MATLOCK.CA
158Articles
9Categories
2026-03-31Date
🚨
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wildA vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware…
KEVCSOONLINE.COM — 31 Mar 2026
πŸ›
AL26-006 - Vulnerability impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2026-3055
CYBER.GC.CA — 2026-03-31
πŸ›
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
KEVTHEHACKERNEWS.COM — 31 Mar 2026
πŸ›
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2025-67030
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-21712
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-34353
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid input
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
Chromium: CVE-2026-4676 Use after free in Dawn
MSRC.MICROSOFT.COM — 31 Mar 2026
πŸ›
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse
CROWDSTRIKE.COM — Mar 31, 2026 00:
πŸ›
ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 31 Mar 2026
⚠️
CISA orders feds to patch actively exploited Citrix flaw by Thursday
KEVBLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
CrewAI Vulnerabilities Expose Devices to Hacking
SECURITYWEEK.COM — 31 Mar 2026
⚠️
Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
SECURITYWEEK.COM — 31 Mar 2026
⚠️
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
SECURITYWEEK.COM — 31 Mar 2026
⚠️
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
SECURITYWEEK.COM — 31 Mar 2026
⚠️
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
The New Playground for Cybercriminals: Securing the Microsoft Teams Frontier
KNOWBE4.COM — 31 Mar 2026
⚠️
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
GBHACKERS.COM — 31 Mar 2026
⚠️
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
GBHACKERS.COM — 31 Mar 2026
⚠️
Tax Filing Scams Used to Deliver Malware in New Cybercrime Campaigns
GBHACKERS.COM — 31 Mar 2026
⚠️
CareCloud Data Breach Exposes Patient Data After Hackers Access IT Systems
GBHACKERS.COM — 31 Mar 2026
⚠️
Hacker hijacks Axios open-source project, used by millions, to push malware
TECHCRUNCH.COM — 31 Mar 2026
⚠️
Iranian hackers breach FBI director’s personal email, and post his CV and photos online
BITDEFENDER.COM — 31 Mar 2026
⚠️
VRP 2025 Year in Review
SECURITY.GOOGLEBLOG.COM — 2026-03-31
⚠️
OpenAI patches twin leaks as Codex slips and ChatGPT spills
CSOONLINE.COM — 31 Mar 2026
⚠️
8 ways to bolster your security posture on the cheap
CSOONLINE.COM — 31 Mar 2026
⚠️
The external pressures redefining cybersecurity risk
CSOONLINE.COM — 31 Mar 2026
⚠️
6 key takeaways from RSA Conference 2026
KEVCSOONLINE.COM — 31 Mar 2026
⚠️
Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Ron Rasi... - ASW #376
YOUTUBE.COM — 2026-03-31
⚠️
Vulnerability Research Is Cooked β€” Quarrelsome
INFOSEC.PUB — 31 Mar 2026
⚠️
Cybercriminals Exploit Tax Season With New Phishing Tactics - Infosecurity Magazine
SH.ITJUST.WORKS — 31 Mar 2026
⚠️
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
SH.ITJUST.WORKS — 31 Mar 2026
⚠️
Cisco source code stolen in Trivy-linked dev environment breach
BLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
Android Developer Verification Rollout Begins Ahead of September Enforcement
THEHACKERNEWS.COM — 31 Mar 2026
⚠️
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
