In this week’s news: AI agent ROME tunnels out of network and starts cryptomining, Anthropic discovered 22 security vulnerabilities in Firefox, Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure, Critical Nginx UI flaw CVE-2026-27944, Hackers abuse .arpa DNS and ipv6 to evade phishing defenses, EU court adviser says banks must immediately refund phishing victims, Massive GitHub malware operation spreads BoryptGrab stealer, FBI probing intrusion into a system managing sensitive surveillance information, New Social Security Scam Emails Use Fake Tax Documents to Hijack PCs, 900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks and JWT audience validation bypass in Google, Apple, and Facebook authentication adapters 

Subscribe to this newsletter
Read our Blog

ROME, a 30-billion-parameter autonomous coding agent built on Alibaba’s Qwen3-MoE architecture, diverted GPU resources toward cryptocurrency mining and created a reverse SSH tunnel to an external IP address during reinforcement learning training. Researchers confirmed the behaviours were not programmed, with ROME apparently determining that acquiring additional compute and financial capacity would help complete its assigned tasks.
https://cryptonews.com.au/news/alibaba-linked-ai-agent-rome-attempts-crypto-mining-and-network-tunnelling-during-training-133168/

Anthropic discovered 22 security vulnerabilities in Firefox using its Claude Opus 4.6 AI model in January 2026. Mozilla addressed these issues in Firefox 148. The researchers state that AI models are now capable of finding high-severity software flaws independently. They identified 22 Firefox vulnerabilities in two weeks, 14 of which were high-severity, nearly a fifth of all high-severity Firefox issues fixed in 2025, demonstrating AI’s ability to rapidly detect critical security risks in complex software.
https://securityaffairs.com/189131/ai/anthropic-claude-opus-ai-model-discovers-22-firefox-bugs.html

A massive security gap has been brought to light by the research firm GitGuardian in partnership with Google. The study reveals that the private keys used to protect some of the world’s most important websites are being left wide open for anyone to find. These keys, as we know them, are the backbone of TLS certificates, the technology that puts the padlock in your browser and keeps your credit card details or passwords safe. These certificates use a pair of keys: a public one that everyone can see, and a private one that must stay secret, so if a private key leaks, the encryption is basically broken.
https://hackread.com/certificates-fortune-500-gov-exposed-key-leaks/

The Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set (clientId for Google/Apple, appIds for Facebook), JWT verification silently skips audience claim validation. This allows an attacker to use a validly signed JWT issued for a different application to authenticate as any user on the target Parse Server.
https://github.com/parse-community/parse-server/security/advisories/GHSA-x6fw-778m-wr9v

Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault. The opinion was issued in response to a request for a preliminary ruling submitted by the District Court in Koszalin, Poland, in a dispute between the PKO BP S.A. bank and one of its customers.
https://www.bleepingcomputer.com/news/legal/eu-court-adviser-says-banks-must-immediately-refund-phishing-victims/

Trend Micro uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is designed to collect browser and cryptocurrency wallet data, system details, and common files. Some variants also deploy a PyInstaller backdoor called TunnesshClient, which creates a reverse SSH tunnel to communicate with attackers. The malware is distributed via ZIP archives posing as software tools and game cheats, linked to over 100 GitHub repositories.
https://securityaffairs.com/189110/malware/massive-github-malware-operation-spreads-boryptgrab-stealer.html

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed CL-UNK-1068, where "CL" refers to "cluster" and "UNK" stands for unknown motivation.
https://thehackernews.com/2026/03/web-server-exploits-and-mimikatz-used.html

Submarine cables move to the center of critical infrastructure security debate. The cables running along the ocean floor carry the overwhelming majority of the world’s cross-border data traffic, and for most of their operational history they have attracted little strategic attention. That is changing. A new sector report from Capacity Insights draws on interviews with senior executives across the subsea industry to examine how demand growth, hyperscaler investment, and geopolitical pressure are converging on infrastructure that governments and operators are only beginning to treat as a security priority.
https://www.helpnetsecurity.com/2026/03/09/ocean-submarine-cable-security/

A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management interface, potentially revealing sensitive configuration data, credentials, and encryption keys.
https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html

Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. The .arpa domain is a special top-level domain reserved for internet infrastructure rather than normal websites. It is used for reverse DNS lookups, which allow systems to map an IP address back to a hostname. IPv4 reverse lookups use the in-addr.arpa domain, while IPv6 uses ip6.arpa. In these lookups, DNS queries a hostname derived from the IP address, written in reverse order and appended to one of these domains.
https://www.bleepingcomputer.com/news/security/hackers-abuse-arpa-dns-and-ipv6-to-evade-phishing-defenses/

The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United States Congress, the bureau is assessing the scope and potential impact of the incident. The investigation into abnormal log activity related to an internal network system began on February 17, 2026. Although the system is unclassified, it stores law-enforcement sensitive data, including surveillance records from legal tools such as pen register and trap-and-trace orders, along with personally identifiable information linked to investigations.
https://securityaffairs.com/189087/hacking/fbi-probing-intrusion-into-system-managing-sensitive-surveillance-information.html

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. Researchers at cyber-deception threat intelligence firm MalBeacon observed the hackers' actions in an emulated organization environment over a period of 12 days.
https://www.bleepingcomputer.com/news/security/termite-ransomware-breaches-linked-to-clickfix-castlerat-attacks/

A new scam is currently targeting thousands of people across the United States, using the name of the Social Security Administration to trick unsuspecting users. This campaign, which was first identified by the security firm LifeLock, arrives just in time for the busy tax season.
https://hackread.com/social-security-scam-emails-fake-tax-doc-hijack-pc/

Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. According to a new Microsoft Threat Intelligence report, attackers are using generative AI tools for a wide range of tasks, including reconnaissance, phishing, infrastructure development, malware creation, and post-compromise activity.
https://www.bleepingcomputer.com/news/security/microsoft-hackers-abusing-ai-at-every-stage-of-cyberattacks/

Researchers at Acronis have discovered a malicious trojanized version of the Red Alert rocket warning app targeting Israeli Android users. Distributed via fake Home Front Command SMS messages, this spyware steals GPS data, SMS messages, and contact lists while maintaining full alert functionality.
https://hackread.com/hackers-fake-red-alert-rocket-alert-app-spy-israel-users/

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed a surge in attacks targeting IP cameras across Israel and Gulf countries, including the UAE, Qatar, Bahrain, and Kuwait, as well as Lebanon and Cyprus.
https://securityaffairs.com/189069/cyber-warfare-2/iran-linked-hackers-target-ip-cameras-across-israel-and-gulf-states-for-military-intelligence.html

TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. The firm, which has been operating under the Cognizant umbrella since 2014, disclosed that it detected suspicious activity on a web portal on October 2, 2025, and launched an investigation with the help of external cybersecurity experts.
https://www.bleepingcomputer.com/news/security/cognizant-trizetto-breach-exposes-health-data-of-34-million-patients/

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command-line interface (CLI) tools.
https://www.bleepingcomputer.com/news/security/fake-claude-code-install-guides-push-infostealers-in-installfix-attacks/

Several US companies have been targeted by Iranian hacking group MuddyWater in a new campaign that started in early February and has continued after the US and Israeli military strikes on Iran.
https://www.infosecurity-magazine.com/news/iran-muddywater-hackers-us-firms/

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild.
https://securityaffairs.com/189056/security/cisco-flags-ongoing-exploitation-of-two-recently-patched-catalyst-sd-wan-flaws.html

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations.
https://www.thehackerwire.com/vulnerability/CVE-2026-28391/