Cyber Security news March 2026

This posting is here to collect cyber security news in March 2026.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

84 Comments

  1. Tomi Engdahl says:

    https://www.tradingview.com/news/cointelegraph:077d8119f094b:0-sweden-probes-reported-leak-of-e-government-platform-source-code/

    Reply
  2. Tomi Engdahl says:

    Another Self-Own
    Iran Is Bombing Data Centers in Retaliation
    Not the data centers!
    https://futurism.com/artificial-intelligence/iran-bombing-data-centers?fbclid=IwdGRjcAQjS-ZjbGNrBCNJzmV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHrin0dAZWlj6bruwx3FWcQH99klI2125G4XYzE9Ayd6p1u5gQwchgxKqgGyu_aem_EJCs3QLAhD7MCGwLYWzfGQ

    Earlier this week, Iranian drones hit three Amazon Web Services (AWS) facilities in the United Arab Emirates and Bahrain, triggering global outages in online services. Experts believe the strikes were the first instance of American big tech companies being targeted in a military operation.

    The strikes caused “structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage,” the tech giant admitted in a March 2 update.

    Iranian Revolutionary Guard-affiliated news claimed that Iran had targeted both Amazon and Microsoft facilities, as the Financial Times reports, though the latter has yet to experience any outages in the region.

    The incidents highlight how data centers have become major targets on the battlefield.

    Reply
  3. Tomi Engdahl says:

    Criminals hijack thousands of devices to create never-before-seen cyber weapon
    Victims of the KadNap botnet are spread throughout the world
    https://www.independent.co.uk/tech/security/cyber-weapon-kadnap-botnet-hijack-malware-b2937703.html?fbclid=IwdGRjcAQjnfFjbGNrBCOdx2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHqZTwkpuDIV1avqUqsu8NJzOsHbznGSfTLZAHQlPvU74atTJoZCh_dz6P4TW_aem_ExFLMquL6xY8iwhhC7ZFIw

    Criminals have secretly hijacked more than 14,000 devices worldwide in order to carry out attacks that are almost impossible to protect against, security researchers have warned.

    The majority of devices infected by the sophisticated new malware, dubbed ‘KadNap’, are Asus routers, which are being used to route malicious traffic to carry out large-scale cyberattacks.

    “Threat actors are building large-scale botnets specifically designed to hijack devices in this growing pool of targets, using them to route traffic and evade detection by network security systems.”

    Reply
  4. Tomi Engdahl says:

    Hirvittävä datamurtoepäily Ruotsissa: Koko valtion lähdekoodi varastettiin, ihmisten tiedot jo myynnissä
    Bytetobreach-ryhmän kerrotaan olevan tämän lisäksi myös Viking Linen tietomurron takana.
    https://www.iltalehti.fi/ulkomaat/a/950c9723-ed2b-4fbb-8752-c0c5e70cdebc

    Suuria määriä arkaluonteista tietoa Ruotsin valtion IT-järjestelmistä on päätynyt pimeään verkkoon, uutisoivat Expressen ja Dagens Nyheter. Lehtien mukaan tietoihin kuuluisi muun muassa lähdekoodia, salasanoja ja salausavaimia.

    Kyberturvallisuustiedon mukaan hakkeriryhmä, joka kutsuu itseään ByteToBreachiksi, onnistui murtautumaan IT-konsulttiyritys CGI Swedenin järjestelmiin ja varasti Ruotsin sähköisen hallinnon alustan lähdekoodin. Ryhmä on julkaissut lähdekoodin ilmaiseksi, mutta myy erikseen tietokantoja, joissa on kansalaisten henkilötietoja ja sähköisiä allekirjoitusasiakirjoja.

    Ryhmän kerrotaan olevan myös Viking Linen tietomurron takana.

    Kyberturvallisuusjärjestö International Cyber Digest kuvaili vuotoa “vakavaksi paljastukseksi” Ruotsin digitaalisten palveluiden turvallisuudelle.

    CGI:n mukaan tietoturvapoikkeama havaittiin kahdella Ruotsissa sijaitsevalla sisäisellä testipalvelimella.

    – Palvelimet eivät ole tuotantokäytössä, vaan niitä käytetään testaukseen, joka liittyy rajatulle asiakasjoukolle toimitettuun palveluun. Poikkeaman yhteydessä myös järjestelmä, joka sisälsi sovelluksen lähdekoodin vanhemman version, on ollut ulkopuolisten saavutettavissa, yritys kertoo tiedotteessaan.

