End-of-Day report
Timeframe: Montag 02-03-2026 18:00 - Dienstag 03-03-2026 18:00
Handler: Felician Fuchs
Co-Handler: Michael Schlagenhaufer
News
LLMs can unmask pseudonymous users at scale with surprising accuracy
Pseudonymity has never been perfect for preserving privacy. Soon it may be pointless.
https://arstechnica.com/security/2026/03/llms-can-unmask-pseudonymous-users-at-scale-with-surprising-accuracy/
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims browsers.
https://www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens.
https://thehackernews.com/2026/03/microsoft-warns-oauth-redirect-abuse.html
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks.
https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html
Until last month, attackers couldve stolen info from Perplexity Comet users just by sending a calendar invite
AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexitys Comet browser, until last month you could just schedule the theft by sending your victim a calendar event.
https://www.theregister.com/2026/03/03/perplexity_comet_browser_hole_cal_invite/
Breaking Out of Citrix and other Restricted Desktop Environments
Many organisations are turning to virtualisation of apps and desktops. This often involves virtualisation platforms such as Citrix to deliver these services. Get your configuration or lock-down wrong and you-ll find users -breaking out- of the environment you thought you had secured.
https://www.pentestpartners.com/security-blog/breaking-out-of-citrix-and-other-restricted-desktop-environments/
Fake-Hotelwebsite als Basis für Kombi-Betrugsmasche
Über den gefälschten Online-Auftritt eines Hotels versuchen Kriminelle an die Kontaktdaten und (vermutlich) das Geld ihrer Opfer zu gelangen. Zusätzlich nutzen sie die Domain der Fake-Seite für den Versand von Phishing-Mails.
https://www.watchlist-internet.at/news/fake-hotelwebsite-kombi-betrugsmasche/
Anonymous credentials: an illustrated primer
This post has been on my back burner for well over a year. This has bothered me, because every month that goes by I become more convinced that anonymous authentication the most important topic we could be talking about as cryptographers. This is because I-m very worried that we-re headed into a bit of a privacy dystopia, driven largely by bad legislation and the proliferation of AI.
https://blog.cryptographyengineering.com/2026/03/02/anonymous-credentials-an-illustrated-primer/
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.
https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/
Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe
Silver Dragon is a China nexus cyber espionage group targeting government ministries and public sector organizations across Southeast Asia, with additional victims identified in Europe. The group gains initial access through exploitation of public-facing servers and targeted phishing campaigns aimed at government entities.
https://blog.checkpoint.com/research/silver-dragon-china-nexus-cyber-espionage-group-targeting-governments-in-asia-and-europe/
Hackers Abuse .arpa Top-Level Domain to Host Phishing Scams
Hackers abuse the .arpa Top-Level Domain to host phishing scams, using IPv6 tunnels, reverse DNS tricks, and shadow domains to bypass security checks.
https://hackread.com/hackers-arpa-top-level-domain-phishing-scams/
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit, named -Coruna- by its developers, contained five full iOS exploit chains and a total of 23 exploits.
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit/
Analysis of an Integrated Phishing Campaign Utilizing Google Cloud Infrastructure
In recent weeks, a highly organized phishing campaign has surfaced, characterized by its use of legitimate Google infrastructure to bypass standard security filters. I have identified more than 25 distinct phishing emails targeting a single account, all of which ultimately direct users to a specific URL: hxxps://storage[.]googleapis[.]com/whilewait/comessuccess.html.
https://malwr-analysis.com/2026/03/03/analysis-of-an-integrated-phishing-campaign-utilizing-google-cloud-infrastructure/
Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE)
On today-s -good news disguised as other things- segment, we-re turning our gaze to CVE-2026-21902 - a recently disclosed -Incorrect Permission Assignment for Critical Resource- vulnerability affecting Juniper-s Junos OS Evolved platform. This vulnerability affects only Juniper-s PTX Series of devices, apparently.
https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
Vulnerabilities
Gefährliche Sicherheitslücke: Angriffe auf Android-Nutzer beobachtet
Eine gefährliche Sicherheitslücke in einer Grafikkomponente von Qualcomm wird aktiv ausgenutzt. Android-Nutzer sollten so bald wie möglich updaten.
https://www.golem.de/news/gefaehrliche-sicherheitsluecke-angriffe-auf-android-nutzer-beobachtet-2603-206025.html
HPE AutoPass License Server erlaubt Umgehung der Authentifizierung
HPE warnt vor einer gravierenden Sicherheitslücke im HPE AutoPass Lizenzserver (APLS). Die Authentifizierung lässt sich umgehen.
https://www.heise.de/news/HPE-AutoPass-License-Server-erlaubt-Umgehung-der-Authentifizierung-11196562.html
HCL BigFix: Angreifer können auf Daten im Dateisystem zugreifen
Die Endpoint-Management-Plattform HCL BigFix ist verwundbar. Sicherheitsupdates sind verfügbar.
https://www.heise.de/news/HCL-BigFix-Angreifer-koennen-auf-Daten-im-Dateisystem-zugreifen-11196966.html
LWN Security updates for Tuesday
https://lwn.net/Articles/1061043/