HomeWeekly DigestsThis Week
LiveThreat Threat Intelligence

Weekly Threat Intelligence Digest — Mar 16 to Mar 23, 2026

Weekly threat intelligence digest from 463 items (43 critical, 239 high).

📅 March 23, 2026 📊 463 articles analyzed
LIVETHREAT WEEKLY THREAT DIGEST March 16 – March 23, 2026 This week the threat landscape pivoted sharply toward compromised trust. Zero‑day exploits such as the Cisco FMC CVE‑2026‑20131 were weaponised weeks before disclosure, and ransomware gangs leveraged those flaws to breach downstream vendors. Supply‑chain attacks surged, with stolen Microsoft Intune credentials wiping tens of thousands of devices at Stryker and a mis‑configured Ledger wallet exposing $4.8 M in crypto. The common denominator is privileged access in third‑party environments, not the vulnerability itself. 👉 Access—especially privileged admin accounts—is the primary risk vector for today’s vendor ecosystem. 🚨 EXECUTIVE RISK SNAPSHOT * Supply‑chain entry point → MSPs, SaaS admin consoles, and CI/CD pipelines were the most frequent compromise routes. * Privilege determines impact → A single hijacked Intune admin account led to 80 000 devices erased and 50 TB of data exfiltrated across multiple regions. * Blind‑spot assets → OT/IoT devices and KVM consoles remain largely un‑inventoried, creating hidden pathways for attackers. 🔍 WHAT CHANGED THIS WEEK * Attackers are pre‑emptively exploiting zero‑days before public advisories, shortening detection windows. * Ransomware groups are targeting vendor firewalls and endpoint security products to gain lateral reach into multiple customer networks. * Phishing remains a top vector, now combined with credential‑theft to infiltrate cloud admin accounts and API providers. * Third‑party dependency attacks (e.g., compromised GitHub Actions, npm packages) are accelerating the spread of supply‑chain malware. 🎯 WHERE YOU ARE MOST LIKELY EXPOSED * Cisco Secure Firewall Management Center and other network security appliances managed by third‑party MSPs. * Cloud hosting platforms and SaaS admin consoles (AWS, Azure, Google Cloud) where privileged API keys are shared. * Microsoft Intune or Azure AD environments with delegated admin rights to vendors. * CI/CD pipelines and API providers (GitHub Actions, npm) that integrate third‑party code scanners. * OT and IoT control systems (IP KVM, EV charging stations, SCADA/RTU) lacking continuous patch cadence. ⚡ WHAT TPRM LEADERS SHOULD DO THIS WEEK 1. **Audit privileged admin access** – Review all vendor‑held admin accounts for cloud, endpoint, and identity platforms. 👉 Ask: “Which of your staff hold root or global administrator rights on our critical services?” 2. **Validate zero‑day exposure** – Cross‑reference vendor product inventories against the latest KEV and CVE feeds (e.g., Cisco FMC CVE‑2026‑20131, MediaTek chip flaw). 👉 Ask: “Do you have active mitigations or patches for any known zero‑day exploits?” 3. **Map third‑party dependencies** – Document every downstream service (e.g., GitHub Act #Cybersecurity #TPRM #VendorRisk #SupplyChainSecurity #ThreatIntel #LiveThreat #VerisqAI

📋 Articles Referenced in This Digest 463 items

📋 Advisory (170)

