DJBSEC's CyberNews 2026-03-17

Created in March 17, 2026

2026   ·   Daily News   ·   News

Happy Saint Patricks Day!

Handala Hackers Exploit RDP for Targeted Intrusions

The Handala hacking group has been observed leveraging exposed Remote Desktop Protocol (RDP) services to gain unauthorized access to targeted systems. By exploiting weak credentials and poorly secured remote access configurations, the attackers are able to infiltrate networks and establish persistence. Once inside, they conduct reconnaissance, move laterally, and potentially exfiltrate sensitive data. This campaign highlights the ongoing risks associated with improperly secured RDP services in enterprise environments. Security experts recommend enforcing strong authentication, limiting RDP exposure, and using VPNs or Zero Trust access controls.
Read More

Commonwealth Bank Deploys AI to Strengthen Cyber Defense

The Commonwealth Bank is leveraging artificial intelligence to enhance its cybersecurity defenses against increasingly sophisticated threats. By integrating AI-driven detection and response systems, the bank aims to identify anomalies and potential attacks in real time. The approach focuses on automating threat detection while reducing response times and human error. This move reflects a broader trend in financial institutions adopting AI to bolster resilience against cybercrime. Experts note that while AI improves defenses, it also introduces new risks that must be carefully managed.
Read More

Stryker Attack Wipes Thousands of Devices Without Malware

A new cyberattack dubbed “Stryker” has reportedly wiped tens of thousands of devices without deploying traditional malware. Instead of using malicious files, attackers exploited legitimate system tools and functionalities to trigger destructive actions. This “living off the land” technique makes detection significantly more difficult for conventional security solutions. The attack demonstrates how threat actors are evolving to bypass signature-based defenses. Organizations are urged to improve monitoring of system behavior and implement advanced threat detection capabilities.
Read More

KONNI APT Hijacks KakaoTalk Accounts for Espionage

The KONNI advanced persistent threat group has been linked to attacks that hijack KakaoTalk accounts to conduct espionage activities. By compromising user accounts, attackers can impersonate victims and spread malicious links or gather intelligence from conversations. The campaign primarily targets individuals and organizations of strategic interest. Researchers note that the use of legitimate messaging platforms helps attackers blend in and avoid detection. Users are advised to enable strong authentication and remain cautious of suspicious messages, even from known contacts.
Read More

BetterLeaks Tool Automates Data Leak Analysis

A new tool called BetterLeaks has emerged to help researchers and threat actors analyze and organize leaked data more efficiently. The platform streamlines the process of parsing large datasets, making it easier to extract valuable information from breaches. While it can be used for legitimate research, it also lowers the barrier for cybercriminals to exploit leaked data. The tool highlights the growing ecosystem around data breach exploitation. Organizations should prioritize data protection and monitor for exposure in public leak repositories.
Read More

XWorm 7.1 and Remcos RAT Evolve to Evade Detection

Cybercriminals are increasingly using updated versions of XWorm 7.1 and Remcos RAT to evade modern security defenses. These remote access tools incorporate new obfuscation and stealth techniques to bypass antivirus and endpoint detection systems. Attackers use them to gain full control over infected machines, steal data, and deploy additional payloads. The tools are often distributed through phishing campaigns and malicious downloads. Security teams are encouraged to enhance detection strategies and monitor for unusual system behavior.
Read More

AppArmor Vulnerabilities Put Millions of Linux Systems at Risk

Researchers have identified nine critical vulnerabilities in the Linux AppArmor security module that could impact over 12 million enterprise systems. These flaws could allow attackers to bypass security restrictions, escalate privileges, or compromise affected systems. AppArmor is widely used to enforce application-level security policies, making these vulnerabilities particularly concerning. Patches have been released, and organizations are urged to update systems immediately. The findings underscore the importance of maintaining secure configurations and timely patch management in Linux environments.
Read More

Attackers Abuse Microsoft Teams to Deploy A0Backdoor

Threat actors are exploiting Microsoft Teams as a delivery mechanism to distribute the A0Backdoor malware. By sending malicious messages or files through the platform, attackers can trick users into executing harmful payloads. The use of trusted collaboration tools increases the likelihood of successful attacks. Once deployed, the backdoor allows attackers to maintain persistent access and exfiltrate data. Organizations should enforce security controls on collaboration platforms and educate users about potential threats.
Read More

OpenClaw AI Agents Leak Sensitive Data

Researchers have discovered that OpenClaw AI agents can inadvertently leak sensitive data due to design and configuration flaws. These AI systems may expose confidential information through interactions or improper access controls. The issue highlights the growing security risks associated with deploying autonomous AI agents in enterprise environments. As AI adoption increases, ensuring proper safeguards becomes critical to prevent data leakage. Experts recommend implementing strict access controls and monitoring AI behavior closely.
Read More

Automated Installation Features Introduced in Windows 11 and Server 2025

Microsoft has introduced new automated installation capabilities in Windows 11 and Windows Server 2025 to streamline deployment processes. These features are designed to simplify system provisioning and reduce manual configuration efforts. While beneficial for IT operations, automation also introduces potential security risks if not properly configured. Misconfigurations could lead to unintended exposures or vulnerabilities. Administrators are advised to review deployment settings carefully and implement security best practices.
Read More

DrillApp Backdoor Targets Ukraine in Ongoing Cyber Campaign

A new backdoor known as DrillApp has been identified in cyberattacks targeting Ukraine. The malware is designed to provide attackers with persistent access to compromised systems and enable data exfiltration. Researchers believe the campaign is part of ongoing geopolitical cyber operations in the region. The backdoor uses stealth techniques to avoid detection and maintain long-term access. The activity underscores the continued role of cyber warfare in global conflicts.
Read More



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-04-16
  • DJBSEC's CyberNews 2026-04-15
  • DJBSEC's CyberNews 2026-04-14
  • DJBSEC's CyberNews 2026-04-13
  • DJBSEC's CyberNews 2026-04-10