🐛 COMMON VULNERABILITIES AND EXPOSURES 17[−]
21 MarCritical Quest KACE Vulnerability Potentially Exploited in AttacksThe vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector. The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
21 MarOracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity ManagerOracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.…THEHACKERNEWS.COM
21 Mar KEVCISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities …THEHACKERNEWS.COM
21 MarCVE-2026-23204 net/sched: cls_u32: use skb_header_pointer_careful()Information published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labelsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elementsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertionInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23276 net: add xmit recursion limit to tunnel xmit functionsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type headerInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnamesInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3479 pkgutil.get_data() does not enforce documented restrictionsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validationInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23277 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmitInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23271 perf: Fix __perf_event_overflow() vs perf_remove_from_context() raceInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extractionInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injectionInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-30922 pyasn1 Vulnerable to Denial of Service via Unbounded RecursionInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
21 MarThe Fundamental Mistake in Cybersecurity Risk ManagementCybersecurity Isn't Managing Risk—It's Managing Threats... And That's the Problem Host David Shipley speaks with Jeff Gardiner, a former university CISO and now at Morgan Stanley, about Gardiner's doctoral research arguing that cybersecurity has structurally misclassified "risk m…CYBERSECURITYTODAY.LIBSYN.COM
21 MarTrivy vulnerability scanner breach pushed infostealer via GitHub ActionsThe Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. [...]BLEEPINGCOMPUTER.COM
21 MarTrivy vulnerability scanner backdoored with credential stealer in supply chain attackAttackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows. The breach could trigger a cascade of additional supply-chain compromises if i…CSOONLINE.COM
21 MarLinux Telnet Vulnerability ExposedCVE 2026.32746 is a newly disclosed Linux vulnerability affecting all major distributions via common libraries like iNet utils. Despite being linked to Telnet, often dismissed as obsolete, this flaw poses a wide-reaching threat, including to AI and MCP servers that still rely on …YOUTUBE.COM
📢 SECURITY ADVISORIES 2[−]
21 MarFBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing AttacksThreat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity…THEHACKERNEWS.COM
21 MarTrivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm PackagesThe threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The na…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 1[−]
21 MarAre nations ready to be the cybersecurity insurers of last resort?A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a £1.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (…CSOONLINE.COM
🕵️ THREAT INTELLIGENCE 1[−]
21 MarMY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is runningSAN FRANCISCO — RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, myself among them, filing in to take stock of an industry under acute pressure. Related: RSAC 2026’s full agenda … …LASTWATCHDOG.COM
📡 INFOSEC NEWS 2[−]
21 MarGoogle adds ‘Advanced Flow’ for safe APK sideloading on AndroidGoogle has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a more secure way. [...]BLEEPINGCOMPUTER.COM
21 MarMicrosoft Azure Monitor alerts abused for callback phishing attacksMicrosoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. [...]BLEEPINGCOMPUTER.COM