HighRussian Intelligence Services Target Commercial Messaging Application Accounts
HighTexas Gov. Orders State Review of Chinese-Made Medtech
HighCISA Adds Five Known Exploited Vulnerabilities to Catalog
HighIdentity is the Battleground
HighApple urges iPhone users to update as Coruna and DarkSword exploit kits emerge
HighApple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
HighMicrosoft: March Windows updates break Teams, OneDrive sign-ins
HighAI Conundrum: Why MCP Security Can't Be Patched Away
HighPentagon Warns Anthropic Could 'Subvert' Defense AI Systems
High4chan shrugs off UK regulator, refuses to pay £520,000 in fines over online safety violations
HighCISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
HighAI got it wrong with high confidence. Now what?
HighDHS nominee Mullin pressed on restoring CISA staffing
HighGemini's Personal Intelligence shocked me with everything it knows - here's how to turn it on (or off)
HighMenlo Security delivers unified governance and threat prevention for AI agents and humans
HighMoscow seeks to limit internet to state-approved websites amid ongoing outages
High Google cracks down on Android apps abusing accessibility
HighTop 5 Things CISOs Need to Do Today to Secure AI Agents
HighAI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
HighInside Nevada's Push for Secure Digital Government
HighUS Lawmakers Call for CISA Polygraph Probe
HighLuxembourg court overturns $858 million privacy fine against Amazon
HighMicrosoft pulls Samsung app blocking Windows C: drive from Store
HighMicrosoft Exchange Online outage blocks access to mailboxes
Medium Could your face change what you pay? NYC wants limits on biometric tracking
MediumWhy Image Format Conversion Is Becoming a Practical Issue in Web Security and Performance
MediumGoogle slows Android sideloading to trip up scammers
MediumSecure agentic AI end-to-end
MediumGoogle Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Medium7 Ways to Prevent Privilege Escalation via Password Resets
MediumTrump's National Cyber Strategy Leaves Industry Role Unclear
MediumCISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
MediumThis free privacy tool makes it super easy to see which sites are selling your data
MediumFitbit lets you upload medical records and ask its AI for advice now - but is that safe?
MediumMicrosoft stops force-installing the Microsoft 365 Copilot app
MediumSailPoint improves visibility and control over unauthorized AI use
MediumAdvanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services
MediumFree parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline
MediumMicrosoft: Enabling Teams Meeting add-in breaks Outlook Classic
MediumMicrosoft shares fix for Windows C: drive access issues on Samsung PCs
MediumNvidia wants to own your AI data center from end to end
MediumNY Sets 'First-of-Nation' Cyber Mandates for Water Sector
MediumAdobe to Pay $150 Million Over Hidden Fees and Hard-to-Cancel Subscriptions
MediumMeta ditches end-to-end encrypted messaging on Instagram
MediumWhat smart factories keep getting wrong about cybersecurity
MediumAndroid 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
LowHow Apple and other tech brands are selling you on color in 2026 - and it's working
LowGoogle adds ‘Advanced Flow’ for safe APK sideloading on Android
Low10 cheap and easy gadgets that seriously upgraded my smart home (and some are on sale)
LowThese 7 handy ChatGPT settings are off by default - here's what you're missing
LowThe Trump administration is targeting state AI legislation - again. Why that matters
LowMicrosoft announces sweeping Windows changes - but no apologies
Informational6 Best Open Source Password Managers for Windows in 2026
LowAll aboard: the NIST Cybersecurity for IoT Program is headed to our next stop! Share your input on where we’re headed during our Future Directions Two-Day Workshop on March 31st.
InformationalPost-Quantum Web Could be Safer, Faster
InformationalNative Launches With Security Control Plane for Multicloud
InformationalThe best WordPress hosting services of 2026: Expert tested and reviewed
InformationalYou're being tracked online - 9 easy ways to stop the surveillance
InformationalChainguard is racing to fix trust in AI-built software - here's how
LowShould you upgrade to M5 MacBook Pro from the M1? Short answer: It's probably time
LowFor Amazon's Fire Phone to succeed, it'll need to fix its app store problem first
Low6 useful Bluetooth gadgets that feel like life hacks (and won't break the bank)