CSOONLINE.COM — 31 Mar 2026
⚠️
Beyond the Hype: Cyber Readiness, Zero Trust, and an Unscripted Conversation - SWN #568
YOUTUBE.COM — 2026-03-31
⚠️
Claude AI finds Vim, Emacs RCE bugs that trigger on file open
BLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
Cisco source code stolen in Trivy-linked dev environment breach
SH.ITJUST.WORKS — 31 Mar 2026
⚠️
Claude Code source code accidentally leaked in NPM package
BLEEPINGCOMPUTER.COM — 31 Mar 2026
⚠️
Multiple Vulnerabilities in Apple Products Could Allow for Privilege Escalation
CISECURITY.ORG — 31 Mar 2026
⚠️
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
CLOUD.GOOGLE.COM — 31 Mar 2026
⚠️
Supply chain attack on Axios npm package: Scope, impact, and remediations
TENABLE.COM — 31 Mar 2026
⚠️
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection
TENABLE.COM — 31 Mar 2026
⚠️
How we made Trail of Bits AI-native (so far)
TRAILOFBITS.COM — 31 Mar 2026
πŸ“‹
Lloyds Data Security Incident Impacts 450,000 Individuals
SECURITYWEEK.COM — 31 Mar 2026
πŸ“’
Nokia security advisory (AV26-302)
CYBER.GC.CA — 2026-03-31
πŸ“’
Docker security advisory (AV26–301)
CYBER.GC.CA — 2026-03-31
πŸ“’
Roundcube security advisory (AV26-300)
CYBER.GC.CA — 2026-03-31
πŸ“’
Hitachi security advisory (AV26-299)
CYBER.GC.CA — 2026-03-31
πŸ“’
Red Hat security advisory (AV26-298)
CYBER.GC.CA — 2026-03-31
πŸ“’
[Control systems] CISA ICS security advisories (AV26-297)
CYBER.GC.CA — 2026-03-31
πŸ“’
Ubuntu security advisory (AV26-296)
CYBER.GC.CA — 2026-03-31
πŸ“’
Dell security advisory (AV26-295)
CYBER.GC.CA — 2026-03-31
πŸ“’
IBM security advisory (AV26-294)
CYBER.GC.CA — 2026-03-31
πŸ“’
Fortinet security advisory (AV26-096) – Update 1
CYBER.GC.CA — 2026-03-31
πŸ“’
Dutch Finance Ministry takes treasury banking portal offline after breach
BLEEPINGCOMPUTER.COM — 31 Mar 2026
πŸ“’
Windows Tools Abused to Kill AV Ahead of Ransomware Attacks
GBHACKERS.COM — 31 Mar 2026
πŸ“’
Dutch Finance Ministry Responds to Cyberattack by Taking Systems Offline
GBHACKERS.COM — 31 Mar 2026
πŸ“’
Dutch Finance Ministry takes treasury banking portal offline after breach
SH.ITJUST.WORKS — 31 Mar 2026
πŸ“’
[Control systems] ABB security advisory (AV26-303)
CYBER.GC.CA — 2026-03-31
πŸ“’
Symantec security advisory (AV26-304)
CYBER.GC.CA — 2026-03-31
πŸ“’
HPE security advisory (AV26-305)
CYBER.GC.CA — 2026-03-31
πŸ“’
New compliance guide available: ISO/IEC 27001:2022 on AWS
AWS.AMAZON.COM — 31 Mar 2026
πŸ”₯
The Next Cybersecurity Crisis Isn’t Breachesβ€”It’s Data You Can’t Trust
SECURITYWEEK.COM — 31 Mar 2026
πŸ”₯
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
SECURITYWEEK.COM — 31 Mar 2026
πŸ”₯
Weekly Update 497
TROYHUNT.COM — 31 Mar 2026
πŸ”₯
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
THEHACKERNEWS.COM — 31 Mar 2026
πŸ”₯
Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
ISC.SANS.EDU — 31 Mar 2026
πŸ”₯
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
ISC.SANS.EDU — 31 Mar 2026
πŸ”₯
WhatsApp malware campaign delivers VBScript and MSI backdoors
MICROSOFT.COM — 31 Mar 2026
πŸ”₯
Axios NPM Packages Breached in Ongoing Supply Chain Attack
GBHACKERS.COM — 31 Mar 2026
πŸ”₯
Telegram-Based ResokerRAT Adds Screenshot Capture and Persistence
GBHACKERS.COM — 31 Mar 2026
πŸ”₯
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
