Latest news as of 3/20/2026, 6:54:26 PM
The Hacker News
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow
Dark Reading
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.
Bleeping Computer
An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. [...]
The Hacker News
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. "The POST /api/v1
Graham Cluley
Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog.
Bleeping Computer
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. [...]
Bleeping Computer
Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. [...]
Dark Reading
Major industry leaders agree to share information and collaborate to boost defenses in the wake of distressing online scams.
The Register
Cams statistically more likely to ID Black people, says new research A UK police force has suspended its deployment of live facial recognition (LFR) technology after a study revealed it was statistically more likely to identify Black people on a watchlist database.…
The Register
Millions of hijacked devices powered traffic floods targeting defense systems and beyond The US government has moved to disrupt a cluster of IoT botnets behind some of the largest DDoS attacks ever recorded, including traffic bursts topping 30 terabits per second.…