LowOpenAI's rumored 'superapp' could finally solve one of my biggest issues with ChatGPT
InformationalFrom flat networks to locked up domains with tiering models
InformationalBonfy ACS 2.0 helps organizations control data use in AI environments
InformationalConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption
InformationalSemgrep Multimodal brings AI reasoning and rule-based analysis to code security
InformationalRapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis
InformationalRep. LaHood on why Section 702 reauthorization will take a ‘little political muscle’
LowThis viral wireless dongle lets you share your audio on a flight - how it works
LowMy personal data has been leaked several times - this service helped clean it all up
InformationalEndeavorOS Titan is one of the most unique Arch-based Linux distros I've tried - here's why
InformationalLlamafile, Mozilla’s portable LLM runner, gets GPU support and a rebuilt core
InformationalNew infosec products of the week: March 20, 2026
InformationalNew tools and guidance: Announcing Zero Trust for AI
InformationalCISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026
InformationalHow to secure your online meetings
LowThe best web hosting services of 2026: Expert tested and reviewed
InformationalThe best VPS hosting services for 2026: Expert tested and reviewed
LowI tested an M.2 PCIe enclosure for data storage, and it promptly improved my workflow
LowThis infrared gadget claims to improve your mood with lights - I got to the bottom of it
LowI wore the Whoop 5.0 for a month - it combines the best of the Oura Ring and Apple Watch
LowBose just gave me a compelling reason to put my AirPods Pro away for good
LowIncogni review: The easiest way to remove myself from the internet took just seconds
LowThe best data removal services of 2026: Delete yourself from the internet
InformationalI tested NordVPN's free scam checker against a real threat in my inbox - here's how it did
InformationalKomodor unveils Klaudia AI extensibility framework to power multi-agent incident resolution
InformationalEntro Security AGA brings governance and control to enterprise AI agents and access
InformationalDiscern deploys six AI agents to streamline security analysis, prioritization, and remediation
InformationalCobalt adds continuous pentesting AI capabilities to scale offensive security and real-world risk
InformationalNagomi Security expands into agent-driven exposure elimination with Agentic Exposure Ops
InformationalVersa Secure Enterprise Browser delivers browser-native security for enterprise apps
InformationalFlare Foretrace helps employees detect and fix identity risks to strengthen enterprise security
InformationalIntezer AI SOC removes MDR limits with autonomous triage and optimization
InformationalWhite House pours cold water on cyber ‘letters of marque’ speculation
InformationalUS intel chiefs urge lawmakers to extend Section 702 surveillance power without changes
InformationalHow Cloud-Managed DLP Lowers the Barrier to Entry
InformationalClear Communication: The Missing Link in Cybersecurity Success
LowWhy you shouldn't skip your TV's firmware updates - and how to do it on older models
LowMitsubishi Deal Gives Nozomi Broader OT Security Reach
InformationalRethinking AML for Real-Time Payments
InformationalComputer Vision Frameworks: Features And Future Trends
InformationalObservability for AI Systems: Strengthening visibility for proactive risk detection
LowApple just changed the cheap laptop game - and rattled PC makers
InformationalBest early Amazon Spring Sale laptop deals 2026
LowThe best portable power stations of 2026: Expert and lab tested
InformationalBluetti AC240 review: One of the most durable power stations I've tested
LowOupes Mega 1 review: I finally found a portable power station I can store in my truck
LowThis one iPhone setting immediately stops all apps from tracking you - turn it off today
InformationalWhat's a minimal install for Linux? 6 reasons it can come in handy
InformationalPolygraf AI launches Desktop Overlay for real-time AI behavior control in enterprise operations
InformationalVeracode Fix for SCA automates open-source vulnerability fixes
InformationalTrojAI unveils new capabilities to secure agentic AI beyond the prompt layer
InformationalCorelight’s Agentic Triage turns SOC alerts into evidence-backed investigations
LowFirefox is getting a free built-in VPN
InformationalGraylog advances explainable AI and automated workflows for faster threat detection
