Post

Cybersecurity Newsfeed - 25/03/26

Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.

Posted
Cybersecurity Newsfeed - 25/03/26
Cybersecurity Newsfeed - 25/03/26
By Prana
3 min read
Cybersecurity Newsfeed - 25/03/26

Cybersecurity Newsfeed

📅 25/03/26

🛡️ Vulnerabilities

  • Critical VPN Session Management Flaw (577436): CERT/CC issued an advisory for a critical flaw in multiple VPN implementations involving improper handling of session termination. Attackers can maintain persistent access or hijack active sessions. Organizations are urged to apply vendor patches and audit session logs. More info

  • PTC Windchill & FlexPLM RCE (CVE-2026-2580): PTC issued an urgent warning regarding a critical remote code execution vulnerability. The flaw allows unauthenticated attackers to execute arbitrary code with elevated privileges, potentially leading to full system compromise. More info

  • NetScaler ADC and Gateway (CVE-2026-3055): Cloud Software Group released critical updates to address a high-severity vulnerability allowing unauthorized data disclosure or DoS conditions. Administrators should apply patches immediately to protect remote access infrastructure. More info

  • Citrix NetScaler System Access Patches: Citrix issued an urgent patch for vulnerabilities affecting ADC and Gateway components that could lead to unauthorized system access. These devices are prime targets for initial access brokers. More info

🎯 Adversaries

  • Silver Fox Conducts Dual-Purpose Ops: A new threat actor is conducting hybrid operations involving both traditional espionage and financial gain. The group targets government and financial institutions using custom malware and living-off-the-land techniques. More info

  • North Korean Actors Abuse VS Code Auto-Run: Threat actors are exploiting the “auto-run” feature in Visual Studio Code to distribute StoatWaffle malware. Opening malicious project folders triggers automated tasks that execute second-stage payloads. More info

  • TeamPCP Hits LiteLLM in Supply Chain Attack: The popular LiteLLM PyPI package was compromised to exfiltrate environment variables and API keys from developers. Users are urged to rotate credentials and check installed versions. More info

  • TeamPCP Targets Checkmarx & GitHub Actions: Attackers exploited misconfigured CI/CD pipelines and compromised GitHub Actions to inject malicious code into development projects, focusing on exfiltrating secrets. More info

  • Russian Initial Access Broker Identified: A major supplier of network credentials has been linked to various cybercriminal organizations, providing “ready-to-use” entry points into global enterprise networks via phishing and credential stuffing. More info

📈 Trends

  • Mandiant: Global Dwell Time Hits Record Low: Global median dwell time has reached a record low, indicating improved detection capabilities and a shift toward more disruptive, rapid-impact operations like ransomware. More info

  • 150% Surge in DDoS Attacks: The Gcore Radar report highlights a massive year-on-year spike in DDoS activity, driven by cheap booter services and complex multi-vector botnets targeting gaming and finance. More info

  • Fake Resumes Used for Network Infiltration: Cybercriminals are embedding malware in fake resumes distributed via LinkedIn. These documents target HR departments to install infostealers or remote access trojans. More info

  • “Ghost” Campaign Pollutes npm Registry: Hundreds of malicious packages are using typosquatting and “starjacking” to trick developers into installing persistent backdoors and stealing sensitive environment variables. More info

  • FCC Bans Non-US Manufactured Routers: Citing national security risks, the FCC has implemented a ban on new routers made outside the USA to prevent potential backdoors or vulnerabilities exploitable by adversarial states. More info

  • NCSC Urges “Vibe Coding” for Security: At RSAC, the UK NCSC encouraged an agile, culturally aware approach to security, arguing that rigid frameworks often fail to keep pace with evolving modern threats. More info

💥 Breaches & Leaks

  • HackerOne Discloses Breach via Third-Party: Employee data, including SSNs, was exposed following a cyberattack on Navia Benefit Solutions. HackerOne clarified its core platform and bug bounty data remain secure. More info

  • OVHcloud Denies 590TB Data Breach Claims: The founder of OVHcloud has officially denied claims of a massive data breach surfacing on dark web forums, suggesting the claims are part of a disinformation campaign. More info

⚖️ Legal & Law Enforcement

  • Yanluowang Access Broker Sentenced: A high-profile initial access broker associated with the Yanluowang ransomware group has been sentenced to 81 months in prison for facilitating corporate network compromises. More info

📚 Others

  • “OpenClaw Deployer” Repo Delivers Trojan: A malicious GitHub repository masquerading as a deployment tool was found delivering a Trojan designed to steal browser data, crypto wallets, and SSH keys. More info

⬅ Back to Archive

News
cybersecurity vulnerabilities threat-intelligence breaches malware supply-chain
This post is licensed under CC BY 4.0 by the author.