GBHACKERS.COM — 31 Mar 2026
πŸ”₯
Cuties AI - 144,250 breached accounts
HAVEIBEENPWNED.COM — 31 Mar 2026
πŸ”₯
Fahndung nach Cyberkriminellen – 130 Firmen attackiert
CSOONLINE.COM — 31 Mar 2026
πŸ”₯
Why ransomware is now after your data β€” and how to protect your home storage | Kaspersky official blog
KASPERSKY.COM — 31 Mar 2026
πŸ”₯
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
PROGRAMMING.DEV — 31 Mar 2026
πŸ”₯
Behind the Curtain: AI's looming cyber nightmare
SH.ITJUST.WORKS — 31 Mar 2026
πŸ”₯
Incident response
CYBER.GC.CA — 2026-03-31
πŸ”₯
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
TRENDMICRO.COM — 31 Mar 2026
πŸ•΅οΈ
Inventors of Quantum Cryptography Win Turing Award
SCHNEIER.COM — 2026-03-31
πŸ•΅οΈ
Censys Raises $70 Million for Internet Intelligence Platform
SECURITYWEEK.COM — 31 Mar 2026
πŸ•΅οΈ
Venom Stealer Raises Stakes With Continuous Credential Harvesting
SECURITYWEEK.COM — 31 Mar 2026
πŸ•΅οΈ
TeamPCP Moves From OSS to AWS Environments
SECURITYWEEK.COM — 31 Mar 2026
πŸ•΅οΈ
ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
ISC.SANS.EDU — 31 Mar 2026
πŸ•΅οΈ
The threat to critical infrastructure has changed. Has your readiness?
MICROSOFT.COM — 31 Mar 2026
πŸ•΅οΈ
Applying security fundamentals to AI: Practical advice for CISOs
MICROSOFT.COM — 31 Mar 2026
πŸ•΅οΈ
CyberheistNews Vol 16 #13 The 'Urgency Trap': Why Time Pressure is Your Biggest Email Red Flag
KNOWBE4.COM — 31 Mar 2026
πŸ•΅οΈ
World Backup Day: Because β€œIt Won’t Happen to Me” Often Means It Will
KNOWBE4.COM — 31 Mar 2026
πŸ•΅οΈ
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
GBHACKERS.COM — 31 Mar 2026
πŸ•΅οΈ
Five Browser and AI Security Questions Keeping CxOs up at Night
PALOALTONETWORKS.COM — 31 Mar 2026
πŸ•΅οΈ
Can Small LLMs Solve Security Flaws?
YOUTUBE.COM — 2026-03-31
πŸ•΅οΈ
Supply chain attack hits 300 million-download Axios npm package
INFOSEC.PUB — 31 Mar 2026
πŸ•΅οΈ
P2P WhatsApp Clone – No Setup or Signup
SH.ITJUST.WORKS — 31 Mar 2026
πŸ•΅οΈ
Healthcare tech firm CareCloud says hackers stole patient data
SH.ITJUST.WORKS — 31 Mar 2026
πŸ•΅οΈ
OpenAI ChatGPT fixes DNS data smuggling flaw β€’ The Register
SH.ITJUST.WORKS — 31 Mar 2026
πŸ•΅οΈ
Master These Tools or Potentially Get Left Behind
YOUTUBE.COM — 2026-03-31
πŸ•΅οΈ
Release Notes: Cross-PlatformΒ Threat Analysis with macOS, SSL Decryption, andΒ 1,300+ New Detections
ANY.RUN — 31 Mar 2026
🌐
EtherHiding: The trojan in your toolchain
CYBER.GC.CA — 2026-03-31
🌐
Hackers compromise Axios npm package to drop cross-platform malware
BLEEPINGCOMPUTER.COM — 31 Mar 2026
🌐
Supply chain risk management
CYBER.GC.CA — 2026-03-31
🌐
Axios Future of Cybersecurity: Russians suspected of using iPhone spyware
PROOFPOINT.COM — 31 Mar 2026
πŸ“‘
How to Categorize AI Agents and Prioritize Risk
BLEEPINGCOMPUTER.COM — 31 Mar 2026
πŸ“‘
Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
BLEEPINGCOMPUTER.COM — 31 Mar 2026
πŸ“‘
Hacker charged with stealing $53 million from Uranium crypto exchange
BLEEPINGCOMPUTER.COM — 31 Mar 2026
πŸ“‘
Health data giant CareCloud says hackers accessed patients’ medical records
TECHCRUNCH.COM — 31 Mar 2026
πŸ“‘
TrendAIβ„’ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats
TRENDMICRO.COM — 31 Mar 2026
πŸ“‘
QBDI vs TritonDSE against a VM: who will be the fastest?
