Cybersecurity Newsfeed - 24/03/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 24/03/26
🛡️ Vulnerabilities
Oracle Emergency Fix (CVE-2026-21992): Oracle issued an out-of-band security fix for a critical RCE flaw affecting core enterprise products. Unauthenticated attackers can achieve full system compromise via crafted network requests. More info
QNAP Patches Pwn2Own Flaws: QNAP released critical updates for four vulnerabilities demonstrated at Pwn2Own Ireland. These flaws allow remote code execution and privilege escalation on NAS devices. More info
Microsoft Account Sign-in Bug (KB5085516): Microsoft released an emergency update to resolve an authentication loop preventing users from signing into accounts on Windows 10 and 11. More info
🎯 Adversaries
CanisterWorm “Kamikaze” Wiper: A new wiper targets misconfigured Kubernetes clusters with the sole intent of erasing container data and disrupting cloud infrastructure. More info
TeamPCP Hits Iranian Kubernetes: This threat actor is deploying a custom wiper to systematically delete pods and persistent volumes, reflecting a rise in cloud-native “hacktivism.” More info
North Korean “Auto-Open” Exploit: State-sponsored actors are abusing the Visual Studio Code “Auto-Open” feature to execute malicious scripts when developers open tainted repositories. More info
Tycoon2FA Resurgence: The Phishing-as-a-Service platform has returned with improved evasion techniques to bypass MFA via transparent proxying despite recent law enforcement takedowns. More info
Rorschach Attacks Target Claude AI: Former NSA official Rob Joyce warned of AI-driven prompt injection attacks designed to bypass safety guardrails and extract sensitive training data. More info
📈 Trends
Copyright Infringement Phishing: Attackers are using fake legal notices to trick users into downloading ZIP files containing Lumma or RedLine infostealers. More info
Insider Threats by Proxy: A North Korean operative successfully secured a remote IT job at a US firm by masking their location with a VPN and using stolen identities. More info
Global Botnet Takedown: International authorities dismantled four major botnets consisting of hundreds of thousands of IoT devices used for massive DDoS campaigns. More info
💥 Breaches & Leaks
Crunchyroll Probes 68M User Breach: A threat actor claims to have stolen a database containing usernames and emails of 68 million users from the anime streaming giant. More info
Trivy Supply Chain Attack: A popular vulnerability scanner was targeted via malicious dependency injection, aiming to harvest secrets from corporate CI/CD pipelines. More info
Mazda Data Breach: The automaker disclosed a breach of an administrative server that exposed the personal data of employees and business partners. More info
Aqua Security GitHub Defacement: Following the Trivy breach, 44 GitHub repositories belonging to Aqua Security were defaced by attackers. More info
RSBoards Forum Leak: Over 140,000 accounts were exposed in a breach of the RSBoards community, including usernames and salted password hashes. More info
🛠️ Tools & Defense
Varonis Launches Atlas: A new platform focused on securing generative AI implementations and preventing unauthorized data training or prompt injections. More info
Kubernetes Access Matrix: Zero Networks released an open-source tool to help admins visualize RBAC permissions and identify “permission creep.” More info
Plumber for GitLab: A new open-source compliance scanner designed to detect vulnerabilities and hardcoded secrets within GitLab CI/CD pipelines. More info
📚 Others
California Ballot Machine Seized: Election officials are raising alarms after a sheriff seized a voting machine for an unauthorized probe, potentially compromising the chain of custody. More info
Dark Web CSAM Network Dismantled: Law enforcement shut down a major network dedicated to illegal material, leading to server seizures and multiple arrests. More info