-
Torrance, United States / California, 2nd March 2026, CyberNewswire
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – Mar. 2, 2026– Read the full story from Ox Security
Cybersecurity Ventures predicted that global damage costs resulting from software supply chain attacks would reach $60 billion USD by 2025, and $138 billion by 2031.
The potential monetary loss isn’t the headline, the reason behind the spike is. Cybercriminals are no longer tampering with isolated packages; they’re moving deeper into build pipelines, registries, model sources, and automation systems, bypassing the traditional gates DevSecOps, AppSec, and security leaders rely on.
Gartner projected that by the end of 2025, nearly 45 percent of companies were expected to have faced at least one software supply-chain incident.
A recent deep-drive article published by Ox Security explains why the past year represents a turning point for software supply-chain risk, and what teams must do now to regain lifecycle-wide control before these upstream weaknesses become downstream incidents.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
The post Software Supply Chain Risk: The Growing Threat Landscape appeared first on Cybercrime Magazine.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security features and execute arbitrary code. APT28 is a well-documented advanced persistent threat group known for sophisticated malware campaigns. Security researchers from Akamai discovered that […]
The post MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tire pressure monitoring systems (TPMS) in popular brands like Toyota, Mercedes, and many others quietly broadcast radio signals that can be turned into a powerful vehicle‑tracking tool. New research shows that these routine safety messages can be harvested at scale, allowing anyone with cheap hardware to map where cars go, when they move, and even […]
The post TPMS Flaw in Toyota, Mercedes, and Other Major Brands Enables Covert Vehicle Tracking appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity local privilege escalation (LPE) vulnerability, identified as CVE-2026-20817, has been publicly documented following the release of a proof-of-concept (PoC) exploit. Discovered in the Windows Error Reporting (WER) service, the flaw allows an authenticated, low-privileged user to execute arbitrary code with SYSTEM-level access. Vulnerability Overview Feature Details CVE ID CVE-2026-20817 Severity Score CVSS 7.8 […]
The post Proof-of-Concept Released for Windows ALPC Privilege Escalation via Error Reporting appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability was recently discovered in the DuckDuckGo browser for Android, exposing users to Universal Cross-Site Scripting (UXSS) attacks. This flaw, found in the browser’s AutoConsent JS bridge, allows malicious code from an untrusted source to run on a trusted webpage. Security researcher Dhiraj Mishra reported the vulnerability via HackerOne. It has since been […]
The post UXSS Vulnerability in DuckDuckGo Browser’s AutoConsent JS Bridge Allows Cross-Origin Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical command injection vulnerability, identified as CVE-2026-27728, has been discovered in OneUptime, a platform for monitoring and managing online services. This flaw allows authenticated users to execute arbitrary operating system commands on the Probe server, posing a significant risk of a full system takeover. Organizations using versions prior to 10.0.7 are urged to patch […]
The post OneUptime Command Injection Vulnerability Poses Major Risk of Full System Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GTFire is a large-scale phishing scheme that abuses multiple Google services to hide malicious infrastructure, evade security tools, and steal credentials from organizations worldwide. GTFire is a credential-harvesting operation that chains Google Firebase Hosting and Google Translate to deliver phishing pages that look like legitimate brand logins. Attackers host fake login portals on Firebase .web. […]
The post GTFire Phishing Campaign Exploits Google Services to Bypass Detection and Harvest Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in Langflow, a popular low-code tool used for building applications with Large Language Models (LLMs). The flaw, tracked as CVE-2026-27966, resides in the software’s CSV Agent node and could allow malicious actors to execute unauthorized code on affected servers. With a maximum severity score of 10.0 out of 10, […]
The post Langflow CSV Agent Flaw Could Let Attackers Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