    Reply
  5. Tomi Engdahl says:

    Kyberturvallisuusasiantuntijat varoittavat, että murto voi heikentää luottamusta Ruotsin digitaalisiin turvallisuus- ja tunnistusjärjestelmiin.

    Reply
  6. Tomi Engdahl says:

    https://www.iltalehti.fi/digiuutiset/a/3c0c65ff-5239-489d-92e7-5e0bd8edfed0

    Totolink X5000R -reitittimestä on löytynyt haavoittuvuus, joka mahdollistaa laitteiden kaappaamisen. Laitetta myydään Gigantin verkkokaupassa.

    Reply
  7. Tomi Engdahl says:

    https://www.iltalehti.fi/digiuutiset/a/a93aadb9-b9df-474c-88fe-20dfc439e45d

    Karanteeni-ilmoitus voi säikäyttää – On hyvin tärkeää, että tiedät, mistä on kyse

    Reply
  8. Tomi Engdahl says:

    Switzerland built a secure alternative to BGP. The rest of the world hasn’t noticed yet
    SCION: Proven in banking and healthcare, slow to spread everywhere else
    https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/

    Feature BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.

    For four decades, it has done exactly that. It has also, throughout those four decades, been exploited, misconfigured, and abused in ways that were predictable from the start. Route hijacks reroute traffic through hostile networks. Route leaks knock services offline. Nation-state cyber crews weaponize BGP to intercept communications at scale. These are not theoretical threats. They are documented, recurring events, and they remain possible today for one simple reason: BGP has no native way to verify that a network claiming to own a block of addresses actually does.

    A series of patches and extensions like Resource Public Key Infrastructure (RPKI), BGPsec, and RPKI-based Route Origin Authorization (ROA) have been layered over the original protocol in an attempt to address the worst of these vulnerabilities. They help at the margins. They do not solve the underlying problem.

    There is, however, a system that does, or at least claims to. SCION, which stands for Scalability, Control, and Isolation On Next-Generation Networks, is an internet routing architecture developed at ETH Zürich. Unlike the patches applied to BGP, SCION does not attempt to retrofit security onto a 40-year-old foundation. It replaces the foundation entirely. That redesign is the life’s work of Adrian Perrig, professor of computer science at ETH Zürich and the principal architect of SCION.

    Reply
  9. Tomi Engdahl says:

    Tekoäly tekee kyberuhkista työläämpiä – pian puolet selvitystyöstä liittyy AI:hin
    https://etn.fi/index.php/13-news/18675-tekoaely-tekee-kyberuhkista-tyoelaeaempiae-pian-puolet-selvitystyoestae-liittyy-ai-hin

    Tekoälyn nopea yleistyminen ei näy kyberturvassa pelkästään uusina uhkina, vaan ennen kaikkea kasvavana työmääränä. Analyytikkoyhtiö Gartner ennustaa, että vuoteen 2028 mennessä jopa puolet yritysten tietoturvapoikkeamien selvitystyöstä kohdistuu tekoälysovelluksiin liittyviin tapauksiin.

    Kyse ei ole siitä, että tekoäly aiheuttaisi puolet kaikista kyberuhkista. Gartnerin mukaan muutos näkyy erityisesti siinä, kuinka työläitä AI:hin liittyvät tapaukset ovat. Kun perinteinen tietoturvapoikkeama voidaan usein rajata ja korjata nopeasti, tekoälysovelluksiin liittyvät ongelmat ovat monimutkaisempia ja vaativat enemmän analyysiä.

    - AI kehittyy nopeasti, mutta monia erityisesti räätälöityjä sovelluksia otetaan käyttöön ennen kuin ne on testattu kunnolla. Ne ovat monimutkaisia, dynaamisia ja vaikeita suojata ajan mittaan, toteaa Gartnerin analyytikko Christopher Mixter.

    Tekoälysovellukset tuovat mukanaan uudenlaisia riskejä. Näihin kuuluvat esimerkiksi prompt injection -hyökkäykset, datan väärinkäyttö sekä tilanteet, joissa malli paljastaa arkaluonteista tietoa. Lisäksi AI-järjestelmät kytkeytyvät usein useisiin muihin järjestelmiin, mikä kasvattaa hyökkäyspintaa ja tekee ongelmien juurisyiden selvittämisestä hankalaa.

