Cybersecurity News | Daily Recap [12 Mar 2026]

Daily Recap, unauthenticated SQL injection in the Ally Elementor plugin exposed over 200,000–250,000 WordPress sites and remains widely unpatched. The roundup also highlights actively exploited n8n RCE flaws prompting CISA actions and federal patch orders, along with the Stryker wiper incident, the Bell Ambulance breach, ShinyHunters’ Salesforce data exfiltration, and related regional, mobile, supply-chain, and policy developments.
#AllyElementor #AllySQLi #n8n #StrykerWiper #BellAmbulance #ShinyHunters #QatarBackdoor #AlbaniaEmail #BeatBanker #AppleCoruna #MediaTekTEE #DPRKSupplyChain #PhantomRavenNPM #WizAcquisition #RuddConfirmed #MetaCrackdown #WhatsAppKids #AadhaarBounty #IndiaAISafety #CometPhish

Unauthenticated SQL injection in the Ally Elementor plugin (patched in Ally 4.1.0) exposed over 200,000–250,000 WordPress sites and remains widely unpatched — Ally SQLi, Ally Elementor

Critical expression-injection and sandbox-escape bugs in n8n (CVE-2025-68613, plus later CVEs) have been actively exploited, prompted CISA action and federal patch orders, and thousands of instances remain exposed — n8n RCE, n8n Fed Order, n8n Flaws

Iran-linked group Handala claims it stole ~50 TB and wiped > 200,000 devices at MedTech giant Stryker, causing global outages across dozens of countries as investigations and recovery continue — Stryker Wiper, Stryker Confirmed, Stryker Offline

Medusa ransomware claimed a breach at Bell Ambulance affecting ~238,000 people and leaking > 219 GB of data, with remediation and identity protection offered — Bell Ambulance
Threat actors ShinyHunters say they exfiltrated data from ~400 organizations via misconfigured Salesforce Experience Cloud portals and are using leaked records for vishing campaigns — ShinyHunters Leak

China-linked actors (including Camaro Dragon) used conflict-themed lures and DLL-hijack loaders delivering PlugX and Cobalt Strike to target Qatar’s military and energy sectors — Qatar Backdoor
Iran-aligned TA453 weaponized the Operation Epic Fury narrative for credential‑phishing and OneDrive-themed espionage lures, part of broader Middle East cyber escalation — TA453 Epic Fury, Middle East Rise
Hackers claiming Iran ties targeted Albania’s parliament email systems and leaked alleged documents, disrupting access while investigations proceed — Albania Email

Brazilian campaign using fake government and Starlink apps delivers the BeatBanker Android trojan to steal banking credentials, manipulate crypto and mine Monero while persisting via audio loops and activity monitoring — BeatBanker
Apple backported security updates for older iPhones and iPads to fix kernel and WebKit flaws exploited by the Coruna kit after CISA added related CVEs to its Known Exploited Vulnerabilities list — Apple Coruna
Researchers disclosed a boot‑chain flaw in certain MediaTek chipsets using Trustonic TEE that could expose keys and wallet seeds on roughly 25% of Android phones, requiring OEM firmware updates — MediaTek TEE

An infostealer infection provided forensic links tying DPRK‑aligned operators to the Funnull CDN and the Polyfill.io supply‑chain compromise, exposing crypto KYC abuse, stolen blueprints and automated laundering gateways — DPRK Supply‑Chain
New PhantomRaven NPM wave exfiltrates developer data via 88 malicious packages, highlighting ongoing software supply‑chain risks — PhantomRaven NPM

Cloud security firm Wiz officially joined Google Cloud in a $32 billion all‑cash acquisition to build AI‑powered cloud security capabilities — Wiz Acquisition
The Senate confirmed Joshua Rudd to lead the NSA and U.S. Cyber Command, naming new leadership for national cyber defense — Rudd Confirmed
Meta disabled > 150,000 accounts tied to Southeast Asian scam centers (leading to arrests) and rolled out AI protections, while WhatsApp introduced parent‑managed accounts for pre‑teens with parental controls and anti‑scam measures — Meta Crackdown, WhatsApp Kids
India’s UIDAI launched a structured bug bounty for the Aadhaar ecosystem and officials outlined legal and governance measures to protect children from online/AI harms — Aadhaar Bounty, India AI Safety
Security leader Aimee Cardwell discussed combining technical depth with strategic CISO leadership and warns of rising risks like highly personalized AI‑generated phishing — CISO Cardwell

Researchers fooled Perplexity’s Comet AI browser into enabling a phishing scam in under four minutes, underscoring rapid AI‑driven attack prototyping risks — Comet Phish

SHARE THIS STORY