MATLOCK.CA
113Articles
9Categories
2026-03-11Date
🚨
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentialsHPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8…
KEVCSOONLINE.COM — 11 Mar 2026
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-68613 n8n Improper Control of Dynamically-Managed Code Resources Vulnerability This type of vulnerability is a frequent attack vector for…
KEVCISA.GOV — Wed, 11 Mar 26 1
πŸ›
Fake Claude Code Installs, Arpa Phishing, Iranian and Russian Teams Mount Cyber Retaliation
CYBERSECURITYTODAY.LIBSYN.COM — 11 Mar 2026
πŸ›
Microsoft SQL Server Zero-Day Exposes Privilege Escalation Risk for Users
GBHACKERS.COM — 11 Mar 2026
πŸ›
Fortinet FortiManager fgtupdates Flaw Enables Attackers to Execute Malicious Commands Remotely
GBHACKERS.COM — 11 Mar 2026
πŸ›
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks
GBHACKERS.COM — 11 Mar 2026
πŸ›
CVE-2026-26017 CoreDNS ACL Bypass
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-27139 FileInfo can escape from a Root in os
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2024-14027 xattr: switch to CLASS(fd)
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2025-69650 GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2025-69651 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2025-69644 An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges
GBHACKERS.COM — 11 Mar 2026
πŸ›
Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
ISC.SANS.EDU — 11 Mar 2026
πŸ›
Critical Vulnerability in Microsoft Office Allows Malicious Code to Run Remotely
GBHACKERS.COM — 11 Mar 2026
πŸ›
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
THEHACKERNEWS.COM — 11 Mar 2026
πŸ›
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
THEHACKERNEWS.COM — 11 Mar 2026
πŸ›
PageJack in Action: CVE-2022-0995 exploit
QUARKSLAB.COM — 2026-03-11
πŸ›
Chromium: CVE-2026-3537 Object lifecycle issue in PowerVR
MSRC.MICROSOFT.COM — 11 Mar 2026
πŸ›
CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
KEVCSOONLINE.COM — 11 Mar 2026
πŸ›
Six mistakes in ERC-4337 smart accounts
TRAILOFBITS.COM — 11 Mar 2026
⚠️
Microsoft Patch Tuesday, March 2026 Edition
KREBSONSECURITY.COM — 11 Mar 2026
⚠️
Jack & Jill went up the hill β€” and an AI tried to hack them
CSOONLINE.COM — 11 Mar 2026
⚠️
Microsoft Fixes 79 Vulnerabilities in March 2026 Patch Tuesday, Mitigating Two Exploited 0-Days
GBHACKERS.COM — 11 Mar 2026
⚠️
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
HR Departments Targeted by Multi-Layered BlackSanta EDR Killer Malware
GBHACKERS.COM — 11 Mar 2026
⚠️
12 ways attackers abuse cloud services to hack your enterprise
CSOONLINE.COM — 11 Mar 2026
⚠️
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - BSW #438
YOUTUBE.COM — 2026-03-11
⚠️
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
A 5-step approach to taming shadow AI
CSOONLINE.COM — 11 Mar 2026
⚠️
Why zero trust breaks down in IoT and OT environments
CSOONLINE.COM — 11 Mar 2026
⚠️
Did cybersecurity recently have its Gatling gun moment?
