MATLOCK.CA
111Articles
8Categories
2026-03-05Date
🚨
CISA Adds Five Known Exploited Vulnerabilities to CatalogCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability CVE-2021-22681 Rockwell Multiple Products Insufficient Protecte…
KEVCISA.GOV — Thu, 05 Mar 26 1
πŸ›
14 old software bugs that took way too long to squash
CSOONLINE.COM — 05 Mar 2026
πŸ›
Cisco Secure Firewall Management Flaw Allows Remote Code Execution
GBHACKERS.COM — 05 Mar 2026
πŸ›
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-23238 romfs: check sb_set_blocksize() return value
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
Critical pac4j-jwt Authentication Bypass Vulnerability Allows Attackers to Impersonate Any User
GBHACKERS.COM — 05 Mar 2026
πŸ›
CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild
KEVSECURITYWEEK.COM — 05 Mar 2026
πŸ›
CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2025-68121 Unexpected session resumption in crypto/tls
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
PoC Exploit for Cisco SD-WAN 0-Day Vulnerability Now Released, Actively Exploited in the Wild
KEVGBHACKERS.COM — 05 Mar 2026
πŸ›
New MongoDB Vulnerability Allows Attackers to Crash Servers, Exposing Critical Data
GBHACKERS.COM — 05 Mar 2026
πŸ›
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
THEHACKERNEWS.COM — 05 Mar 2026
πŸ›
Cisco issues emergency patches for critical firewall vulnerabilities
CSOONLINE.COM — 05 Mar 2026
πŸ›
CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
MSRC.MICROSOFT.COM — 05 Mar 2026
πŸ›
Look What You Made Us Patch: 2025 Zero-Days in Review
KEVCLOUD.GOOGLE.COM — 05 Mar 2026
⚠️
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
GRAHAMCLULEY.COM — 05 Mar 2026
⚠️
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
CSOONLINE.COM — 05 Mar 2026
⚠️
Nation-State iOS Exploit Kit β€˜Coruna’ Found Powering Global Attacks
SECURITYWEEK.COM — 05 Mar 2026
⚠️
Operation Leak: Authorities Dismantle LeakBase Forum, Secure User Data and IP Logs
GBHACKERS.COM — 05 Mar 2026
⚠️
Cisco Catalyst SD-WAN Flaws Expose Devices to Root Access, Threatening Network Security
GBHACKERS.COM — 05 Mar 2026
⚠️
State-affiliated hackers set up for critical OT attacks that operators may not detect
CSOONLINE.COM — 05 Mar 2026
⚠️
Cisco Secure Firewall Vulnerability Exposes Networks to Authentication Bypass Attacks
GBHACKERS.COM — 05 Mar 2026
⚠️
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
RedAlert Mobile Espionage Campaign Exploits Trojanized Rocket Alert App to Spy on Civilians
GBHACKERS.COM — 05 Mar 2026
⚠️
Reclaim Security Raises $26M to Eliminate the 27-Day Remediation Gap
GBHACKERS.COM — 05 Mar 2026
⚠️
Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities
GBHACKERS.COM — 05 Mar 2026
⚠️
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts
GBHACKERS.COM — 05 Mar 2026
⚠️
Top 10 Best Cybersecurity Marketing Agencies to Watch in 2026
GBHACKERS.COM — 05 Mar 2026
⚠️
Cisco flags more SD-WAN flaws as actively exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
Where Multi-Factor Authentication Stops and Credential Abuse Starts
THEHACKERNEWS.COM — 05 Mar 2026
⚠️
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
GBHACKERS.COM — 05 Mar 2026
⚠️
Police dismantles online gambling ring exploiting Ukrainian women
BLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
Threat Actors Exploit Fake Claude Code Downloads to Deploy Infostealer Malware
GBHACKERS.COM — 05 Mar 2026
⚠️
Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year
CSOONLINE.COM — 05 Mar 2026
⚠️
Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises
SECURITYWEEK.COM — 05 Mar 2026
⚠️
Google says 90 zero-days were exploited in attacks last year
KEVBLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech
TECHCRUNCH.COM — 05 Mar 2026
⚠️
WordPress membership plugin bug exploited to create admin accounts
BLEEPINGCOMPUTER.COM — 05 Mar 2026
⚠️
Email Security: What It Is, How It Works, and Best Protection Methods
KNOWBE4.COM — 05 Mar 2026
⚠️
A Vulnerability in pac4j-jwt (JwtAuthenticator) Could Allow for Authentication Bypass
CISECURITY.ORG — 05 Mar 2026
⚠️
Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution
CISECURITY.ORG — 05 Mar 2026
⚠️
On the Effectiveness of Mutational Grammar Fuzzing
PROJECTZERO.GOOGLE — 2026-03-05
πŸ“’
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
ISC.SANS.EDU — 05 Mar 2026
πŸ“’
Phobos ransomware admin pleads guilty to wire fraud conspiracy
BLEEPINGCOMPUTER.COM — 05 Mar 2026
πŸ“’
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
THEHACKERNEWS.COM — 05 Mar 2026
πŸ“’
OpenText security advisory (AV26-199)
CYBER.GC.CA — 2026-03-05
πŸ”₯
Cyberattack Alert: Hackers Impersonate LastPass Support to Steal Vault Passwords
GBHACKERS.COM — 05 Mar 2026
πŸ”₯
Hacked App Part of US/Israeli Propaganda Campaign Against Iran
SCHNEIER.COM — 2026-03-05
πŸ”₯
Russian Ransomware Operator Pleads Guilty in US
SECURITYWEEK.COM — 05 Mar 2026
πŸ”₯
Israel Hacked Traffic Cameras in Iran
SCHNEIER.COM — 2026-03-05
πŸ”₯
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
BLEEPINGCOMPUTER.COM — 05 Mar 2026
πŸ”₯
Italian prosecutors confirm journalist was hacked with Paragon spyware
TECHCRUNCH.COM — 05 Mar 2026
πŸ•΅οΈ
Online ads surpassed email as the primary malware channel in 2025, accounting for 60%+ of all observed malware and phishing campaigns
PROGRAMMING.DEV — 5 Mar 2026
πŸ•΅οΈ
Online ads surpassed email as the primary malware channel in 2025, accounting for 60%+ of all observed malware and phishing campaigns
SH.ITJUST.WORKS — 5 Mar 2026
πŸ•΅οΈ
Authorities from 14 countries shut down LeakBase, seize its domains, and arrest multiple people allegedly tied to the cybercrime forum, which had 142K+ members
PROGRAMMING.DEV — 5 Mar 2026
πŸ•΅οΈ
Authorities from 14 countries shut down LeakBase, seize its domains, and arrest multiple people allegedly tied to the cybercrime forum, which had 142K+ members
SH.ITJUST.WORKS — 5 Mar 2026
πŸ•΅οΈ
Tycoon 2FA Phishing Operation Dismantled in Joint Raid by Microsoft and Europol
GBHACKERS.COM — 05 Mar 2026
πŸ•΅οΈ
Threat Actors Intensify Targeting of IP Cameras Across the Middle East Amid Ongoing Conflict
GBHACKERS.COM — 05 Mar 2026
πŸ•΅οΈ
Cisco Patches Critical Vulnerabilities in Enterprise Networking Products
SECURITYWEEK.COM — 05 Mar 2026
πŸ•΅οΈ
LeakBase Cybercrime Forum Shut Down, Suspects Arrested
SECURITYWEEK.COM — 05 Mar 2026
πŸ•΅οΈ
Reclaim Security Raises $20 Million to Accelerate Remediation
SECURITYWEEK.COM — 05 Mar 2026
πŸ•΅οΈ
ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)
ISC.SANS.EDU — 05 Mar 2026
πŸ•΅οΈ
RingH23 Threat Actors Target MacCMS and CDN Infrastructure with New Arsenal
GBHACKERS.COM — 05 Mar 2026
πŸ•΅οΈ
Europol schließt riesigen Markt für gestohlene Daten
CSOONLINE.COM — 05 Mar 2026
πŸ•΅οΈ
Europol: Großer Markt für gestohlene Daten geschlossen
CSOONLINE.COM — 05 Mar 2026
πŸ•΅οΈ
Spear Phishing Attacks: Top 7 Signs to Watch For
KNOWBE4.COM — 05 Mar 2026
πŸ•΅οΈ
I Wrote a Book About AI Sycophancy. I Didn’t Use AI to Write It.
