Latest Interesting Cybersecurity News – 23-03-2026

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

1. Report alleges YC startup Delve generated fabricated audit evidence and enabled “fake compliance”

An investigation published on DeepDelver alleges compliance platform Delve generated fabricated audit evidence and pre-drafted auditor conclusions, then relied on third-party firms to rubber-stamp SOC 2/ISO-style reports—creating the appearance of compliance without meeting key framework requirements. 

The Substack Article is a very thorough piece of content that is worth reading for anyone interested in "compliance on autopilot" platforms and their risks and benefits.

Key Details

• Delve emailed “a few hundred” clients about a leak involving a publicly accessible Google spreadsheet containing audit reports and other confidential information. The information in that leaked Google sheet triggered the investigation.
• DeepDelver accuses the startup of providing customers with “fabricated evidence of board meetings, tests, and processes that never happened,” then forcing those customers to “choose between adopting fake evidence or performing mostly manual work with little real automation or AI.”
• The report alleges Delve breached auditor independence by effectively acting as the auditor and producing “identical reports for all clients.”
• Named audit firms described as involved include Accorp, Glocert, DKPC (Diwakar Kamath Professional Corporation), Accorian, Gradient Certification, Prudence Advisors, and BQC Assessment; 
• 99%+ of clients used Accorp or Gradient for audits over the past 6 months.
• Allegedly affected or referenced companies include Incorta, Wisperflow, Bland, Sully, Slash, Hockeystack, Lovable, Duos Edge AI, Knowtex, Cluely, and Browser Use.

Next Steps

• Delve customers should migrate to another platform as soon as possible. The reputation damage to the platform is irreversible and can damage yours.
• Conduct a brief background check for your vendors auditors to exclude “audit factories”
• Customers of other “compliance on autopilot” platforms need to verify that the security controls documented and automated are actually in place not just on paper.

Read more at DeepDelver (Substack), TechCrunch

2. Google Tightens Open-Source Bug Bounty Rules to Filter Low-Quality AI-Generated Vulnerability Reports

Google is overhauling its Open Source Software Vulnerability Reward Program (OSS VRP) with a formal project tier system and stricter acceptance criteria — directly in response to a surge in low-quality AI-generated vulnerability reports. 

Depending on which tier a project falls into, some bug reports now need an OSS-Fuzz reproduction or even an already-merged patch before Google will triage them at all.

Google is not alone — the cURL project recently ended its bug bounty entirely over AI submission overload, and last week six major AI companies pledged $12.5M through the Linux Foundation to help maintainers build triage tooling.

Key Details

• Google cited AI-generated reports containing hallucinated exploit triggers or bugs with little security impact are overwhelming the maintainers like the Linux Foundation.
• Google’s updated rules require higher-quality proof for some tiers, including OSS-Fuzz reproduction or a merged patch.

Next Steps

• Review your bug bounty acceptance criteria: consider requiring reproduction steps, PoCs, or merged patches before triaging submissions.

Read more at Google BugHunters, CSO Online

3. Google to launch Android “Advanced Flow” to reduce risk when sideloading unverified APKs

Google announced “Advanced Flow,” a new Android mechanism intended to make sideloading APKs from unverified developers safer by adding deliberate friction aimed at disrupting scam-driven installs. The feature is scheduled to roll out in August and is positioned as a transitional safeguard as Google moves toward mandatory developer identity verification that will block installs from unverified publishers on certified Android devices. 

Key Details

• Advanced Flow is a one-time process that requires 4 steps: 1) enabling Developer Mode, 2) confirming the user is not being coached by threat actors, 3) restarting and reauthenticating, and 4)waiting one day before confirming changes are legitimate.
• After completing Advanced Flow, users can enable apps from unverified developers for a week or indefinitely, with Android displaying a warning that the app is from an unverified developer.

Read more at BleepingComputer

4. Fake Zoom meeting invites use interactive “call” simulation to install ScreenConnect on Windows PCs

Sublime Security researchers reported a phishing campaign that sends realistic-looking Zoom invites and then routes victims into a browser-based fake meeting experience (with sound effects) designed to push a malicious “update.” 

On Windows systems, the fake call triggers prompts that redirect users to a spoofed Microsoft Store download, which installs ScreenConnect remote-access software. 

Key Details

• Initial lure is an email styled as a standard Zoom invitation with a “start meeting” button
• The site runs JavaScript to simulate a live, interactive meeting with fake participants and “Network Issue” audio/warnings
• Victims are redirected to a fake Microsoft Store page that delivers a ScreenConnect installer

Next Steps

• Train users to only update software from within the software not from a link / random webpage.

Read more at Hackread

5. Researchers say autonomous AI agent gained read/write access to McKinsey’s Lilli chatbot database via SQL injection

Red-team startup CodeWall says an autonomous AI agent compromised McKinsey’s internal generative AI platform, Lilli, achieving full read and write access to the production database within two hours. 

The reported exposure included large volumes of plaintext chat logs and files, and the ability to modify system prompts, creating a pathway to silently manipulate what the chatbot tells tens of thousands of employees. 

McKinsey said it remediated the issues within hours and found no evidence that client confidential information was accessed by the researchers or other unauthorized parties.