QUARKSLAB.COM — 2026-03-31
πŸ“‘
Media protection
CYBER.GC.CA — 2026-03-31
πŸ“‘
Maintenance
CYBER.GC.CA — 2026-03-31
πŸ“‘
Identification and authentication
CYBER.GC.CA — 2026-03-31
πŸ“‘
Contingency planning
CYBER.GC.CA — 2026-03-31
πŸ“‘
Configuration management
CYBER.GC.CA — 2026-03-31
πŸ“‘
Assessment, authorization, and monitoring
CYBER.GC.CA — 2026-03-31
πŸ“‘
Audit and accountability
CYBER.GC.CA — 2026-03-31
πŸ“‘
Awareness and training
CYBER.GC.CA — 2026-03-31
πŸ“‘
Access control
CYBER.GC.CA — 2026-03-31
πŸ“‘
The controls and assurance activities families
CYBER.GC.CA — 2026-03-31
πŸ“‘
Concepts and structure
CYBER.GC.CA — 2026-03-31
πŸ“‘
Foreword, Overview, Introduction
CYBER.GC.CA — 2026-03-31
πŸ“‘
Security and privacy controls and assurance activities catalogue (ITSP.10.033)
CYBER.GC.CA — 2026-03-31
πŸ“‘
Cyber security and privacy risk management: A lifecycle approach
CYBER.GC.CA — 2026-03-31
πŸ“‘
System and information integrity
CYBER.GC.CA — 2026-03-31
πŸ“‘
System and communications protection
CYBER.GC.CA — 2026-03-31
πŸ“‘
System and services acquisition
CYBER.GC.CA — 2026-03-31
πŸ“‘
Risk assessment
CYBER.GC.CA — 2026-03-31
πŸ“‘
Personal information handling and transparency
CYBER.GC.CA — 2026-03-31
πŸ“‘
Personnel security
CYBER.GC.CA — 2026-03-31
πŸ“‘
Program management
CYBER.GC.CA — 2026-03-31
πŸ“‘
Planning
CYBER.GC.CA — 2026-03-31
πŸ“‘
Physical and environmental protection
CYBER.GC.CA — 2026-03-31
πŸ“‘
The Real Risk of Vibecoding
TRENDMICRO.COM — 31 Mar 2026
πŸ“‘
GIGABYTE Control Center vulnerable to arbitrary file write flaw
BLEEPINGCOMPUTER.COM — 31 Mar 2026
πŸ“‘
Proton launches new "Meet" privacy-focused conferencing platform
BLEEPINGCOMPUTER.COM — 31 Mar 2026
πŸ“‘
Google now allows you to change your @gmail.com address
BLEEPINGCOMPUTER.COM — 31 Mar 2026
πŸ“‘
This month in security with Tony Anscombe – March 2026 edition
WELIVESECURITY.COM — 31 Mar 2026
πŸ“‘
AWS Security Agent on-demand penetration testing now generally available
AWS.AMAZON.COM — 31 Mar 2026
πŸ“‘
Fake Installers to Monero: A Multi-Tool Mining Operation
ELASTIC.CO — 31 Mar 2026