← Latest brief

Security news.

·Morning Brief

Today's security news highlights critical vulnerabilities, active exploitation by ransomware groups, and significant data breaches. CISA has added multiple actively exploited flaws to its KEV catalog, urging federal agencies and other organizations to patch immediately.

BLEEPINGZERO-DAY
Mar 18READ

Ransomware gang exploits Cisco zero-day since January

The Interlock ransomware gang has been actively exploiting a critical remote code execution (RCE) vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) software since late January.

CISAKEV
Mar 18READ

CISA adds Zimbra XSS flaw to KEV catalog

CISA has added a cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite (ZCS), CVE-2025-66376, to its Known Exploited Vulnerabilities Catalog, ordering federal agencies to patch it due to active exploitation.

CISAKEV
Mar 18READ

CISA adds Microsoft SharePoint flaw to KEV catalog

A Microsoft SharePoint deserialization of untrusted data vulnerability, CVE-2026-20963, has been added to CISA's KEV Catalog, indicating active exploitation.

BLEEPINGBREACH
Mar 18READ

ConnectWise patches flaw allowing ScreenConnect hijacking

ConnectWise has released a patch for a cryptographic signature verification vulnerability in ScreenConnect that could lead to unauthorized access and privilege escalation.

THNRCE
Mar 18READ

Critical unpatched Telnetd flaw enables unauthenticated root RCE

Researchers have disclosed a critical unpatched vulnerability, CVE-2026-32746 (CVSS 9.8), in GNU InetUtils telnetd that allows unauthenticated remote attackers to execute arbitrary code with root privileges.

BLEEPINGBREACH
Mar 18READ

Aura confirms data breach exposing 900,000 marketing contacts

Identity protection company Aura has confirmed a data breach affecting nearly 900,000 customer records, exposing names and email addresses.

BLEEPINGRANSOMWARE
Mar 18READ

Marquis ransomware gang stole data of 672K people

Financial services provider Marquis disclosed that a ransomware attack in August 2025 compromised the data of over 670,000 individuals and disrupted operations at 74 U.S. banks.

SECURITYWEEKNATION-STATE
Mar 18READ

‘DarkSword’ iOS Exploit Kit used by state-sponsored hackers

A sophisticated iOS exploit kit named 'DarkSword,' targeting six iOS vulnerabilities for full device compromise, is being used by state-sponsored hackers and spyware vendors for surveillance.

Generated twice daily from public security RSS feeds. Informational only.