Key Details

• AI platform Lilli is used by 40,000+ employees (500,000+ prompts per month)
• Although the AI platform is internal, the backend API was public and exploitable. 
• Initial access came from publicly exposed API documentation and 22 unauthenticated endpoints.
• The agent identified SQL injection where JSON keys were concatenated into SQL; database error messages reflected the keys and later output live production data.

Next Steps

• Review that all parts of internal tools are really internal: front-end, back-end, documentation.
  
• Establish higher security controls for system prompts: strict access controls, version history, and integrity monitoring. 
  

Read more at Code Wall, The Register

6. Featured Chrome extension “ShotBird” hijacked to deliver remote scripts, steal data, and stage malware after ownership change

Researcher Monx reports that the formerly legitimate, Chrome Web Store “Featured” extension ShotBird was repurposed after an apparent ownership transfer into a remote-controlled malware channel. 

The extension beaconed to attacker infrastructure, fetched and executed callback-delivered JavaScript tasks, injected fake Chrome update prompts, stripped key browser security headers, and captured sensitive form inputs. 

This story is part of a growing trend where Chrome Extensions have been turning malicious after ownership change.

Key Details

• Developer contact email changed from akshayanuonline@gmail.com (archived Dec 9, 2025) to loraprice198865@gmail.com (March 2026), consistent with a transfer before malicious activity

Next Steps

• Consider having a strict allowlist of browser plugins and disallowing everything else.
• Hunt for extension ID gengfhhkjekmlejbhmmopegofnoifnjp
• Block api[.]getextensionanalytics[.]top and ggl[.]lat

Read more at Monx Research, GitHub

7. Trivy GitHub Actions compromised after tag force-push, enabling CI/CD secret theft

Aqua Security reported that attackers used a compromised credential to publish malicious releases affecting Trivy-related GitHub Actions, including aquasecurity/trivy-action and aquasecurity/setup-trivy. The incident included force-pushing most version tags in trivy-action to point trusted tag references to malicious code, allowing an infostealer to run inside GitHub Actions runners and harvest credentials and secrets. 

Key Details

• Aqua stated attackers abused a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases (GitHub Discussion #10425).
• Attackers force-pushed 75 of 76 version tags in aquasecurity/trivy-action to serve a malicious payload (per Socket’s analysis).
• Malicious runner code enumerates and outputs sensitive artifacts including SSH keys, AWS credentials/config, Kubernetes service account tokens, Docker config.json, .npmrc, .netrc, and various .env files.

Next Steps

• Pin actions to commit SHAs, not tags.
• Audit workflows for use of trivy-action/setup-trivy tags.
• Rotate CI/CD secrets used during affected runs.

Read more at BleepingComputer, CSO Online, The Hacker News, Socket, GitHub, The Hacker News, Socket

8. Google links “DarkSword” iOS zero-day exploit chain to multiple spyware vendors and suspected state actors

Google’s Threat Intelligence Group (GTIG) says a full-chain iOS exploit dubbed “DarkSword” has been used in the wild since at least November 2025 to fully compromise iPhones, and has spread across multiple commercial surveillance vendors and suspected state-sponsored actors. 

The exploit chain targets iOS 18.4 through 18.7 (first released in March 2025) and was used in campaigns observed in Saudi Arabia, Turkey, Malaysia, and Ukraine, delivering follow-on malware capable of data theft and device surveillance. 

Key Details

• UNC6748 used a Snapchat-themed lure site (snapshare[.]chat) and an iframe-based staged loader (frame.html → rce_loader.js) to fetch exploits via XMLHttpRequest.
• Post-exploitation payloads identified by GTIG include three malware families: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER; GHOSTKNIFE modules include data exfiltration (accounts, messages, browser data, location history) plus screenshot and microphone audio recording.

Next Steps

• Enforce regular iOS updates staying close to the latest versions released.
• Enable Lockdown Mode for high-risk users

Read more at Google Cloud, BleepingComputer, WIRED, SecurityWeek, CyberScoop

9. VoidStealer v2.0 uses a debugger technique to extract Chrome/Edge ABE master key without injection or elevated privileges

Researchers report that VoidStealer infostealer v2.0 can bypass Google Chrome’s Application-Bound Encryption (ABE) by using Windows debugging APIs to capture Chrome/Edge’s encryption master key from memory, without code injection or privilege escalation. 

This matters because ABE was designed to make browser credential theft significantly harder by binding decryption to a SYSTEM-level service;

Key Details

• ABE ties the `v20_master_key` to the Google Chrome Elevation Service running as SYSTEM on Windows.
• VoidStealer is described as a Malware-as-a-Service (MaaS) infostealer first seen on dark web forums in mid-December 2025.
• The debugger method spawns a hidden browser process via `CreateProcessW` (with `SW_HIDE` and `CREATE_SUSPENDED`) and attaches using `DebugActiveProcess` to capture the master key when present in memory.
• VoidStealer targets both Google Chrome and Microsoft Edge.

Next Steps

• Review controls assuming browser-stored credentials can be stolen. Consider adopting a dedicated password management application.

Read more at BleepingComputer, Cybersecurity News

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.