Horabot Resurfaces Mexico, Aura Breach Compromise, Tax Season Threats – Cybersecurity News [March 16, 2026]
Here are some of the biggest head turners from last week’s cybersecurity landscape. While the Horabot banking malware has re-entered Mexico, the Aura data breach exposed a whopping 900,000 customers to potential threats. Meanwhile, cyber incidents are surging because of the ongoing tax season. A new malware, “DarkSword,” is giving nightmares to iPhone users across the globe.
Horabot malware resurfaced in Mexico!
Cybersecurity experts are having a hard time as the Horabot banking malware has resurfaced in Mexico. Currently, it is running an intricate campaign leveraging a multi-stage infection chain. Horabot malware has successfully blended an automated email spreader and a Delphi banking Trojan.
So far, the malware has already targeted 5380 victims. The threat actors are using fake CAPTCHA to carry out the malicious attacks. Horabot malware uses a specific attack sequence that easily evades conventional security software. It relies on social engineering tactics to trick the targets into executing the MISHTA command.
A technique called server-side polymorphism is used by cyberattackers to bypass signature-based detection. The banking malware targets and extracts sensitive details such as operating system information, IP addresses, location of the victims, and so on.
Cybersecurity experts have recommended that organizations to bolster already existing security systems and blend both human-led detection and global threat intelligence setups for foolproof security.
900,000 customers’ data compromised in the recent Aura breach mishap!
Aura, a renowned identity protection company, has recently suffered a cyberattack. The breach has compromised the personal data of a massive 900,000 Aura customers. The compromised data includes names, contact numbers, email IDs, and residential addresses of the customers.
It all started with a vishing attack. The data breach took place because of an acquisition that happened almost 5 years ago. Aura acquired a marketing tool in 2021. ShinyHunters abused the same to break into the network of Aura.
The group of threat actors has claimed to compromise customer data worth 12GB. But Aura has reassured its customers that sensitive data such as financial details, social security numbers, and passwords have not been breached.
The identity protection brand has already informed law enforcement agencies about the data breach incident. They are also in talks with cybersecurity experts to understand the gravity of the cyber mishap and limit the extent of damage. Aura is planning to send personalized notifications to the affected customers.
Rise in threat attacks around tax season!
Tax Day is approaching soon (April 15). As taxpayers get busy with tax filing and the relevant intricacies, threat actors misuse the element of urgency and confusion. This year too, the miscreants are abusing filing reminders, refund notices, payroll forms, etc., to trick the taxpayers into scanning malicious QR codes or downloading harmful attachments.
The Microsoft Threat Intelligence team has discovered malicious email campaigns that use tax forms or W-2-related themes and pose as agents from government tax agencies or related financial institutions. While some campaigns are designed to target individual taxpayers, others are designed to play big and target accountants and senior professionals who are responsible for handling highly sensitive data.
An increasing number of threat actors are using Phishing-as-a-Service platforms to carry out credible and convincing threat attacks.
Enabling MFA and deploying sophisticated anti-phishing solutions can be helpful in preventing such threat attacks around tax season. Using Microsoft Edge and other web browsers that are compatible with Microsoft Defender SmartScreen can actively help in blocking scam sites, phishing sites, etc. Leveraging network protection can also help significantly in preventing users and applications from accessing any malicious domains.
Millions of iPhone users exposed to DarkSword Spyware attack!
Cybersecurity experts urge global iPhone users to update their software, as hackers have been using DarkSword Spyware to break into iPhone ecosystems. In a joint research project by Lookout, iVerify, and Google, the researchers discovered that hackers have been using DarkSword Spyware to hijack iPhones running older iOS versions.
Experts believe that every iPhone user still running an older version of iOS is highly susceptible to DarkSword attacks. Basically, the hackers exploit multiple vulnerabilities in a user’s device to break into it and extract all the sensitive data. This pattern of combined exploits enables the threat actors to target a device from multiple entry points. The threat intelligence group at Google has stated that DarkSword abuses six different vulnerabilities to penetrate into the systems of a susceptible iOS device. The basic agenda is to get high-level permissions in the targeted devices to be able to extract sensitive data.
The DarkSword attack happens through web browsers and is called a “drive-by download.” The victim is required to click on a malicious link. This single click itself gives the hacker access to the device of the victim. Researchers have discovered that Darksword Spyware has been using a gov.ua address to carry out the attacks. Meanwhile, the iPhones of Saudi Arabia have also been targeted via a website that mimics the popular social media app Snapchat.
Experts believe that DarkSword Spyware can be used as an active surveillance and intelligence-collecting tool. It successfully extracts sensitive data like text messages, Wi-Fi passwords, browsing history, call history, calendar data, and so on.
Those iPhones running iOS 18.4 to 18.7 are prone to DarkSword hacks. iVerify believes that as many as 270 million iPhones are operating on these slightly older iOS versions.
An Apple spokesperson has urged users to update their software to iOS 26. In case an iPhone user is unable to update the device, they must enable the “Lockdown mode.”
Apple has also recently released software updates for iOS 15 and iOS 16. This step has been taken to offer protection to old iPhone models against DarkSword Spyware attacks. In case any iPhone user is still using an old device with version 13 or 14, they are required to update the software to iOS 15 immediately.