In this week’s news: Cyberattackers Don't Care About Good Causes, Red-teamers unleash AI agent on McKinsey’s chatbot, gain full access in two hours, The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks, ShinyHunters claims it stole up to 1 petabyte of data from Telus Digital, including support recordings, code, and employee records after a breach, INTERPOL dismantled 45,000 malicious IPs , Payload Ransomware claims the hack of Royal Bahrain Hospital, Starbucks data breach impacts 889 employees, GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers and Authorities in the US and Europe disrupted the SocksEscort proxy service and Iran-linked hackers take aim at U.S. and other targets.

Subscribe to this newsletter.
Read our blog

An offensive AI agent, created by red-team security startup CodeWall, autonomously chose McKinsey’s AI chatbot as a target and then hacked it in just two hours, gaining full read and write access to the system. This was just an experiment, but clearly, malicious machine-speed intrusions are possible.
https://cybernews.com/security/ai-agent-cracked-mckinsey-chatbot/
https://nanonets.com/blog/ai-agent-hacks-mckinsey/

Daniel Scragg successfully used Chess.com as a C2 channel with Havoc
https://www.linkedin.com/posts/daniel-scragg_last-night-i-successfully-used-chesscom-ugcPost-7438180600898838528-s6x4/

Nonprofits work to provide free or reduced cost aid, education, and essential resources throughout communities worldwide, but they often struggle to meet their own needs, particularly when it comes to cybersecurity. While they're busy helping others, who's there to help them address increasingly dangerous security gaps?
https://www.darkreading.com/cyber-risk/cyberattackers-dont-care-about-good-causes

Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American defense contractors, power stations and water plants being swept into a wave of digital chaos that could expand if Tehran's allies join the fray.
https://www.pbs.org/newshour/world/iran-linked-hackers-take-aim-at-u-s-and-other-targets-raising-risk-of-cyberattacks-during-war

Microsoft’s ‘unhackable’ Xbox One has been hacked by 'Bliss' — the 2013 console finally fell to voltage glitching, allowing the loading of unsigned code at every level
https://www.tomshardware.com/video-games/console-gaming/microsofts-unhackable-xbox-one-has-been-hacked-by-bliss-the-2013-console-finally-fell-to-voltage-glitching-allowing-the-loading-of-unsigned-code-at-every-level

The Canadian telecoms giant Telus is currently picking up the pieces after a massive security breach at its subsidiary, Telus Digital. The company, which provides customer support and business services to firms worldwide, confirmed on Thursday, 12 March 2026, that an unauthorised group had managed to get into some of its internal systems. Reportedly, hackers had been inside the network for quite some time.
https://hackread.com/shinyhunters-1-petabyte-data-breach-telus-digital/

INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations, and the seizure of 212 devices.
https://securityaffairs.com/189420/cyber-crime/interpol-operation-synergia-iii-leads-to-45000-malicious-ips-dismantled-and-94-arrests-worldwide.html

Law enforcement agencies in the US and Europe have disrupted SocksEscort, a malicious proxy service powered by the AVrecon botnet. Active since 2020, the service hijacked roughly 360,000 devices and allowed cybercriminals to route traffic through compromised systems to support illegal activities.
https://securityaffairs.com/189391/security/us-and-european-authorities-disrupt-socksescort-proxy-service-tied-to-avrecon-botnet.html

IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI.
https://securityaffairs.com/189378/malware/ai-assisted-slopoly-malware-powers-hive0163s-ransomware-campaigns.html

Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. The company says it is working with Samsung to determine whether the problem is related to the Windows updates or Samsung software installed on affected devices.
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-users-cant-access-c-drive-on-some-samsung-pcs/

The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform.
https://www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. Secret scanners are specialized utilities that scour repositories for sensitive information, such as credentials, API keys, private keys, and tokens, that developers accidentally committed in source code.
https://github.com/betterleaks/betterleaks

The Payload Ransomware group claims to have hacked the Royal Bahrain Hospital (RBH) and stolen 110 GB of data. The ransomware gang added the healthcare facility to its Tor data leak site and published the images of allegedly hacked systems as proof of the attack.
https://securityaffairs.com/189467/cyber-crime/payload-ransomware-claims-the-hack-of-royal-bahrain-hospital.html

Starbucks reported a data breach affecting hundreds of employees after phishing attacks targeted its Partner Central employee portal. The security breach was detected on February 6, the incident involved unauthorized access to staff accounts, potentially exposing personal information stored in the system.
https://securityaffairs.com/189438/security/starbucks-data-breach-impacts-889-employees.html

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry.
https://thehackernews.com/2026/03/glassworm-supply-chain-attack-abuses-72.html

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation.
https://thehackernews.com/2026/03/chinese-hackers-target-southeast-asian.html

A major security issue has been found in AppArmor, a tool designed to protect Linux devices worldwide. The cybersecurity firm Qualys recently disclosed nine vulnerabilities affecting AppArmor, the default security enforcement system for popular platforms such as Ubuntu, Debian, and SUSE. According to researchers, these flaws have existed since 2017, starting with version v4.11, and currently put over 12.6 million enterprise systems at risk.
https://hackread.com/crackarmor-vulnerability-apparmor-linux-systems/

Poland’s National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. In a statement this week, the organization announced that its security systems and internal procedures, designed to detect threats early, prevented the compromise and allowed its IT staff to quickly secure targeted systems.
https://www.bleepingcomputer.com/news/security/polands-nuclear-research-centre-targeted-by-cyberattack/