-Switches-mit-AOS-CX-Angreifer-koennen-Admin-Passwort-zuruecksetzen-11208000.html
HP-PCs: Angreifer können sich höhere Rechte über UEFI-Lücken verschaffen
Computer von HP sind über mehrere Schwachstellen im UEFI und Device Manager angreifbar.
https://www.heise.de/news/HP-PCs-Angreifer-koennen-sich-hoehere-Rechte-ueber-UEFI-Luecken-verschaffen-11208417.html
Zoom: Netzwerkangriffe auf kritische Sicherheitslücke möglich
In der Videokonferenzsoftware von Zoom finden sich teils kritische Sicherheitslücken. Angreifer aus dem Netz können Rechte ausweiten.
https://www.heise.de/news/Zoom-Videokonferenzsoftware-ermoeglicht-Angreifern-Rechteausweitung-11208902.html
LWN Security updates for Thursday
https://lwn.net/Articles/1062570/