CSOONLINE.COM — 11 Mar 2026
⚠️
Salesforce confirms ShinyHunters exploited Experience Cloud sites | news | SC Media
SH.ITJUST.WORKS — 11 Mar 2026
⚠️
Overly permissive β€˜guest’ settings put Salesforce customers at risk
CSOONLINE.COM — 11 Mar 2026
⚠️
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
SH.ITJUST.WORKS — 11 Mar 2026
⚠️
Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities
SECURITYWEEK.COM — 11 Mar 2026
⚠️
How to 10x Your Vulnerability Management Program in the Agentic Era
SECURITYWEEK.COM — 11 Mar 2026
⚠️
CISA: Recently patched Ivanti EPM flaw now actively exploited
KEVSH.ITJUST.WORKS — 11 Mar 2026
⚠️
What Boards Must Demand in the Age of AI-Automated Exploitation
THEHACKERNEWS.COM — 11 Mar 2026
⚠️
AWS expands Security Hub for multicloud security operations
CSOONLINE.COM — 11 Mar 2026
⚠️
UNC6426 Hackers Exploit NPM Package to Gain AWS Admin Access in 72 Hours
GBHACKERS.COM — 11 Mar 2026
⚠️
Managing Python on Servers
YOUTUBE.COM — 2026-03-11
⚠️
CISA orders feds to patch n8n RCE flaw exploited in attacks
KEVBLEEPINGCOMPUTER.COM — 11 Mar 2026
⚠️
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
BLEEPINGCOMPUTER.COM — 11 Mar 2026
⚠️
Contagious Interview: Malware delivered through fake developer job interviews
MICROSOFT.COM — 11 Mar 2026
⚠️
ResumΓ©s with malicious ISO attachments are circulating, says Aryaka
CSOONLINE.COM — 11 Mar 2026
⚠️
Risky Business #828 -- The Coruna exploits are truly exquisite
RISKY.BIZ — 11 Mar 2026
πŸ“‹
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric
SECURITYWEEK.COM — 11 Mar 2026
πŸ“’
Canada Needs Nationalized, Public AI
SCHNEIER.COM — 2026-03-11
πŸ“’
Canadian retailer Loblaw investigates data breach
SH.ITJUST.WORKS — 11 Mar 2026
πŸ“’
[Control systems] Hitachi security advisory (AV26-218)
CYBER.GC.CA — 2026-03-11
πŸ“’
VMware security advisory (AV26-221)
CYBER.GC.CA — 2026-03-11
πŸ“’
Google Chrome security advisory (AV26-220)
CYBER.GC.CA — 2026-03-11
πŸ“’
Intel security advisory (AV26-219)
CYBER.GC.CA — 2026-03-11
πŸ“’
GitLab security advisory (AV26-222)
CYBER.GC.CA — 2026-03-11
πŸ“’
HPE security advisory (AV26-224)
CYBER.GC.CA — 2026-03-11
πŸ“’
Cisco security advisory (AV26-223)
CYBER.GC.CA — 2026-03-11
πŸ“’
Drupal security advisory (AV26-225)
CYBER.GC.CA — 2026-03-11
πŸ“’
JetBrains security advisory (AV26-226)
CYBER.GC.CA — 2026-03-11
πŸ”₯
Trojanized Red Alert App Targets Israeli Users in SMS Scam to Steal Sensitive Data
GBHACKERS.COM — 11 Mar 2026
πŸ”₯
β€˜BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload
SECURITYWEEK.COM — 11 Mar 2026
πŸ”₯
Michelin Confirms Data Breach Linked to Oracle EBS Attack
SECURITYWEEK.COM — 11 Mar 2026
πŸ”₯
238,000 Impacted by Bell Ambulance Data Breach
SECURITYWEEK.COM — 11 Mar 2026
πŸ”₯
Hacker broke into FBI and compromised Epstein files, report says
TECHCRUNCH.COM — 11 Mar 2026
πŸ”₯
New PhantomRaven NPM attack wave steals dev data via 88 packages
BLEEPINGCOMPUTER.COM — 11 Mar 2026
πŸ”₯
Ransomware Attacks Surge by 50% Even as Payments Drop
KNOWBE4.COM — 11 Mar 2026
πŸ”₯
Cork Stryker plants hit by suspected global Iranian-linked cyberattack | Cork Beo
SH.ITJUST.WORKS — 11 Mar 2026
πŸ”₯
AI Agent Hacks McKinsey
INFOSEC.PUB — 11 Mar 2026
πŸ•΅οΈ
ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
ISC.SANS.EDU — 11 Mar 2026
πŸ•΅οΈ
PhantomRaven Malware Resurfaces, Targets npm Supply Chain to Steal Developer Secrets
GBHACKERS.COM — 11 Mar 2026
πŸ•΅οΈ
What are You Working on Wednesday
INFOSEC.PUB — 11 Mar 2026
πŸ•΅οΈ
BeatBanker Trojan Spreads via Phishing, Deploys Crypto Miner and RAT on Targeted Devices
GBHACKERS.COM — 11 Mar 2026
πŸ•΅οΈ
Google Warns of AI‑Driven Adaptive Malware Rewriting Its Own Code
GBHACKERS.COM — 11 Mar 2026
πŸ•΅οΈ
Quantro Security Emerges From Stealth With $2.5 Million in Funding
SECURITYWEEK.COM — 11 Mar 2026
πŸ•΅οΈ
Instagram Down: Global Outage Prevents Users from Posting and Messaging
GBHACKERS.COM — 11 Mar 2026
πŸ•΅οΈ
UK plans to shift fraud fight onto telecoms, tech companies | The Record from Recorded Future News
SH.ITJUST.WORKS — 11 Mar 2026
πŸ•΅οΈ
OpenAI to Acquire AI Security Startup Promptfoo
SECURITYWEEK.COM — 11 Mar 2026
πŸ•΅οΈ
Scanner Raises $22 Million for AI-Powered Threat Hunting
SECURITYWEEK.COM — 11 Mar 2026
πŸ•΅οΈ
New 'Zombie ZIP' technique lets malware slip past security tools
SH.ITJUST.WORKS — 11 Mar 2026
πŸ•΅οΈ
CISO Conversations: Aimee Cardwell
SECURITYWEEK.COM — 11 Mar 2026
πŸ•΅οΈ
Balancing LLMs and SLMs for Data Security
YOUTUBE.COM — 2026-03-11
πŸ•΅οΈ
Teen crew caught selling DDoS attack tools - Help Net Security
SH.ITJUST.WORKS — 11 Mar 2026
πŸ•΅οΈ
Wiz Joins Google Cloud as Landmark Acquisition Closes
SECURITYWEEK.COM — 11 Mar 2026
πŸ•΅οΈ
Asus routers hijacked to power dangerous cybercrime proxy network
SH.ITJUST.WORKS — 11 Mar 2026
πŸ•΅οΈ
MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack
SECURITYWEEK.COM — 11 Mar 2026
πŸ•΅οΈ
Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command
SECURITYWEEK.COM — 11 Mar 2026
πŸ•΅οΈ
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
SH.ITJUST.WORKS — 11 Mar 2026
πŸ•΅οΈ
New β€˜BlackSanta’ EDR killer spotted targeting HR departments
SH.ITJUST.WORKS — 11 Mar 2026
πŸ•΅οΈ
News alert: Qevlar AI raises $30M to turn security alerts into actionable defense insights across SOCs
LASTWATCHDOG.COM — 11 Mar 2026
πŸ•΅οΈ
CISO Tenure Has Doubled
YOUTUBE.COM — 2026-03-11
🌐
BeatBanker and BTMOB trojans: infection techniques and how to stay safe | Kaspersky official blog
KASPERSKY.COM — 11 Mar 2026
🌐
Medtech giant Stryker offline after Iran-linked wiper malware attack
BLEEPINGCOMPUTER.COM — 11 Mar 2026
πŸ“‘
Weekly Threat Bulletin – March 11th, 2026
F5.COM — 11 Mar 2026
πŸ“‘
Google completes $32B acquisition of Wiz
TECHCRUNCH.COM — 11 Mar 2026
πŸ“‘
Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
BLEEPINGCOMPUTER.COM — 11 Mar 2026
πŸ“‘
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
THEHACKERNEWS.COM — 11 Mar 2026
πŸ“‘
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
KREBSONSECURITY.COM — 11 Mar 2026
πŸ“‘
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
THEHACKERNEWS.COM — 11 Mar 2026
πŸ“‘
Pro-Iran hacktivist group says it is behind attack on medical tech giant Stryker
TECHCRUNCH.COM — 11 Mar 2026
πŸ“‘
WhatsApp introduces parent-managed accounts for pre-teens
BLEEPINGCOMPUTER.COM — 11 Mar 2026
πŸ“‘
AI Security for Apps is now generally available
CLOUDFLARE.COM — 11 Mar 2026