Cybersecurity Newsfeed - 17/03/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 17/03/26
🛡️ Vulnerabilities
Critical Input Validation Flaw (CVE-2026-21815): CERT/CC issued an advisory for a critical flaw in a widely used library affecting core networking components. Remote attackers can execute arbitrary code or trigger DoS conditions. Organizations are urged to apply vendor patches immediately and monitor for exploitation traffic. More info
Wing FTP Server Command Injection (CVE-2024-50498): CISA added this flaw to its KEV catalog following active exploitation. The bug allows unauthenticated command injection, granting full server control. Federal agencies must patch by the deadline to protect sensitive corporate data transfers. More info
🎯 Adversaries
APT28 Deploys DrillApp Backdoor: Russia-linked threat actors are targeting Ukrainian infrastructure with “DrillApp,” a stealthy backdoor for data collection and persistent access. It masks C2 traffic and allows remote command execution and module uploading. More info
Stryker Attack Wipes Tens of Thousands of Devices: A devastating campaign used legitimate administrative tools and “living off the land” tactics to wipe devices without traditional malware. By weaponizing native system capabilities, attackers bypassed signature-based detection entirely. More info
China-Linked “Patient” Espionage in Asia: A sophisticated hacking group is conducting long-term data exfiltration targeting Asian militaries. The operation prioritizes strategic defense plans over disruption, using high operational security to bypass traditional defense layers. More info
Iranian Cyber Threats Transition to Destruction: Palo Alto Unit 42 reports that Iranian actors are shifting toward destructive wipers and ransomware-style tactics alongside traditional espionage. They are increasingly leveraging cloud vulnerabilities and social engineering. More info
Hacked Sites Distributing Vidar Infostealer: Legitimate sites are being injected with scripts that trigger automated Vidar downloads. The malware targets browser history, passwords, and crypto wallets via watering-hole tactics. More info
“ClickFix” Targets macOS with MacSync: Deceptive “browser update” pop-ups are now delivering the MacSync infostealer to macOS users, targeting keychain data and browser cookies in corporate environments. More info
📈 Trends
245% Surge in Conflict-Related Cybercrime: Data shows a massive spike in cyber activities linked to the Iran conflict. This includes DDoS, breaches, and disinformation, highlighting the digital front as a primary theater for asymmetric warfare. More info
Google 2026 Ransomware Report: Google highlights a shift toward smaller, specialized RaaS groups. While volume is stable, the precision of attacks on critical infrastructure has increased, aided by AI-driven automation in the initial access phase. More info
The Rise of “Shadow AI”: Unauthorized use of AI tools in corporations poses a growing risk of proprietary data leaks. Security teams are encouraged to implement discovery tools and clear governance to mitigate unregulated data exposure. More info
Glassworm Malware Evolution: Researchers identified new versions of Glassworm that use custom loaders and obfuscated DLLs to hide dependencies. The malware focuses on long-term persistence and bypassing EDR systems. More info
Live Chat Phishing (Amazon & PayPal): A new campaign uses fraudulent live chat windows on compromised sites to trick users into providing financial info. Real-time interaction increases the credibility of these scams compared to email phishing. More info
XWorm 7.1 and Remcos RAT Updates: New versions of these RATs are using advanced multi-stage loaders to execute in memory and evade sandbox detection, providing full system control to attackers. More info
💥 Breaches & Leaks
UK Companies House WebFiling Flaw: A security flaw in the WebFiling service exposed sensitive personal details of company directors. While now addressed, the exposure facilitates potential identity theft and corporate fraud. Companies House is conducting a full audit of unauthorized access. More info More info
📚 Others
- FBI Investigates Steam Malware Campaign: Attackers are embedding data-stealing scripts in Steam Workshop mods and community content to hijack crypto wallets and accounts, bypassing platform trust. More info