InformationalBackslash adds cross-product support to secure AI skills in developer environments
InformationalToken Security advances AI agent protection with intent-based controls
InformationalCISA official says agency has not seen uptick in cyber threats amid Iran war
Informational5 Steps to Turn Compliance Checks into Audit Outcomes
InformationalOpenTelemetry Adoption: A Strategic Blueprint
LowA chief AI officer is no longer enough - why your business needs a 'magician' too
InformationalWhy Data Security Standards in Cancer Innovation Matter
InformationalHow Dell Is Building the Secure Agentic Enterprise
InformationalNative Launches With $42M for Multi-Cloud Security Push
InformationalEnterprise Cloud Network Solutions for Multi-Cloud Environments: Top Platforms
InformationalAs AI agents spread, 1Password's new tool tackles a rising security threat
LowAmazon launches 1-hour delivery in 2,000 cities - is yours on the list?
LowEndeavorOS Titan stands out among Arch-based Linux distros - here's why
LowThis 5-minute circuit check uncovered a home wiring issue I had no idea about
InformationalOpenAI's GPT-5.4 mini and nano launch - with near flagship performance at much lower cost
LowMy living room TV sounded so much better after I considered these 3 factors
InformationalIntel 471 debuts integrated platform for external threat management
InformationalNew Kingston IronKey USB drive delivers enterprise-grade data security
InformationalKore.ai debuts Agent Management Platform to govern enterprise AI ecosystems
InformationalHuntress adds tools to its Agentic Security Platform to detect, fix, and prevent endpoint and identity risks
InformationalPindrop Fraud Assist uses AI to analyze calls and strengthen fraud prevention
InformationalXM Cyber advances AI security with enhanced exposure and attack path visibility
InformationalSCW Trust Agent: AI tracks AI influence in code to reduce software risk
InformationalCTG unveils cyber resilience scoring dashboard for measurable risk reduction
InformationalEnergy Department set to release its first-ever cyber strategy
InformationalThe New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence
InformationalSurf Raises $57M to Automate Security Hygiene With AI Agents
InformationalCisco Access Manager: Identity-Based Access Control That Lean IT Teams Can Actually Deploy
InformationalAs Identity Takes Control, Telecom Needs Repatriated IAM Capable of Keeping Up
LowNew Windows 11 hotpatch fixes Bluetooth device visibility issue
InformationalAndroid 17 Leaks Reveal Major Redesign, AI Features, and Privacy Upgrades
LowInstagram Users Urged to Save Encrypted DMs Before Feature Disappears
InformationalInside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026
Low5 Samsung bloatware apps I always uninstall first (and why you should do the same)
InformationalNvidia bets on OpenClaw, but adds a security layer - how NemoClaw works
InformationalMesh vs. traditional Wi-Fi router: I tested both options for months, and here's my advice
InformationalNvidia's 'ChatGPT moment' for self-driving cars, and other key AI announcements at GTC 2026
LowCybersecurity jobs available right now: March 17, 2026
InformationalBeyond CVSS: OT Security Looks for Its Risk Methodology
InformationalGoogle, Microsoft, Amazon, and Others Unite Under New Anti-Scam Pact
LowAmazon's Big Spring Sale kicks off March 25 - what to know (and what will be on sale)
InformationalApple's AirPods Max 2 are here - what's new and what $549 gets you now
LowI tried Android's notification summaries on my Pixel, and they're surprisingly useful
LowWhy I keep these $5 USB-C breakaway connectors with me at all times (and how they work)
InformationalJSOC IT’s AUTOPSY platform puts security stacks under live API verification
InformationalKEEQuant advances chip-scale QKD for telecom, data centers, and critical infrastructure
LowMicrosoft Edge 146 adds IP privacy and local network access controls
InformationalFingerprint’s MCP Server turns device intelligence into real-time AI-powered fraud insights
InformationalOrca Platform enhancements use AI to cut cloud alert noise
InformationalNinjaOne Vulnerability Management enables real-time detection and autonomous patching
InformationalStellar Cyber 6.4.0 reduces alert noise and speeds investigations with Autonomous SOC capabilities
InformationalNew Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
InformationalBeyond the Perimeter: Authorization That Moves With Your APIs
LowOpenAI says ChatGPT ads are not rolling out globally for now