    Reply
  10. Tomi Engdahl says:

    ALERT – A new flaw in #Ubuntu 24.04+ lets attackers gain full root access from low privileges.

    By timing system cleanup, they replace a snap directory and execute code as root—no user action required.

    Exploit steps and patched versions → https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html

    Reply
  11. Tomi Engdahl says:

    A Magecart skimmer hid its payload in a favicon’s EXIF metadata, never entering the codebase.

    A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser.

    No repo changes. No scan alerts. Payment data was exfiltrated at checkout.

    Loader chain and why static tools missed it → https://thehackernews.com/2026/03/claude-code-security-and-magecart.html

    Reply
  12. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18675-tekoaely-tekee-kyberuhkista-tyoelaeaempiae-pian-puolet-selvitystyoestae-liittyy-ai-hin

    Reply
  13. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18687-tutkimus-paljastaa-kansanedustajien-saehkoepostikaeytaennoeissae-vakavia-puutteita

    Reply
  14. Tomi Engdahl says:

    https://hackaday.com/2026/03/20/google-unveils-new-process-for-installing-unverified-android-apps/

    Reply
  15. Tomi Engdahl says:

    Open Season
    Iran Declares Google and Microsoft to Be Military Targets
    “The Americans should await our countermeasure and our painful response.”
    https://futurism.com/robots-and-machines/iran-google-microsoft-targets?fbclid=IwdGRjcAQrJS9jbGNrBCslJWV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHoQwjlOBjKDnqkcXFqYx-mUB4QYoAbBbhxLCj06c_oM5ZJqp9TnYKVJ0zG37_aem_oalkeZEe5i1AA7iUqhDDiA

    Reply
  16. Tomi Engdahl says:

    https://cybernews.com/security/cisa-urgent-microsoft-intune-security-warning/

    Reply
  17. Tomi Engdahl says:

    https://www.helpnetsecurity.com/2026/03/20/new-infosec-products-of-the-week-march-20-2026/

    Reply
  18. Tomi Engdahl says:

    Big tech companies step in to support the open source security ecosystem
    Backed by new funding commitments from major technology players, open source security efforts are moving beyond threat identification toward practical solutions for defenders.
    https://www.helpnetsecurity.com/2026/03/18/linux-foundation-open-source-security-12-5-million-funding/

    Reply
  19. Tomi Engdahl says:

    AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
    https://thehackernews.com/2026/03/ai-flaws-in-amazon-bedrock-langsmith.html

    Reply
  20. Tomi Engdahl says:

    https://arstechnica.com/security/2026/03/researchers-disclose-vulnerabilities-in-ip-kvms-from-4-manufacturers/

    Reply
  21. Tomi Engdahl says:

    Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway
    One Microsoft product was approved despite years of concerns about its security.
    https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/?utm_source=facebook&utm_medium=social&utm_campaign=dhfacebook&utm_content=null&fbclid=IwdGRjcAQpDrZjbGNrBCkOs2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHtE67CArJGBga79EyB5_XQpyz2f6hZbhIXHEd0OYedTrLaqO_nD6lOdPf_OD_aem_hMU4lQKuM98DkX5J94y-Hw

    Reply
  22. Tomi Engdahl says:

    Yes, Honey
    If You’re a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
    Coming to bed dear?
    https://futurism.com/future-society/tech-workers-honey-trap

    Forget malware. The latest and greatest threat to national cybersecurity comes with a smile and an apparent romantic preference for schlubby tech workers.

    At least, that’s according to The Times: the British newspaper reported this week that China and Russia are deploying their finest babes to seduce tech industry professionals throughout the western world to gain valuable secrets, a practice it calls “sex warfare.”

    The Times cites a slew of “industry insiders” who warned about sophisticated plots involving young women charming Silicon Valley workers into giving up previous insider info — in some cases, allegedly even going as far as to build loving families with their victims.

    “It’s the Wild West out there,” one insider declared.

    Though it’s possible that some foreign operatives are playing these incredible long cons, consider us skeptical. Technically referred to as a “honey trap,” the accusation has its roots in Cold War-era propaganda, where rumors of KGB vixens trained in the arts of seduction spread far and wide, fueled by literature like James Bond and no small number of sensational CIA memoirs.

    In The Times‘ reporting, it’s not always clear whether sources’ accusations are grounded in fact or are more of a hunch.

