Cybersecurity Newsfeed - 20/03/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 20/03/26
🛡️ Vulnerabilities
Ubiquiti UniFi Account Hijacking (CVE-2024-42030): Ubiquiti addressed a critical improper authorization flaw in UniFi Cloud Key and Network Applications. Attackers could gain administrative access under specific conditions. Users are urged to update firmware immediately. More info
PolyShell RCE in Adobe Magento: A critical flaw dubbed “PolyShell” allows unauthenticated attackers to achieve remote code execution on Magento e-commerce stores. This poses a severe risk to customer payment data and system integrity. More info
Critical Microsoft SharePoint Exploitation: A remote code execution vulnerability in SharePoint is being actively exploited. It allows attackers to take full control of servers without user interaction, facilitating lateral movement. More info
CISA Adds New Flaw to KEV Catalog: CISA has updated its Known Exploited Vulnerabilities catalog with a new flaw being used in the wild. Federal agencies must remediate the issue within the BOD 22-01 timeframe. More info
Zimbra XSS Exploited by Russian APTs (CVE-2025-66376): Russian threat actors are targeting Ukrainian entities by exploiting a cross-site scripting flaw in Zimbra to steal session cookies and access mailboxes. More info
🎯 Adversaries
Lazarus Group Targets Bitrefill: The North Korean state-sponsored group attempted to manipulate crypto transactions at Bitrefill. The company’s multi-layered defense successfully protected customer funds. More info
Speagle Malware Hijacks Cobra DocGuard: Attackers are using the DocGuard update mechanism to distribute the Speagle backdoor, targeting developers to exfiltrate sensitive files and monitor systems. More info
DarkSword iOS Zero-Click Exploit: A new kernel-level exploit targets iPhones via zero-click delivery, allowing attackers to intercept encrypted communications and track device locations. More info
Perseus Android Banking Malware: A new trojan targeting financial institutions uses accessibility services to steal credentials and intercept 2FA codes for unauthorized fund transfers. More info
Windsurf IDE Extension Targets Solana Developers: A malicious extension for the Windsurf IDE is exfiltrating private keys and mnemonic phrases from blockchain developers’ workspaces. More info
SnappyClient C2 Targets Crypto Wallets: A new stealthy implant monitors clipboards and filesystems to identify and steal private keys and seed phrases from infected systems. More info
📈 Trends
Seasonal Tax-Themed Phishing: Microsoft warns of a spike in tax-related lures, such as fake IRS correspondence, used to deploy infostealers and ransomware during tax season. More info
Preventing Privilege Escalation via Password Resets: Security experts have detailed seven strategies, including rate limiting and MFA, to secure password reset workflows against hijacking. More info
- Samba 4.24.0 Kerberos Hardening: The latest Samba release introduces critical security measures to the Kerberos protocol to prevent privilege escalation and impersonation. More info
💥 Breaches & Leaks
Navia Benefit Solutions Data Breach: Approximately 2.7 million individuals were impacted by a breach involving Social Security numbers and health-related benefit data. More info
Marquis Data Breach Affects 672,000: Data services provider Marquis reported a breach exposing names and Social Security numbers, highlighting the risk to third-party data processors. More info
CISA Warning Following Stryker Breach: CISA urged businesses to secure Microsoft Intune environments after the Stryker incident showed how endpoint management tools can be weaponized. More info