🔓 Breach (32)

CriticalFBI seizes Handala data leak site after Stryker cyberattack
CriticalCISA urges US orgs to secure Microsoft Intune systems after Stryker breach
CriticalStryker Wiper Attack: Hackers Boast as Lawsuits Pile Up
CriticalBank software vendor Marquis says more than 670,000 impacted by August breach
CriticalSouth Korean Police Accidentally Post Cryptocurrency Wallet Password
HighSecurity Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION
HighTrivy vulnerability scanner breach pushed infostealer via GitHub Actions
HighCalifornia city reports ransomware attack as LA transit agency finds ‘unauthorized activity’
HighFBI Seizes Iranian Online Leak Sites After Stryker Hack
HighNavia data breach impacts nearly 2.7 Million people
HighHacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
HighTrivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
HighFBI takes down leak sites tied to Iran’s Ministry of Intelligence and Security
HighBitrefill blames North Korean Lazarus group for cyberattack
HighNavia discloses data breach impacting 2.7 million people
HighNordstrom's email system abused to send crypto scams to customers
HighMarquis: Ransomware gang stole data of 672K people in cyberattack
HighAura confirms data breach exposing 900,000 marketing contacts
HighRobotic surgery firm Intuitive reports data breach after targeted phishing attack
HighAura - 903,080 breached accounts
HighMedusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county
HighCrypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
HighGeorgia man charged for robbing NBA, NFL players through stolen Apple account details
HighPayload Ransomware claims the hack of Royal Bahrain Hospital
HighAttack on Stryker’s Microsoft environment wiped employee devices without malware
HighWeekly Update 495
HighCompanies House Restores WebFiling After Flaw Exposed Director Details
HighStryker attack wiped tens of thousands of devices, no malware needed
HighStryker says hospital tools are safe, but digital ordering systems still down after cyberattack
High⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
HighUK’s Companies House confirms security flaw exposed business data
HighUK Agency Exposed Corporate Executive Data

