San Mateo, CA, March 30, 2026 — Stories, events, and developments that impacted the cybersecurity landscape last week, including emerging threats, policy changes, and industry responses.
Claude extension flaw enabled silent prompt injection
Researchers disclosed a flaw in Anthropic’s Claude Google Chrome extension that could allow a malicious website to silently inject prompts into the assistant by getting a victim to load a page. According to Koi Security, the issue stemmed from an overly broad allowlist that trusted any *.claude.ai subdomain, and from a DOM-based XSS bug in an Arkose Labs CAPTCHA component hosted on a-cdn.claude.ai. Attackers could use the XSS bug to run JavaScript, send a forged prompt to the extension, and make it appear as if the user submitted it. That opened the door to data theft, access to conversation history, and actions such as sending emails on a victim’s behalf. Anthropic and Arkose Labs have since patched the flaws. Read more.
Critical Cisco firewall flaw allows unauthenticated RCE
Cisco is urging customers to patch a critical vulnerability in Secure Firewall Management Center after confirming attempted in-the-wild exploitation in March 2026. Tracked as CVE-2026-20131 and rated 10.0, the flaw stems from insecure deserialization in the web-based management interface and allows an unauthenticated remote attacker to execute arbitrary Java code with full root privileges by sending a crafted serialized object. Public-facing management interfaces are especially dangerous, since the bug requires no user interaction or prior access. Cisco said Secure Firewall ASA and Secure Firewall Threat Defense are not affected, and fixes have already been applied to SaaS-based Security Cloud Control Firewall Management environments. For on-premises deployments, there are no workarounds, and administrators must immediately apply Cisco’s security updates. Read more.
Pay2Key ransomware returns with faster encryption
Security researchers are warning that Pay2Key, the Iranian-linked ransomware group active since 2020, has resurfaced with stronger evasion, execution, and anti-forensics capabilities after an attack on a U.S. healthcare provider. The actors allegedly used TeamViewer for remote access and harvested credentials with Mimikatz, LaZagne, and ExtPassword. They mapped the environment with Advanced IP Scanner and NetScan before moving through Active Directory in ways designed to avoid detection. Halcyon and Beazley Security said the group deployed ransomware via a self-extracting 7zip archive and encrypted the victim’s infrastructure within three hours. Although no data exfiltration was confirmed, researchers said that may reflect deliberate evidence destruction. “The group’s attempted sale of its entire operation in late 2025, combined with observed ties to Russian-speaking threat actors on criminal forums, raises unresolved questions about the current ownership, operational control, and future trajectory of the group’s RaaS platform,” said Halcyon’s report. Read more.
OpenAI launches bounty for real-world AI abuse
OpenAI has launched a public Safety Bug Bounty program aimed at finding AI abuse and safety risks across its products that do not fit the mold of traditional security flaws. Hosted on Bugcrowd, the program complements the company’s existing Security Bug Bounty and focuses on issues with clear real-world harm potential. In scope are agentic risks such as prompt injection and data exfiltration involving Browser, ChatGPT Agent, and similar tools, as well as the exposure of proprietary information and weaknesses in account and platform integrity. OpenAI said reports must show meaningful, reproducible behavior, including agent hijacks that work at least half the time. Generic jailbreaks, rude outputs, and policy bypasses without a clear impact on abuse are excluded. Read more.
Leaked iPhone exploit kit lowers barrier to attack
A new version of the DarkSword iPhone spyware toolkit is now circulating on GitHub, raising fears that criminals will quickly use it against unpatched Apple devices. Researchers say that the files are simple HTML and JavaScript that can be copied, hosted, and used with little technical skill, making the exploit far easier to deploy. “This is bad. They are way too easy to repurpose,” said Matthias Frielingsdorf, co-founder of mobile security startup iVerify. “I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this.” He added that “The exploits will work out of the box. There is no iOS expertise required.” Apple said it issued an emergency update on March 11 for older devices that cannot run newer software and stressed that fully updated devices are not affected. DarkSword can reportedly steal contacts, messages, call history, keychain data, and more, then send it to attacker servers. Read more.
