👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. Critical SQLi Bug Hits Ally Plugin Sites

A critical security vulnerability identified as CVE-2026-2413 has been discovered in the Ally WordPress plugin, potentially exposing over 400,000 websites to data theft. This unauthenticated SQL injection flaw allows attackers to bypass security measures and extract sensitive information, such as password hashes, directly from a site’s database.

2. Hive0163 Uses AI Malware For Ransomware

Experts have identified Slopoly, a suspected AI-generated malware framework utilized by a financially motivated threat actor known as Hive0163 to maintain persistence in compromised networks. While the script lacks true polymorphic capabilities, its structured design highlights how attackers are leveraging large language models to rapidly develop functional malicious tools for data exfiltration and extortion.

3. Google Fixes Two Chrome Zero-Day Flaws

Google has released emergency security updates for Chrome to patch two high-severity vulnerabilities that are currently being exploited by attackers. These flaws, found in the Skia graphics library and the V8 engine, require users to update their browsers immediately to version 146.0.7680.75 or higher.

For more alerts click here!

Subscribe Now

💥 Cyber Incidents

4. Starbucks Reports Employee Data Breach

Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.

5. Stryker Hit By Iran-Linked Wiper Attack

Stryker, a major medical technology firm, has experienced a massive global system failure following a wiper malware attack. The disruption was claimed by Handala, a hacktivist group with reported Iranian ties, which asserts it destroyed thousands of systems after exfiltrating 50 terabytes of data.

6. Viking Line Hit By Cyberattack Crisis

Viking Line Senior Vice President Johanna Boijer-Svahnström confirmed that the company fell victim to a widespread DDoS attack targeting major European shipping firms on Thursday. The assault caused significant website outages, and the company’s IT department is currently working to restore services.

For more incidents click here!

Claim Your Workspace

📢 Cyber News

7. Socksescort Botnet Disrupted By Authorities

An international legal operation has successfully shut down SocksEscort, a criminal proxy service that hijacked hundreds of thousands of residential routers to facilitate global fraud. By infecting devices with malware, the service sold access to compromised IP addresses, allowing cybercriminals to hide their identities and steal millions of dollars from victims.

8. Google Paid $17.1M For Bugs In 2025.

Google distributed a record-breaking $17 million to 747 security researchers through its Vulnerability Reward Program in 2025. This significant investment highlights the company’s commitment to collaborating with the global research community to identify and resolve software flaws across its diverse platforms.

9. Teen Group Busted For DDoS Tool Sales

Police recently apprehended six minors across Poland for orchestrating large-scale cyberattacks against various commercial and service-oriented websites to generate illicit profit. These individuals collaborated to manage and deploy infrastructure for DDoS attacks, leading authorities to refer their cases to family courts for legal resolution.

For more news click here!

Get Help

📈Cyber Stocks

Cybersecurity stocks on Friday, 13 March 2026 trended lower with broad technology selling pressure, driven in part by market reactions to new AI-driven security tooling that spooked parts of the sector.

• CrowdStrike Holdings finished around 411.54 dollars and moved lower, reflecting profit-taking in cloud-native endpoint and identity protection stocks.

• Okta closed at 84.91 dollars and declined, with identity and access management names tracking broader sector weakness.

• Zscaler ended near 153.81 dollars and was modestly lower, as zero-trust cloud security equities followed broader tech pressure.

• Fortinet closed at 84.26 dollars and edged down, with network security demand steady but share performance tied to broader risk-off flows.

• Check Point Software Technologies finished around 164.47 dollars and declined, with defensive firewall and threat prevention stocks lagging in the session.

💡 Cyber Tip

🚨 Critical SQLi Bug in WordPress Plugin

A serious vulnerability (CVE-2026-2413) in the Ally WordPress plugin could allow attackers to steal sensitive data from more than 400,000 websites. The flaw lets attackers inject malicious database queries without logging in, potentially exposing information such as password hashes and other stored data. The issue has been fixed in version 4.1.0.

🛠️ What You Should Do

• Update the Ally (One Click Accessibility) plugin to version 4.1.0 or later immediately

• Monitor your website logs for unusual database activity

• Enable strong passwords and multi-factor authentication for admin accounts

⚠️ Why This Matters
SQL injection vulnerabilities allow attackers to interact directly with a website’s database. If exploited, they can expose sensitive information, compromise accounts, or give attackers deeper access to the system. Prompt updates help close the attack path before it can be abused.

Visit BookClub

📚 Cyber Book

Unsearchable by William Crawford

Get Book

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium