Security news.
Today's security news is dominated by Microsoft's March Patch Tuesday, addressing numerous vulnerabilities including two zero-days. Additionally, new threats targeting developers and HR departments have emerged, alongside critical advisories for industrial control systems and IoT devices.
Malicious Rust Crates Exploit CI/CD Pipelines
Five malicious Rust crates, masquerading as time-related utilities, were found on crates.io to steal .env file data from developers.
Microsoft March 2026 Patch Tuesday Addresses 77+ Vulnerabilities
Microsoft released security updates for at least 77 vulnerabilities in Windows and other software, including two publicly disclosed zero-day flaws.
New 'BlackSanta' EDR Killer Targets HR Departments
A Russian-speaking threat actor has been deploying new EDR-killing malware named BlackSanta against human resource departments for over a year.
FortiGate Devices Exploited for Network Breaches
Threat actors are abusing FortiGate Next-Generation Firewall appliances, exploiting vulnerabilities or weak credentials to gain entry and steal service account credentials.
CISA Adds Three Known Exploited Vulnerabilities to KEV Catalog
CISA has added CVE-2021-22054 (Omnissa Workspace ONE), CVE-2025-26399 (SolarWinds Web Help Desk), and CVE-2026-1603 (Ivanti Endpoint Manager) to its KEV Catalog due to active exploitation.
"LeakyLooker" Flaws in Google Looker Studio Disclosed
Nine cross-tenant vulnerabilities, collectively named LeakyLooker, in Google Looker Studio could have allowed attackers to run arbitrary SQL queries and exfiltrate sensitive data.
New 'Zombie ZIP' Technique Evades Security Tools
A novel "Zombie ZIP" technique allows malware to conceal payloads in specially crafted compressed files, bypassing detection by antivirus and EDR solutions.
CISA Advisories for ICS/IoT Devices
CISA has released advisories for vulnerabilities in Apeman Cameras, Lantronix EDS3000PS/EDS5000, Honeywell IQ4x BMS Controller, and Ceragon Siklu MultiHaul/EtherHaul Series, some allowing remote control or code execution.