FCC moves to block foreign-made routers
The FCC says it will block the import of new foreign-made consumer routers after determining they pose unacceptable cybersecurity and national security risks to U.S. communications networks. Under the new policy, foreign-produced consumer routers are being added to the Covered List unless they receive conditional approval from the Department of War or DHS. Existing customer-owned routers are unaffected, and retailers can still sell models that were already approved through the FCC’s equipment authorization process. Officials said both criminal and state-backed actors have exploited vulnerable home and small-office routers for espionage, botnet operations, password spraying, and attacks on critical infrastructure. The agency specifically pointed to China-linked groups, including Volt Typhoon, Flax Typhoon, and Salt Typhoon. Previously approved models can remain on sale. Read more.
Google deploys Gemini agents to scan dark web
Google is rolling out Gemini AI agents in public preview within Google Threat Intelligence to monitor dark web forums at scale and cut through the noise that overwhelms traditional monitoring. The company says the agents process 8 to 10 million dark web events per day, build profiles of an organization’s brands, executives, and technology stack, and use contextual matching to identify risks such as data leaks, insider threats, and initial access broker activity. Google says older regex and keyword-based systems can produce false-positive rates of 80% to 90%, while Gemini reached 98% accuracy in internal testing. The platform also ties findings to Google’s broader threat intelligence and uses citations for source transparency as defenders race to counter AI-enabled attackers before breaches take hold. Read more.
Voice-based phishing calls surged in 2025
Voice phishing became one of the most notable shifts in initial access last year, accounting for 11% of incidents Mandiant investigated in 2025 and helping push email phishing further down the list. Mandiant said exploited vulnerabilities remained the top intrusion vector for the sixth straight year, driving 32% of incidents, while email phishing fell to just 6%, down from 14% in 2024 and 22% in 2022. Jurgen Kutscher, vice president at Mandiant, said voice-based social engineering is effective because threat actors have become specialized and persuasive when targeting employees and IT help desks. The report also identified SAP NetWeaver, Oracle E-Business Suite, and Microsoft SharePoint flaws among the most abused entry points, as technology, finance, professional services, and health care took the heaviest hit globally. Read more.
Authorities disrupt botnets behind mass DDoS
Authorities disrupted four major botnets, Aisuru, Kimwolf, JackSkid, and Mossad, that hijacked roughly 3 million internet-connected devices and fueled more than 300,000 DDoS attacks, according to the Justice Department. Officials said the networks were used to rent infected devices for cybercrime, including extortion schemes, account abuse, password reset attacks, ad fraud, and residential proxy services. Kimwolf, an Android offshoot of Aisuru, became the largest DDoS botnet ever detected by abusing residential proxy networks to seize control of more than 2 million Android TV devices. Federal prosecutors said the coordinated action targeted command-and-control domains and servers to stop additional infections and blunt future attacks, though no arrests were announced. Read more.
VoidStealer extracts Chrome keys from memory
The VoidStealer malware shows that Chrome’s Application-Bound Encryption is still not enough to stop modern infostealers. A report from Gen Digital says the malware uses a debugger-based bypass that sets hardware breakpoints, watches for Chrome or Edge to decrypt protected data at startup, then pulls the plaintext v20_master_key directly from memory with ReadProcessMemory. That gives attackers access to cookies and other sensitive browser data without privilege escalation or code injection, making the method quieter than earlier approaches. Researcher Vojtech Krejsa said this is the first infostealer observed in the wild to use this technique. VoidStealer, sold as a malware-as-a-service offering since at least December 2025, appears to have adapted the method from the open-source ElevationKatz project, highlighting how defensive improvements continue to be tested by commodity malware in practice today. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