    Reply
  23. Tomi Engdahl says:

    OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert
    https://venturebeat.com/security/openclaw-can-bypass-your-edr-dlp-and-iam-without-triggering-a-single-alert

    An attacker embeds a single instruction inside a forwarded email. An OpenClaw agent summarizes that email as part of a normal task. The hidden instruction tells the agent to forward credentials to an external endpoint. The agent complies — through a sanctioned API call, using its own OAuth tokens.

    The firewall logs HTTP 200. EDR records a normal process. No signature fires. Nothing went wrong by any definition your security stack understands.
    That is the problem. Six independent security teams shipped six OpenClaw defense tools in 14 days. Three attack surfaces survived every one of them.

    Reply
  24. Tomi Engdahl says:

    Hirvittävä datamurtoepäily Ruotsissa: Koko valtion lähdekoodi varastettiin, ihmisten tiedot jo myynnissä
    Bytetobreach-ryhmän kerrotaan olevan tämän lisäksi myös Viking Linen tietomurron takana
    https://www.iltalehti.fi/ulkomaat/a/950c9723-ed2b-4fbb-8752-c0c5e70cdebc

    Reply
  25. Tomi Engdahl says:

    Tietoturvakartoitus paljastaa suomalaisyritysten kompastuskivet
    Yleisimmät tietoturvapoikkeamat johtuvat identiteettien luvattomasta käytöstä, mutta ennaltaehkäisevissä tietoturvakartoituksissa puutteita ilmenee usein tiedon hallinnan osa-alueella. Kartoituksia tekevä asiantuntija tuntee suomalaisyritysten ongelmakohdat.
    https://www.dna.fi/yrityksille/blogi/-/blogs/tietoturvakartoitus-paljastaa-suomalaisyritysten-kompastuskivet

    Reply
  26. Tomi Engdahl says:

    Self Own
    Skeptic Builds “Havana Syndrome”-Style Device, Tests It on Himself, Suffers Grim Consequences
    One-shotted by the brain scrambler.
    https://futurism.com/science-energy/weapon-havana-syndrome-scientist

    Reply
  27. Tomi Engdahl says:

    Cyberattack leaves Maine drivers with breathalyzer test systems unable to start vehicles
    https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

    Reply
  28. Tomi Engdahl says:

    https://wgme.com/news/local/cyberattack-leaves-maine-drivers-with-breathalyzer-test-systems-unable-to-start-vehicles-oui-intoxalock?fbclid=IwdGRjcAQtDJBleHRuA2FlbQIxMQBzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR5_zkr6TnIprju6CyIb4Hw1SsxI_6YXySZyeTcHQK_vcKtgPpSVj_fLDrQz2A_aem_5fV8ugQ4QHlAQuS3KBnM2w

    Reply
  29. Tomi Engdahl says:

    https://www.tomshardware.com/software/operating-systems/grapheneos-refuses-to-comply-with-age-verification-laws?fbclid=IwVERDUAQtPJFleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR7E3UN9oGi46_KC4HFPdgxeU7WU5zcTGUvXzcw9O3KyZOWr_tpK3zYKrmnpow_aem_aoNX6mc5VPTbaoz3uRtmvw

    Reply
  30. Tomi Engdahl says:

    THE FBI JUST ISSUED A WARNING ABOUT A HIDDEN THREAT IN YOUR HOME WI-FI NETWORK
    https://www.slashgear.com/2129073/fbi-warning-home-wifi-network-hidden-threat/

    Reply
  31. Tomi Engdahl says:

    There are a few strategies the FBI recommends to keep residential proxies at bay. For one, use common sense and act safely on your home Wi-Fi network. Avoid suspicious websites, don’t engage with pop-up advertisements, be cautious of apps from non-official sources, and don’t download free VPNs that lack concrete evidence of their safety. Through these channels, criminals can effectively access a backdoor to your network, steal your IP address, and begin engaging in illegal activities with your information acting as a decoy.

    Read More: https://www.slashgear.com/2129073/fbi-warning-home-wifi-network-hidden-threat/

    Reply
  32. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18697-telegramia-on-vaikea-siivota-kyberrikollisista

    Reply
  33. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18696-tekoaely-tarkistaa-nyt-linux-ytimen-koodia

    Reply
  34. Tomi Engdahl says:

    https://www.securityweek.com/navia-data-breach-impacts-2-7-million/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*