security

SmartApeSG campaign uses ClickFix page to push Remcos RAT https://isc.sans.edu/diary/SmartApeSG%20campaign%20uses%20ClickFix%20page%20to%20push%20Remcos%20RAT/32796 A React-based phishing page with credential exfiltration via EmailJS https://isc.sans.edu/diary/32794 Google Chrome announced two zero-day fixes, then removed one. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html AdGuard Vulnerability https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.73

The excitement around Cisco’s latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked potential hazards.

When your IoT Device Logs in as Admin, It s too Late! https://isc.sans.edu/diary/When%20your%20IoT%20Device%20Logs%20in%20as%20Admin%2C%20It%3Fs%20too%20Late!%20%5BGuest%20Diary%5D/32788 Apple Patches https://support.apple.com/en-us/100100 Veeam Patches https://www.veeam.com/kb4830

Analyzing „Zombie Zip“ Files (CVE-2026-0866) https://isc.sans.edu/diary/Analyzing%20%22Zombie%20Zip%22%20Files%20%28CVE-2026-0866%29/32786 How „Strengthening Crypto“ Broke Authentication: FreshRSS and bcrypt’s 72-Byte Limit https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at […]

Microsoft Patch Tuesday, March 2026 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20March%202026/32782 Fortinet Updates https://fortiguard.fortinet.com/psirt Adobe Updates https://helpx.adobe.com/security.html Zoom Update https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0061222

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing „zero-day“ flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this […]

Encrypted Client Hello: Ready for Prime Time? https://isc.sans.edu/diary/Encrypted%20Client%20Hello%3A%20Ready%20for%20Prime%20Time%3F/32778 The ExifTool vulnerability: how an image can infect macOS systems https://www.kaspersky.com/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/55362/ Remote code execution in Nextcloud Flow via vulnerable Windmill version https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g7vj-98×3-qvjf

YARA-X 1.14.0 Release https://isc.sans.edu/diary/YARA-X%201.14.0%20Release/32774 INTERPLAY BETWEEN IRANIAN TARGETING OF IP CAMERAS AND PHYSICAL WARFARE IN THE MIDDLE EAST https://research.checkpoint.com/2026/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east/ Announcing the Node.js LTS Upgrade and Modernization Program https://openjsf.org/blog/nodejs-lts-upgrade-program nginx UI Vulnerability https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-g9w5-qffc-6762

AI-based assistants or „agents“ — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting […]