MATLOCK.CA
124Articles
8Categories
2026-03-25Date
๐Ÿšจ
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33017 Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses sโ€ฆ
KEVCISA.GOV — Wed, 25 Mar 26 1
๐Ÿ›
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3549 ECH parsing heap buffer overflow
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributes
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3229 Integer Overflow in Certificate Chain Allocation
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARM
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSL
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2025-69720
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-33228 flatted: Prototype Pollution via parse()
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-4519 webbrowser.open() allows leading dashes in URLs
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP request
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing
MSRC.MICROSOFT.COM — 25 Mar 2026
๐Ÿ›
F5โ€ฏNGINX Plus & Openโ€‘Source Flaw Lets Attackers Execute Code via MP4 File
GBHACKERS.COM — 25 Mar 2026
๐Ÿ›
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
GBHACKERS.COM — 25 Mar 2026
๐Ÿ›
Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service
CSOONLINE.COM — 25 Mar 2026
๐Ÿ›
New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert
CSOONLINE.COM — 25 Mar 2026
๐Ÿ›
Security for AI: A guide to managing the risks of vibe coding and AI in software development
TENABLE.COM — 25 Mar 2026
โš ๏ธ
Aqua Securityโ€™s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
GBHACKERS.COM — 25 Mar 2026
โš ๏ธ
HackerOne Confirms Employee Data Stolen Following Linked Navia Hack
GBHACKERS.COM — 25 Mar 2026
โš ๏ธ
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS Hacks
GBHACKERS.COM — 25 Mar 2026
โš ๏ธ
AI is breaking traditional security models โ€” Hereโ€™s where they fail first
CSOONLINE.COM — 25 Mar 2026
โš ๏ธ
Say Easy, Do Hard - Crypto-Agility - BSW #440
YOUTUBE.COM — 2026-03-25
โš ๏ธ
6 key trends reshaping the IAM market
CSOONLINE.COM — 25 Mar 2026
โš ๏ธ
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
GBHACKERS.COM — 25 Mar 2026
โš ๏ธ
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
GBHACKERS.COM — 25 Mar 2026
โš ๏ธ
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
CSOONLINE.COM — 25 Mar 2026
โš ๏ธ
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
SH.ITJUST.WORKS — 25 Mar 2026
โš ๏ธ
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
CSOONLINE.COM — 25 Mar 2026
โš ๏ธ
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
THEHACKERNEWS.COM — 25 Mar 2026
โš ๏ธ
VulnMCP 1.0.0 released
INFOSEC.PUB — 25 Mar 2026
โš ๏ธ
Security for the Quantum Era: Implementing Post-Quantum Cryptography in Android
SECURITY.GOOGLEBLOG.COM — 2026-03-25
โš ๏ธ
Citrix urges admins to patch NetScaler flaws as soon as possible
BLEEPINGCOMPUTER.COM — 25 Mar 2026
โš ๏ธ
Trojanization of Trivy, Checkmarx, and LiteLLM solutions | Kaspersky official blog
KASPERSKY.COM — 25 Mar 2026
โš ๏ธ
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
THEHACKERNEWS.COM — 25 Mar 2026
โš ๏ธ
Matrix forensic toolset for tracing membership events
SH.ITJUST.WORKS — 25 Mar 2026
โš ๏ธ
Why Your Human Risk Management Strategy Canโ€™t Ignore AI
KNOWBE4.COM — 25 Mar 2026
โš ๏ธ
Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
ISC.SANS.EDU — 25 Mar 2026
โš ๏ธ
PolyShell attacks target 56% of all vulnerable Magento stores
BLEEPINGCOMPUTER.COM — 25 Mar 2026
โš ๏ธ
GitHub adds AI-powered bug detection to expand security coverage
BLEEPINGCOMPUTER.COM — 25 Mar 2026
โš ๏ธ
ClickFix Campaigns Targeting Windows and macOS
RECORDEDFUTURE.COM — 25 Mar 2026
โš ๏ธ
Try our new dimensional analysis Claude plugin
TRAILOFBITS.COM — 25 Mar 2026
โš ๏ธ
Risky Business #830 -- LiteLLM and security scanner supply chains compromised
RISKY.BIZ — 25 Mar 2026
๐Ÿ“ข
Sen. Wyden Warns of Another Section 702 Abuse
SCHNEIER.COM — 2026-03-25
๐Ÿ“ข
Dutch Finance Ministry probing cyber breach affecting internal systems | The Record from Recorded Future News
SH.ITJUST.WORKS — 25 Mar 2026
๐Ÿ“ข
Nodejs security advisory (AV26-277)
CYBER.GC.CA — 2026-03-25
๐Ÿ“ข
GitLab security advisory (AV26-276)
CYBER.GC.CA — 2026-03-25
๐Ÿ“ข
n8n security advisory (AV26-278)
CYBER.GC.CA — 2026-03-25
๐Ÿ“ข
Russia arrests alleged owner of cybercrime forum LeakBase, report says
TECHCRUNCH.COM — 25 Mar 2026
๐Ÿ“ข
ISC BIND security advisory (AV26-280)
CYBER.GC.CA — 2026-03-25
๐Ÿ“ข
Hitachi security advisory (AV26-279)
CYBER.GC.CA — 2026-03-25
๐Ÿ“ข
Cisco security advisory (AV26-281)
CYBER.GC.CA — 2026-03-25
๐Ÿ“ข
Convicted spyware chief hints that Greeceโ€™s government was behind dozens of phone hacks
TECHCRUNCH.COM — 25 Mar 2026
๐Ÿ”ฅ
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
GBHACKERS.COM — 25 Mar 2026
๐Ÿ”ฅ
HackerOne Employee Data Exposed in Massive Navia Breach
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ”ฅ
Manager of botnet used in ransomware attacks gets 2 years in prison
BLEEPINGCOMPUTER.COM — 25 Mar 2026
