← Latest brief

Security news.

·Morning Brief

Today's security news is dominated by Microsoft's March Patch Tuesday, addressing numerous vulnerabilities including two zero-days. Additionally, new threats targeting developers and HR departments have emerged, alongside critical advisories for industrial control systems and IoT devices.

THNEXPLOIT
Mar 11READ

Malicious Rust Crates Exploit CI/CD Pipelines

Five malicious Rust crates, masquerading as time-related utilities, were found on crates.io to steal .env file data from developers.

KREBSPATCH
Mar 11READ

Microsoft March 2026 Patch Tuesday Addresses 77+ Vulnerabilities

Microsoft released security updates for at least 77 vulnerabilities in Windows and other software, including two publicly disclosed zero-day flaws.

BLEEPING
Mar 10READ

New 'BlackSanta' EDR Killer Targets HR Departments

A Russian-speaking threat actor has been deploying new EDR-killing malware named BlackSanta against human resource departments for over a year.

THNBREACH
Mar 10READ

FortiGate Devices Exploited for Network Breaches

Threat actors are abusing FortiGate Next-Generation Firewall appliances, exploiting vulnerabilities or weak credentials to gain entry and steal service account credentials.

CISAKEV
Mar 9READ

CISA Adds Three Known Exploited Vulnerabilities to KEV Catalog

CISA has added CVE-2021-22054 (Omnissa Workspace ONE), CVE-2025-26399 (SolarWinds Web Help Desk), and CVE-2026-1603 (Ivanti Endpoint Manager) to its KEV Catalog due to active exploitation.

THNVULN
Mar 10READ

"LeakyLooker" Flaws in Google Looker Studio Disclosed

Nine cross-tenant vulnerabilities, collectively named LeakyLooker, in Google Looker Studio could have allowed attackers to run arbitrary SQL queries and exfiltrate sensitive data.

BLEEPING
Mar 10READ

New 'Zombie ZIP' Technique Evades Security Tools

A novel "Zombie ZIP" technique allows malware to conceal payloads in specially crafted compressed files, bypassing detection by antivirus and EDR solutions.

CISAADVISORY
Mar 10READ

CISA Advisories for ICS/IoT Devices

CISA has released advisories for vulnerabilities in Apeman Cameras, Lantronix EDS3000PS/EDS5000, Honeywell IQ4x BMS Controller, and Ceragon Siklu MultiHaul/EtherHaul Series, some allowing remote control or code execution.

Generated twice daily from public security RSS feeds. Informational only.