Security news.
Today's security landscape is dominated by critical vulnerabilities and sophisticated supply chain attacks. Oracle has released an emergency patch for a critical Identity Manager RCE flaw, while the Trivy vulnerability scanner suffered a second supply chain compromise distributing infostealers and a self-propagating worm.
Oracle Emergency Patch for Critical Identity Manager RCE
Oracle has released an emergency patch for CVE-2026-21992, a critical vulnerability in Identity Manager that allows unauthenticated remote code execution and may be actively exploited.
VoidStealer Malware Bypasses Chrome ABE
VoidStealer, an information stealer, is using a novel debugger trick to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting browser data.
Trivy Scanner Compromised, Distributed Infostealer
The Trivy vulnerability scanner was hit by a supply-chain attack by TeamPCP, distributing credential-stealing malware through official releases and GitHub Actions, with follow-on attacks spreading a new worm dubbed CanisterWorm.
FBI Warns of Russian Phishing on Signal, WhatsApp
The FBI and CISA have warned that Russian intelligence-linked actors are conducting phishing campaigns targeting commercial messaging apps like Signal and WhatsApp to compromise accounts of high-value individuals.
Critical Quest KACE Vulnerability Exploited
A critical vulnerability, CVE-2025-32975, in Quest KACE products is potentially being exploited in attacks, particularly against the education sector.
CISA Adds Apple, Craft CMS, Laravel Bugs to KEV Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including flaws in Apple, Craft CMS, and Laravel Livewire, urging federal agencies to patch by April 3, 2026.
Azure Monitor Alerts Abused for Callback Phishing
Threat actors are abusing Microsoft Azure Monitor alerts to send callback phishing emails, impersonating Microsoft Security Team warnings about unauthorized account charges.
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
U.S., Canadian, and German authorities have dismantled the infrastructure of four IoT botnets (Aisuru, Kimwolf, JackSkid, and Mossad) responsible for compromising over three million devices and launching massive DDoS attacks.