Here is the most recent Cybersecurity news for the past week:
🌐 New Chrome Flaw Allows Malicious Extensions to Hijack Gemini Live Panel
Security researchers have detailed a now-patched vulnerability in Google Chrome (CVE-2026-0628) that allowed attackers to escalate privileges via the new Gemini Live panel. Dubbed “Glic Jack,” the flaw enabled a malicious extension with basic permissions to bypass security policies, injecting scripts to access a victim’s local files, camera, and microphone without consent.
https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
🚨 Maximum-Severity Cisco SD-WAN Zero-Day Actively Exploited
A critical zero-day vulnerability (CVE-2026-20127) carrying a CVSS score of 10.0 has been discovered in Cisco Catalyst SD-WAN Controller and Manager. Unauthenticated remote attackers have been exploiting this flaw since 2023 to bypass authentication and gain full administrative privileges. The sophisticated threat actor, tracked as UAT-8616, has been leveraging this access to compromise network management planes and establish persistent footholds.
https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html
🛒 ManoMano Data Breach Impacts 38 Million Users
European home improvement and DIY e-commerce giant ManoMano suffered a massive data breach affecting an estimated 38 million individuals. The breach occurred after threat actors compromised a third-party customer support subcontractor, allowing them to access the company’s Zendesk portal. The stolen data, which a hacker group known as “Indra” has claimed responsibility for, includes customer names, email addresses, phone numbers, and support tickets.
https://www.securityweek.com/38-million-allegedly-impacted-by-manomano-data-breach
📱 Google Confirms Exploited Zero-Day in Qualcomm Android Component
Google has issued patches for a high-severity zero-day vulnerability (CVE-2026-21385) in an open-source Qualcomm component used in Android devices. The flaw, described as a buffer over-read in the Graphics component, has indications of limited, targeted exploitation in the wild. The patch is part of Google’s March 2026 Android security bulletin, which addressed over 100 vulnerabilities across the operating system.
https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html
💾 Semiconductor Giant Advantest Discloses Ransomware Attack
Advantest, a major Japanese manufacturer of semiconductor testing equipment, has confirmed it was the victim of a ransomware attack that impacted its internal IT systems. The company immediately isolated affected networks and launched an investigation with external experts. While the full scope is still under review, the attack highlights the ongoing and increasing cyber risks targeting the critical global semiconductor supply chain.
https://blog.openvpn.net/this-week-in-cybersecurity-ransomware-hits-chip-supply-chain