💀 Ransomware (8)

CriticalInterlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon
HighWorldLeaks ransomware group breached the City of Los Angels
HighLeakNet ransomware: what you need to know
HighInterlock Ransomware Targets Cisco Enterprise Firewalls
HighRansomware gang exploits Cisco flaw in zero-day attacks since January
HighWarlock Ransomware Group Augments Post-Exploitation Activities
HighLeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
HighLeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks

🕵️ ThreatIntel (154)

CriticalInternational joint action disrupts world’s largest DDoS botnets
CriticalRussian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376
CriticalDarkSword: Researchers uncover another iOS exploit kit
CriticalDarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
CriticalInterlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
HighRussia-linked actors target WhatsApp and Signal in phishing campaign
HighVoidStealer malware steals Chrome master key via debugger trick
HighWeek in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw
HighFBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
HighTrivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
HighAisuru, KimWolf Botnets Disrupted in International Operation
HighISMG Editors: Stryker Attack Hits Healthcare Supply Chain
HighFake ‘Trusted Sender’ Labels Misused in New Apple Mail Phishing Scheme
High7,500+ Magento sites defaced in global hacking campaign
HighNew Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs
HighWho’s Really Shopping? Retail Fraud in the Age of Agentic AI
HighHow CISOs Can Survive the Era of Geopolitical Cyberattacks
HighFBI links Signal phishing attacks to Russian intelligence services
High That “job brief” on Google Forms could infect your device
HighLibyan Oil Refinery Among Targets in Long-running Likely Espionage Campaign
HighDenver’s crosswalks hacked to broadcast anti-Trump messages
HighCyber OpSec Fail: Beast Gang Exposes Ransomware Server
HighAuthorities disrupt four IoT botnets behind record DDoS attacks
HighUS seizes domains and infrastructure used in sprawling botnet campaigns
HighMulti-Month Cyberespionage Campaign Hits Libyan Oil Refinery
HighGlobal law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators
HighGSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
HighDoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
HighThe Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
HighMCP Servers Are the New Shadow IT for AI
High Your tax forms sell for $20 on the dark web
High A DarkSword hangs over unpatched iPhones
HighBreach Roundup: Fancy Bear in Schmancy OpSec Failure
HighYou have to invite them in
HighDarkSword emerges as powerful iOS exploit tool in global attacks
HighFrench aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure
HighSpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
HighAnalyzing the Current State of AI Use in Malware
HighNew Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
HighThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
High54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
HighSpeagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
HighRussian hackers exploit Zimbra flaw in Ukrainian govt attacks
HighEU Sanctions Companies in China, Iran for Cyberattacks
HighFBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker
HighNew Android malware hiding in streaming apps to spy on users’ personal notes
HighWhen tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
HighEveryday tools, extraordinary crimes: the ransomware exfiltration playbook
HighNew Malware Targets Users of Cobra DocGuard Software
HighRussia establishes Vienna as key western spy hub targeting NATO
HighFake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data
HighWindsurf IDE Extension Drops Malware via Solana Blockchain
HighHacking a Robot Vacuum
HighHow Ceros Gives Security Teams Visibility and Control in Claude Code
HighNew ‘Perseus’ Android malware checks user notes for secrets
HighDarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
HighC2 Implant 'SnappyClient' Targets Crypto Wallets
HighYour APIs are under siege, and attackers are just getting warmed up
HighElite members of North Korean society fake their way into Western paychecks
HighUS intelligence chief grilled on absence of election threats in security assessment
HighRussia-linked hackers use advanced iPhone exploit to target Ukrainians
HighSmashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
HighNavigating Security Tradeoffs of AI Agents
HighNew “Darksword” iOS exploit used in infostealer attack on iPhones
HighThe Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
High Inside a network of 20,000+ fake shops
High Researchers found font-rendering trick to hide malicious commands
HighSideWinder Espionage Campaign Expands Across Southeast Asia
HighThe SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
HighClaude Code Security and Magecart: Getting the Threat Model Right
HighOFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
HighTracking the Iran War: A Month of Escalation and Regional Impact
HighNew ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives
HighNew .NET AOT Malware Hides Code as a Black Box to Evade Detection
HighOpenClaw, the Fastest-Adopted Software Ever, Is Also a Security Blind Spot
HighResearchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot
HighHackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
HighMore Attackers Are Logging In, Not Breaking In
HighGlobal fraud losses climb to $442 billion
HighHouse Panel Warns of Chinese AI Robotics Threat
HighEU Belatedly Sanctions Chinese and Iranian Hackers
High How searching for a VPN could mean handing over your work login details
High Fake Pudgy World site steals your crypto passwords
HighRondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts
HighEU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure
HighOrchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents
HighClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools
HighStorm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer
HighOpen, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models
HighNew font-rendering trick hides malicious commands from AI tools
HighEurope sanctions Chinese and Iranian firms for cyberattacks
HighGlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
HighChina Probe: How a Fake Fitness Tracker Became an AI ‘Top Pick’
HighLABScon25 Replay | Your Apps May Be Gone, But the Hackers Made $9 Billion and They’re Still Here
HighKonni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
HighCountering Current Geopolitical Cyber Threats Based on CISA Intel With Qualys
HighFormer Germany’s foreign intelligence VP hit in Signal account takeover campaign
HighFBI launches inquiry into Steam games spreading malware
HighRussia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets
HighFrom Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
HighCL-STA-1087 targets military capabilities since 2020
HighNew Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit
HighGitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub
HighFraudsters are using public planning records to target permit applicants
HighCursorJack: weaponizing Deeplinks to exploit Cursor IDE
HighIndustrial Systems Under Siege: 77% of OT Environments Suffer Cyber Breaches
HighGlassWorm Malware Evolves to Hide in Dependencies
HighChina-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
HighHidden instructions in README files can make AI agents leak data
HighGlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
High A week in security (March 9 – March 15)
High Hacked sites deliver Vidar infostealer to Windows users
HighNew Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time
HighFBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft
HighIranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization
HighBoggy Serpens Threat Assessment
HighRussia-linked espionage campaign targeting Ukraine using Starlink and charity lures
HighCyberattack disrupts parking payments in Russian city
HighAttackers Abuse LiveChat to Phish Credit Card, Personal Data
High2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025
HighFree real estate: GoPix, the banking Trojan living off your memory
High45,000 malicious IP addresses taken down, 94 suspects arrested
HighHackers tried to breach Poland’s nuclear research centre
HighDRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
HighClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
HighShadow AI is everywhere. Here’s how to find and secure it.
HighHelp on the line: How a Microsoft Teams support call led to compromise
HighLiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools to Steal Sensitive Data
HighKevuru Games Outlines the Shift Toward Flexible Art Production in the Games Industry
HighNew XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection
HighFake scandal clips on Facebook bait victims into investment scams
MediumAI Factories, Security Flaws, and Workforce Shifts Define This Week in Tech
MediumWith Government's Role Uncertain, Businesses Unite to Combat Fraud
MediumInteresting Message Stored in Cowrie Logs, (Wed, Mar 18th)
MediumISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
MediumMeta’s AI Glasses and Privacy
MediumLess Lucrative Ransomware Market Makes Attackers Alter Methods
MediumIPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
Medium Zombie ZIP method can fool antivirus during the first scan
Medium/proxy/ URL scans with IP addresses, (Mon, Mar 16th)
MediumPossible New Result in Quantum Factorization
InformationalSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89
InformationalCTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents
InformationalISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)
InformationalXbow Raises $120M Series C to Scale Autonomous AI Hacking
Informational2025 Year in Review: Malicious, Infrastructure
LowWhat is MoCA 2.5? How this low-cost networking can replace Wi-Fi and fix dead zones
InformationalBuilding an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis
LowScans for "adminer", (Wed, Mar 18th)
InformationalDropzone AI releases autonomous Threat Hunting agent for continuous SOC detection
InformationalISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
InformationalXona Systems brings real-time threat response to OT remote access sessions
InformationalISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)
InformationalISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)

