Cyber Briefing: 2026.03.16
Cybercriminals are exploiting supply chains, SEO poisoning, hijacked SDKs, and malicious apps to steal credentials, deploy crypto-stealing code, and spread ransomware
👉 What are the latest cybersecurity alerts, incidents, and news?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. GlassWorm Supply Chain Targets VSX Devs
Cybersecurity researchers have uncovered a sophisticated evolution of the GlassWorm malware campaign that exploits the Open VSX registry by using legitimate extension dependencies to deliver malicious payloads. By mimicking popular developer tools and using AI-generated commits to appear authentic, the attackers have successfully compromised numerous extensions and over 150 GitHub repositories to steal credentials and cryptocurrency.
2. Hive0163 Uses AI Malware For Ransomware
Experts have identified Slopoly, a suspected AI-generated malware framework utilized by a financially motivated threat actor known as Hive0163 to maintain persistence in compromised networks. While the script lacks true polymorphic capabilities, its structured design highlights how attackers are leveraging large language models to rapidly develop functional malicious tools for data exfiltration and extortion.
3. Google Fixes Two Chrome Zero-Day Flaws
Google has released emergency security updates for Chrome to patch two high-severity vulnerabilities that are currently being exploited by attackers. These flaws, found in the Skia graphics library and the V8 engine, require users to update their browsers immediately to version 146.0.7680.75 or higher.
For more alerts click here!
💥 Cyber Incidents
4.McKinsey Fixes AI System After Hack
McKinsey & Company recently corrected a critical security vulnerability in its internal AI platform, Lilli, after a security firm demonstrated it could access millions of employee messages and internal configurations within two hours. While researchers claimed they gained full access to the firm’s intellectual crown jewels, McKinsey maintains that the actual sensitive files remained secure despite the visibility of their names.
5. Payload Ransomware Claims Hospital Hack
The Royal Bahrain Hospital has reportedly been targeted by the Payload ransomware group, which claims to have exfiltrated 110 GB of sensitive information. The attackers have posted proof of the breach on their leak site and set a payment deadline of March 23 to prevent the public release of the stolen data.
6. Poland Nuclear Research Centre Hit
Poland’s National Centre for Nuclear Research successfully blocked a cyberattack on its IT infrastructure before any damage occurred. While investigators have noted potential links to Iran, they remain cautious of false flags, and the Maria research reactor continues to operate safely at full power.
For more incidents click here!
📢 Cyber News
7. Meta Ends Instagram Encrypted Chat
Meta will remove the option for end-to-end encrypted chats on Instagram starting May 8, 2026, due to low user adoption. The company is directing individuals who prioritize this level of privacy to use WhatsApp for their encrypted communications instead.
8. Android 17 Restricts Accessibility API
Google is introducing a security update for Android Advanced Protection Mode that restricts non-essential applications from accessing the accessibility services API. This change, appearing in the latest Android 17 Beta, builds on the specialized security state first launched with Android 16 to protect users from high-level cyber threats.
9. Interpol Disrupts Global Cybercrime
INTERPOL recently concluded a massive international crackdown known as Operation Synergia III, resulting in the dismantling of 45,000 malicious servers and the arrest of 94 individuals across 72 countries. This coordinated effort targeted a wide range of cyber threats, including ransomware, phishing, and social engineering schemes that victimized people globally.
For more news click here!
📈Cyber Stocks
Cybersecurity stocks on Monday, 16 March 2026 traded with continuing sensitivity to broader technology rotation and competitive AI narratives, even as structural demand for cloud, identity, and zero-trust security solutions remains strong.
Zscaler ended near 153.81 dollars and was higher, as cloud zero-trust security names held relative resilience.
Fortinet closed at 83.48 dollars and was modestly higher, with network and converged security demand helping support the stock.
Check Point Software Technologies closed near ~150-155 dollars and held steady to modestly up, with defensive firewall and threat prevention technologies providing stability.
SentinelOne traded near ~13 dollars and was slightly lower, with AI-driven endpoint security equities sensitive to competitive pressures.
Rapid7 was near ~6-7 dollars and traded modestly lower, with vulnerability management and SIEM names tracking broader mid-cap tech flows.
💡 Cyber Tip
🚨 Beware of Fake VPN Downloads in Search Results
Cybercriminals linked to Storm-2561 are manipulating search engine results to push fake VPN software that secretly steals login credentials. Victims searching for legitimate enterprise VPN clients may unknowingly download trojanized installers that harvest sensitive access information.
What to Do:
Only download VPN or enterprise software directly from the vendor’s official website.
Avoid clicking sponsored or top search results without verifying the domain.
Check the website URL carefully for misspellings or look-alike domains.
Use endpoint security tools that can detect malicious or trojanized installers.
Enable multi-factor authentication (MFA) for VPN and corporate accounts.
🔐Why It Matters:
Stolen VPN credentials can allow attackers to bypass security defenses and gain direct access to corporate networks. Once inside, they may deploy additional malware, steal sensitive data, or launch ransomware attacks.
📚 Cyber Book
Your Digital Privacy Playbook by Gabe Herrera
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium