DJBSEC's CyberNews 2026-03-18

Created in March 18, 2026

2026   ·   Daily News   ·   News

Attackers Shift to “Logging In” Instead of Breaking In

Cybersecurity experts are observing a growing trend where attackers are “logging in” using stolen credentials rather than exploiting vulnerabilities to break into systems. This shift is largely driven by the abundance of compromised credentials available from previous data breaches and phishing campaigns. Once authenticated, attackers can move laterally and access sensitive systems while avoiding traditional detection methods. Identity-based attacks are harder to detect because they appear as legitimate user activity. Organizations are urged to strengthen identity security with MFA, conditional access policies, and continuous monitoring.
Read More

AWS Bedrock AgentCore Sandbox Bypass Vulnerability Discovered

Researchers have identified a sandbox bypass vulnerability in AWS Bedrock’s AgentCore service that could allow attackers to escape restricted environments. By exploiting weaknesses in how the sandbox enforces isolation, threat actors may execute unauthorized actions or access sensitive data. The vulnerability raises concerns about the security of AI-driven services operating in cloud environments. AWS has been notified and is working on mitigation measures to address the issue. Organizations leveraging AI services in the cloud should closely monitor updates and apply patches promptly.
Read More

GitGuardian AI Service Exposes Private GitHub Data

A security issue in GitGuardian’s AI-powered service has reportedly led to the exposure of sensitive GitHub data. The flaw could allow unauthorized access to private repositories and confidential code snippets. This incident highlights the risks associated with integrating AI tools into development workflows without proper safeguards. Developers and organizations may unknowingly expose secrets, API keys, or proprietary code. Security teams are encouraged to audit AI integrations and enforce strict access controls around code repositories.
Read More

Microsoft Releases Fix for Windows C: Drive Issue on Samsung PCs

Microsoft has released a fix addressing the issue where some Samsung PC users were unable to access their C: drive on Windows systems. The problem stemmed from compatibility issues between Windows updates and certain Samsung configurations. Affected users experienced errors that prevented them from opening or interacting with the primary system drive. The fix is being rolled out through updates, and users are encouraged to install it as soon as possible. This incident underscores the importance of testing updates across diverse hardware environments.
Read More

Threat actors are increasingly abusing Safe Links protections by using multi-layered URLs to bypass email security defenses. These attacks involve chaining multiple redirects to disguise malicious destinations and evade detection. Even trusted link scanning services can be tricked into validating harmful URLs due to the layered structure. This technique significantly increases the success rate of phishing campaigns. Organizations should enhance email security controls and educate users about the risks of clicking on unexpected links.
Read More

KONNI APT Deploys EnDRAT via Spear-Phishing Campaigns

The KONNI APT group has been observed deploying the EnDRAT malware through targeted spear-phishing campaigns. Victims receive carefully crafted emails designed to trick them into downloading malicious attachments or clicking infected links. Once executed, EnDRAT provides attackers with remote access and data exfiltration capabilities. The campaign is believed to target high-value individuals and organizations. Security experts recommend strong email filtering, user awareness training, and endpoint protection to mitigate these threats.
Read More

Growing Concern Over “Too Big to Ignore” Cyber Risks

Security experts are raising concerns about systemic cyber risks that have become “too big to ignore,” particularly in large organizations and critical infrastructure. These risks stem from complex, interconnected systems that can amplify the impact of cyber incidents. As organizations scale, their attack surface grows, making it more difficult to manage vulnerabilities effectively. Experts warn that failing to address these risks could lead to large-scale disruptions. A proactive, risk-based approach to cybersecurity is essential to manage these challenges.
Read More

Malicious NPM Packages Deliver PyLangGhost RAT

Researchers have identified malicious NPM packages being used to distribute the PyLangGhost remote access trojan. These packages are disguised as legitimate tools to trick developers into installing them. Once executed, the malware establishes persistence and allows attackers to control infected systems remotely. This campaign highlights ongoing risks within the software supply chain. Developers are advised to carefully vet dependencies and use security tools to detect malicious packages.
Read More

Cortex XDR Exploit Chain Enables Decrypt and Attack Execution

A newly discovered exploit chain targeting Cortex XDR could allow attackers to decrypt sensitive data and execute malicious actions. The vulnerability leverages weaknesses in how the platform handles certain processes, enabling attackers to bypass protections. If exploited, threat actors could gain deep visibility into protected environments. The issue underscores the importance of securing even advanced endpoint detection platforms. Organizations should apply patches and monitor for unusual activity within security tools themselves.
Read More

New CondiBot Variant Spreads Monaco Cryptominer

Researchers have identified a new variant of CondiBot that is being used to distribute the Monaco cryptocurrency miner. The botnet spreads through compromised systems and deploys mining software to generate illicit profits. Infected machines may experience degraded performance and increased resource usage. The campaign demonstrates how attackers continue to monetize compromised systems beyond traditional data theft. Organizations should monitor for unusual system activity and implement strong endpoint protection measures.
Read More



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-04-16
  • DJBSEC's CyberNews 2026-04-15
  • DJBSEC's CyberNews 2026-04-14
  • DJBSEC's CyberNews 2026-04-13
  • DJBSEC's CyberNews 2026-04-10