⚠️ Vulnerability (99)

CriticalU.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog
CriticalOracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager
CriticalPolyShell flaw exposes Magento and Adobe Commerce to file upload attacks
CriticalOracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
CriticalPatch Now: Oracle's Fusion Middleware Has Critical RCE Flaw
CriticalMagento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
CriticalCritical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
CriticalCISA orders feds to patch max-severity Cisco flaw by Sunday
CriticalOracle pushes emergency fix for critical Identity Manager RCE flaw
CriticalUnpatched ScreenConnect servers open to attack (CVE-2026-3564)
CriticalCisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)
CriticalU.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog
CriticalCritical Ubiquiti UniFi UniFi security flaw allows potential account hijacking
CriticalMax severity Ubiquiti UniFi flaw may allow account takeover
CriticalCTEK Chargeportal
CriticalIGL-Technologies eParking.fi
CriticalAutomated Logic WebCTRL Premium Server
CriticalInterlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
CriticalCritical Microsoft SharePoint flaw now exploited in attacks
CriticalResearchers warn of unpatched, critical Telnetd flaw affecting all versions
CriticalConnectWise patches new flaw allowing ScreenConnect hijacking
Critical9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
CriticalCritical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
CriticalCVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
CriticalCODESYS in Festo Automation Suite
CriticalSchneider Electric SCADAPack and RemoteConnect
CriticalMicrosoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities
CriticalZDI-26-187: (Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability
CriticalZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
CriticalZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CriticalZDI-26-208: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability
Critical875 Million Android Phones Face Risk Due to Hidden Chip Flaw
HighCISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
HighIntego X9: Never trust my updates
HighZDI-26-217: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
HighZDI-26-218: GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
HighZDI-26-219: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
HighCloud misconfiguration has evolved and your controls haven’t
HighFDA Issues Recall for Some GE Imaging Products Due to Cyber
HighNew ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
HighNew Apple Hack: Up to 270M iPhones Vulnerable to ‘DarkSword’ Exploit
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighSchneider Electric EcoStruxure PME and EPO
HighSchneider Electric EcoStruxure Automation Expert
HighMicrosoft Recall Again Spills Secrets
HighU.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog
High“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads, Report
HighCISA orders feds to patch Zimbra XSS flaw exploited in attacks
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighCISA Adds One Known Exploited Vulnerability to Catalog
High Apple patches WebKit bug that could let sites access your data
HighApple Rolls Out Real-Time Security Fixes Across iPhone, iPad, and Mac
High'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
HighApple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
HighUbuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
HighClaudy Day Forecast: Chat Data Theft
HighCVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit
HighApple pushes first Background Security Improvements update to fix WebKit flaw
HighMicrosoft Confirms Windows 11 Bug Crippling PCs, Blocking Access to Core Drive
HighAI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
HighSchneider Electric EcoStruxure Data Center Expert
HighSiemens SICAM SIAPP SDK
HighUnprivileged users could exploit AppArmor bugs to gain root access
HighResearchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter
HighZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability
HighZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability
HighZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
HighZDI-26-191: (Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability
HighZDI-26-195: (Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
HighZDI-26-196: (Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-197: (Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
HighZDI-26-198: (Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability
HighZDI-26-200: (Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability
HighZDI-26-202: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability
HighZDI-26-204: (Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-205: (Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-206: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
HighZDI-26-207: (Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-211: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-212: Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability
HighZDI-26-213: GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-214: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
HighZDI-26-215: KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
HighCISA flags Wing FTP Server flaw as actively exploited in attacks
HighCISA Adds One Known Exploited Vulnerability to Catalog
MediumMitsubishi Electric CNC Series
MediumSchneider Electric Modicon M241, M251, and M262
MediumSchneider Electric Modicon Controllers M241, M251, M258, and LMC058
MediumZDI-26-216: (Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability
MediumCISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
MediumZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability
MediumZDI-26-194: Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
MediumZDI-26-199: (Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability
MediumZDI-26-201: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability
MediumZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability
MediumZDI-26-210: (Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability
LowU.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog

Daily breach, advisory, and vulnerability briefs publish every weekday.

View Live Breach Feed ← All Weekly Digests