Cybersecurity

A joint FBI-CISA advisory says Russian-linked actors have compromised thousands of Signal and WhatsApp accounts belonging to government officials, military personnel, and journalists across multiple countries.

A critical unauthenticated file upload flaw in Magento and Adobe Commerce, dubbed PolyShell, has been exploited at scale since March 19 with no production patch available.

A coordinated operation led by Europol, Microsoft, and law enforcement agencies across six countries seized 330 domains powering the Tycoon 2FA phishing-as-a-service platform, which had accounted for 62 percent of all phishing attempts Microsoft blocked by mid-2025.

Threat actor TeamPCP compromised the widely used Trivy vulnerability scanner through a retained access token from an earlier incomplete remediation, injecting credential-stealing payloads into official releases and GitHub Actions while defacing 44 Aqua Security repositories.

Amazon threat intelligence reveals that the Interlock ransomware group exploited a critical Cisco Secure Firewall Management Center zero-day vulnerability for over five weeks before Cisco disclosed and patched the flaw in early March 2026.

CVE-2026-33017, a CVSS 9.3 unauthenticated RCE in the open-source AI framework Langflow, was weaponized within 20 hours of its March 17 advisory with no public exploit code available.

Russia's APT28 exploited CVE-2026-21509, a Microsoft Office OLE bypass, within 72 hours of disclosure to hit military targets across six NATO-adjacent countries with steganographic loaders and cloud-based C2.

Microsoft, the Pentagon, and Zscaler are extending zero trust beyond network perimeters to AI agents, weapons systems, and sovereign data flows, driven by a non-human identity explosion that outnumbers human users 100 to 1.

Attackers hijacked 75 of 76 version tags in the widely used trivy-action GitHub Action to steal CI/CD credentials, then deployed a self-propagating npm worm that uses the Internet Computer Protocol as an untakeable-down command-and-control channel.

The UAE mandates all banks abandon SMS OTP by March 31 while Microsoft auto-enables passkey profiles across Entra ID, as FIDO Alliance data shows 87 percent of enterprises now deploying passkeys.

Broadcom announced the first end-to-end post-quantum cryptography-safe in-flight network encryption solution for Fibre Channel storage, shipping over 120,000 adapters as NIST sets a 2030 deadline to deprecate RSA and enterprises race to counter harvest-now-decrypt-later attacks.

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products, rated CVSS 9.9, is being actively exploited in ransomware attacks across six countries, with thousands of on-premises instances still unpatched.