๐Ÿ”ฅ
New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours
GBHACKERS.COM — 25 Mar 2026
๐Ÿ”ฅ
US Prisons Russian Access Broker for Aiding Ransomware Attacks
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ”ฅ
SmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RAT
GBHACKERS.COM — 25 Mar 2026
๐Ÿ”ฅ
Linux Ransomware Pay2Key Targets Servers, Virtualization Hosts, and Cloud Workloads
GBHACKERS.COM — 25 Mar 2026
๐Ÿ”ฅ
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ”ฅ
3.1 Million Impacted by QualDerm Data Breach - SecurityWeek
SH.ITJUST.WORKS — 25 Mar 2026
๐Ÿ”ฅ
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
THEHACKERNEWS.COM — 25 Mar 2026
๐Ÿ”ฅ
When Encryption Suddenly Fails
YOUTUBE.COM — 2026-03-25
๐Ÿ”ฅ
Identity security is the new pressure point for modern cyberattacks
MICROSOFT.COM — 25 Mar 2026
๐Ÿ”ฅ
Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach
TRENDMICRO.COM — 25 Mar 2026
๐Ÿ”ฅ
Anatomy of a Cyber World Global Report 2026
SECURELIST.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
MICROSOFT.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)
ISC.SANS.EDU — 25 Mar 2026
๐Ÿ•ต๏ธ
RSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"
CYBERSECURITYTODAY.LIBSYN.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Google Authenticatorโ€™s Hidden Passkey Design May Expose New Passwordless Attack Vectors
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
FCC Blocks New Foreign Consumer Router Models Citing Serious Security Risks
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Kali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration Testers
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
AI-Driven โ€˜OpenClaw Trapโ€™ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
SH.ITJUST.WORKS — 25 Mar 2026
๐Ÿ•ต๏ธ
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities - Infosecurity Magazine
SH.ITJUST.WORKS — 25 Mar 2026
๐Ÿ•ต๏ธ
Mozilla Releases Firefoxโ€ฏ149.0 With Free Builtโ€‘In VPN Offering 50โ€ฏGB Monthly Data
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
RSAC 2026 Conference Announcements Summary (Day 2)
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Mirai Botnets Evolve Into Major DDoS and Proxy Abuse Threats
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
FCC Bans New Routers Made Outside the US Over National Security Risks
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Obfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT Payloads
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
iOS, macOS 26.4 Roll Out With Fresh Security Patches
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
China-Backed Hackers Target Southeast Asian Military Systems in Ongoing Spy Campaign
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
What are You Working on Wednesday
INFOSEC.PUB — 25 Mar 2026
๐Ÿ•ต๏ธ
AI Speeds Attacks, But Identity Remains Cybersecurityโ€™s Weakest Link
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Russian Cybercriminal Gets 2-Year Prison Sentence in US
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
THEHACKERNEWS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security Dominates
GBHACKERS.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
MY YAKE: A decade of cyber collaboration, built under Obama, is now hostage to a political grudge
LASTWATCHDOG.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
Onit Security Raises $11 Million for Exposure Management Platform
SECURITYWEEK.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
AI Expands the Scam Target Pool
YOUTUBE.COM — 2026-03-25
๐Ÿ•ต๏ธ
Bubble AI app builder abused to steal Microsoft account credentials
BLEEPINGCOMPUTER.COM — 25 Mar 2026
๐Ÿ•ต๏ธ
You Donโ€™t Know Your Assets
YOUTUBE.COM — 2026-03-25
๐ŸŒ
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
THEHACKERNEWS.COM — 25 Mar 2026
๐ŸŒ
Paid AI Accounts Are Now a Hot Underground Commodity
BLEEPINGCOMPUTER.COM — 25 Mar 2026
๐ŸŒ
New Torg Grabber infostealer malware targets 728 crypto wallets
BLEEPINGCOMPUTER.COM — 25 Mar 2026
๐Ÿ“ก
Weekly Threat Bulletin โ€“ March 25th, 2026
F5.COM — 25 Mar 2026
๐Ÿ“ก
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
ISC.SANS.EDU — 25 Mar 2026
๐Ÿ“ก
How one man used 10,000 bots to steal $8,000,000 from music artists
BITDEFENDER.COM — 25 Mar 2026
๐Ÿ“ก
TP-Link warns users to patch critical router auth bypass flaw
BLEEPINGCOMPUTER.COM — 25 Mar 2026
๐Ÿ“ก
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
THEHACKERNEWS.COM — 25 Mar 2026
๐Ÿ“ก
Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
BLEEPINGCOMPUTER.COM — 25 Mar 2026
๐Ÿ“ก
Joint guidance on securing space and cyber security for low earth orbit satellite communications
CYBER.GC.CA — 2026-03-25
๐Ÿ“ก
Virtual machines, virtually everywhere โ€“ and with real security gaps
WELIVESECURITY.COM — 25 Mar 2026
๐Ÿ“ก
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem
CROWDSTRIKE.COM — Mar 25, 2026 00:
๐Ÿ“ก
5 Ways To Protect Enterprise Value During A Merger Or Acquisition
PROOFPOINT.COM — 25 Mar 2026