INFOSEC.PUB — 5 Mar 2026
πŸ•΅οΈ
Embrace Every Choice You Make
YOUTUBE.COM — 2026-03-05
πŸ•΅οΈ
Navigating the U.S. Public Sector’s Unrelenting Cyber Crisis
KNOWBE4.COM — 05 Mar 2026
πŸ•΅οΈ
Google Safe Browsing missed 84% of phishing sites we found in February
INFOSEC.PUB — 5 Mar 2026
πŸ•΅οΈ
Malicious AI Assistant Extensions Harvest LLM Chat Histories
MICROSOFT.COM — 05 Mar 2026
πŸ•΅οΈ
Women’s History Month: Encouraging women in cybersecurity at every career stage
MICROSOFT.COM — 05 Mar 2026
πŸ•΅οΈ
riverside bios embedded edge zero footprint enterprise security
YOUTUBE.COM — 2026-03-05
πŸ•΅οΈ
Threat Actors Abuse Messaging Platforms to Launch Phishing Attacks
KNOWBE4.COM — 05 Mar 2026
πŸ•΅οΈ
Airsnitch, Claude, Hacking Firewalls - PSW #916
YOUTUBE.COM — 2026-03-05
πŸ•΅οΈ
The Weak Spot in Encrypted WiFi
YOUTUBE.COM — 2026-03-05
πŸ•΅οΈ
Chinese state hackers target telcos with new malware toolkit
BLEEPINGCOMPUTER.COM — 05 Mar 2026
🌐
ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
THEHACKERNEWS.COM — 05 Mar 2026
🌐
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
TRENDMICRO.COM — 05 Mar 2026
🌐
Joint guidance on supply chain risks and mitigations for artificial intelligence and machine learning
CYBER.GC.CA — 2026-03-05
🌐
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
BLEEPINGCOMPUTER.COM — 05 Mar 2026
πŸ“‘
How to disable unwanted AI assistants and features on your PC and smartphone | Kaspersky official blog
KASPERSKY.COM — 05 Mar 2026
πŸ“‘
Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
THEHACKERNEWS.COM — 05 Mar 2026
πŸ“‘
2026 Browser Data Reveals Major Enterprise Security Blind Spots
BLEEPINGCOMPUTER.COM — 05 Mar 2026
πŸ“‘
Bypassing debug password protection on the RH850 family using fault injection
QUARKSLAB.COM — 2026-03-05
πŸ“‘
Top 10 artificial intelligence security actions: A primer - ITSAP.10.049
CYBER.GC.CA — 2026-03-05
πŸ“‘
CASI Leaderboard Shifts: Sugar-Coated Poison, and the Expanding AI Attack Surface
F5.COM — 05 Mar 2026
πŸ“‘
FBI arrests suspect linked to $46M crypto theft from US Marshals
BLEEPINGCOMPUTER.COM — 05 Mar 2026
πŸ“‘
FYI: Impersonators are (still) targeting companies with fake TechCrunch outreach
TECHCRUNCH.COM — 05 Mar 2026
πŸ“‘
FBI investigating hack on its wiretap and surveillance systems: report
TECHCRUNCH.COM — 05 Mar 2026
πŸ“‘
How SMBs use threat research and MDR to build a defensive edge
WELIVESECURITY.COM — 05 Mar 2026
πŸ“‘
VU#772695: A flawed TLS handshake implementation affects Viber Proxy in multiple platforms
KB.CERT.ORG — 2026-03-05
πŸ“‘
AWS completes the 2026 annual Dubai Electronic Security Centre (DESC) certification audit
AWS.AMAZON.COM — 05 Mar 2026
πŸ“‘
2025 ISO and CSA STAR certificates are now available with one additional service and one new region
AWS.AMAZON.COM — 05 Mar 2026