A weekly cybersecurity roundup covering phishing, spyware, e-commerce skimming, and iOS hacking tool leaks from late March 2026.
•A phishing campaign uses fake resumes as VBScript droppers that obfuscate execution, evade sandboxes, loop UAC prompts for admin rights, then exfiltrate credentials and deploy a crypto miner within 25 seconds
•Greece's convicted spyware chief, sentenced to 8 years, implies the government directed phone hacks targeting journalists and senior officials, with no government figures prosecuted
•A WebRTC-based payment skimmer on e-commerce sites bypasses CSP by opening a peer UDP connection to a hard-coded IP, retrieving and injecting JavaScript to steal payment data; Adobe patched the underlying vulnerability but many sites remain unpatched
•Leaked iOS hacking tools DarkSword and Coruna target memory vulnerabilities on older iPhones and iPads, challenging the assumption that iPhone exploits are rare
This summary was automatically generated by AI based on the original article and may not be fully accurate.
The Hacker News