sans
Mar 17, 2026 at 02:00
Latest cybersecurity news from CISA, Krebs on Security, and other trusted sources
Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the request. In some cases, common URL prefixes like "/proxy/" are used. This weekend, I noticed a slightly different pattern in our logs:
Introduction
On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page was dynamically constructed using React and used a legitimate e-mail service for credential collection.
[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program]
A new vulnerability (CVE-2026-0866) has been published: Zombie Zip.
Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities.
Last week, two related RFCs were published: 
YARA-X&#;x26;#;39;s 1.14.0 release brings 4 improvements and 2 bugfixes.
[This is a Guest Diary by Joseph Gruen, an ISC intern as part of the SANS.edu BACS program]
And another XWorm[1] wave in the wild! This malware family is not new and heavily spread but delivery techniques always evolve and deserve to be described to show you how threat actors can be imaginative! This time, we are facing another piece of multi-technology malware.
This feed aggregates the latest cybersecurity news from trusted sources to help you stay informed about emerging threats, vulnerabilities, and security trends.