End-of-Day report
Timeframe: Donnerstag 12-03-2026 18:00 - Freitag 13-03-2026 18:00
Handler: Guenes Holler
Co-Handler: n/a
News
Investigating a New Click-Fix Variant
Atos Researchers identified a new variant of the popular ClickFix technique, where attackers convince the user to execute a malicious command on their own device through the Win + R shortcut.
https://thehackernews.com/2026/03/investigating-new-click-fix-variant.html
Rogue AI agents can work together to hack systems and steal secrets
AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.
https://go.theregister.com/feed/www.theregister.com/2026/03/12/rogue_ai_agents_worked_together/
A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page was dynamically constructed using React and used a legitimate e-mail service for credential collection.
https://isc.sans.edu/diary/rss/32794
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163.
https://thehackernews.com/2026/03/hive0163-uses-ai-assisted-slopoly.html
Ivanti EPMM -Sleeper Shells- not so sleepy?
In late January 2026 an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) was published. Shortly after reports (in example by tenable) mentioned publicly available proof-of-concept exploits.
https://blog.nviso.eu/2026/03/13/ivanti-epmm-sleeper-shells-not-so-sleepy/
-Handala Hack- - Unveiling Group-s Modus Operandi
Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with -hack and leak- operations. The threat actor operates several online personas, with the most prominent among them being Homeland Justice, maintained from mid-2022 specifically for multiple attacks.
https://research.checkpoint.com/2026/handala-hack-unveiling-groups-modus-operandi/
6 Malicious Packagist Themes Ship Trojanized jQuery and FUNNULL Redirect Payloads
Six malicious Packagist packages posing as OphimCMS themes contain trojanized jQuery that exfiltrates URLs, injects ads, and loads FUNNULL-linked redirects.
https://socket.dev/blog/6-malicious-packagist-themes-ship-trojanized-jquery?utm_medium=feed
Vulnerabilities
Mehrere Sicherheitslücken in AppArmor ("CrackArmor") - Updates verfügbar
Sicherheitsforscher:innen des Unternehmens Qualys haben insgesamt neun Schwachstellen in AppArmor entdeckt welche von den Expert:innen zusammengefasst als "CrackArmor" bezeichnet werden.
https://www.cert.at/de/aktuelles/2026/3/mehrere-sicherheitslucken-in-apparmor-crackarmor-updates-verfugbar
Veeam warns of critical flaws exposing backup servers to RCE attacks
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.
https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-flaws-exposing-backup-servers-to-rce-attacks/
Chrome-Notfallupdate: Zwei attackierte Codeschmuggel-Lücken gestopft
Google hat in der Nacht zum Freitag ein Notfallupdate für Chrome herausgegeben. Es stopft zwei im Internet angegriffene Sicherheitslecks.
https://heise.de/-11209626
Veeam Backup & Replication: Kritische Schadcode-Sicherheitslücken entdeckt
In Veeam Backup & Replication schließt das Unternehmen mit Updates mehrere kritische Sicherheitslücken. Sie erlauben Codeschmuggel.
https://heise.de/-11209818
LWN Security updates for Friday
https://lwn.net/Articles/1062775/