Cybersecurity News | Daily Recap [10 Mar 2026]

Vulnerabilities & CISA Alerts

• CISA added multiple high‑severity flaws to its Known Exploited Vulnerabilities catalog, warning that the recently patched Ivanti Endpoint Manager bug CVE-2026-1603 is being actively exploited and noting over 700 Internet‑facing EPM instances while ordering federal patching deadlines. – Ivanti EPM, CISA Alerts
• A critical Nginx UI flaw CVE-2026-27944 lets unauthenticated attackers download server backups and obtain encryption keys via the /api/backup endpoint and is fixed in 2.3.3. – Nginx UI

APT Campaigns & Malware

• China‑nexus actors rapidly pivoted to regional tensions, deploying a PlugX variant and a Rust-based loader against Qatar, while another China‑linked group (UAT‑9244) has targeted South American telecoms using implants like PeerTime, TernDoor and BruteEntry. – PlugX Campaign, UAT-9244
• Iran‑nexus operators (Seedworm and Dust Specter) escalated espionage using a newly documented Dindoor backdoor, custom .NET droppers, social‑engineering lures, and AI‑assisted malware development against U.S. and Iraqi targets. – Seedworm Dindoor, Dust Specter
• North Korea‑linked UNC4899 breached a crypto firm after social engineering a developer via AirDrop, then abused DevOps workflows, Kubernetes and Cloud SQL to steal millions. – UNC4899 Breach
• Multiple delivery and loader trends surfaced: a malicious npm package deploys the GhostLoader RAT to steal macOS credentials, Linux clipboard hijacker ClipXDaemon replaces crypto addresses, Microsoft Teams phishing is linked to an A0Backdoor, and ClickFix campaigns are now using Windows Terminal to deliver Lumma Stealer. – GhostLoader npm, ClipXDaemon, Teams Phish, ClickFix Attack

Cloud & Infrastructure

• Google warns attackers increasingly exploit newly disclosed third‑party flaws to gain rapid access to cloud environments—shortening the exploitation window to days—and highlights trends like bug exploits and supply‑chain compromises (e.g., React2Shell, UNC4899). – Cloud Exploits
• Misconfigurations and third‑party incidents are driving data loss: attackers exploit Salesforce Experience Cloud /s/sfsites/aura guest settings (ShinyHunters claims), Ericsson discloses a service‑provider breach exposing employee/customer PII, and threat actors are abusing the .arpa TLD to host phishing sites. – Salesforce Aura, Ericsson Breach, .arpa Abuse
• Cylake raised $45 million to build an AI‑native security platform for organizations that cannot rely on public cloud, targeting data and operational sovereignty with GA planned for early 2027. – Cylake Raises

Phishing, Scams & Account Hijacks

• The FBI warns scammers impersonate city/county planning officials to fraudulently request permit fees via wire, P2P or crypto and urges domain verification and IC3 reporting. – FBI Phishing
• New Social Security scam emails use fake tax documents to trick victims into opening malicious files that hijack PCs. – Social Security Scam
• AI chatbots have been found recommending unlicensed offshore gambling sites and providing tips to access them, steering users toward illegal casinos with limited protections. – AI Casinos
• Dutch authorities warn Russian actors are hijacking Signal and WhatsApp accounts of officials via fake support messages, SMS PIN prompts and malicious QR/device‑linking methods. – Signal/WhatsApp Hijack
• A fake Google Meet update can abuse Windows’ ms-device-enrollment deep link to silently enroll PCs into an attacker‑controlled MDM and grant remote management without traditional malware. – Fake Meet Update

Data Breaches & Theft

• Salesforce warns attackers are scanning misconfigured Experience Cloud sites to exploit the Aura API and steal CRM data, a technique ShinyHunters claims to be using. – Salesforce Aura
• Ericsson Inc. disclosed a breach at a third‑party service provider that exposed employee and customer PII (including SSNs and driver’s licenses) from April 17–22, 2025, and is offering free identity protection. – Ericsson Breach

Policy & Leadership

• The White House released a four‑page National Cyber Strategy pledging offensive cyber operations, reduced regulation, federal network hardening and incentives for the private sector while promising to “impose costs” on bad actors. – US Cyber Strategy
• An executive order proposes a whole‑of‑government effort against transnational scam centers and a Victim Restoration Program to return seized funds, backed by a 120‑day agency action plan. – Victim Restoration
• Senate cloture advances Army Lt. Gen. Joshua Rudd toward confirmation to lead U.S. Cyber Command and the NSA, despite objections over signals‑intelligence experience. – Rudd Nomination
• The Kids Internet and Digital Safety Act advanced in House committee hearings as lawmakers push for stronger child online protections, though critics warn of loopholes and preemption concerns. – Kids Safety Act
• Nasscom urged vigilance as firms prepare for operational and security impacts from the West Asia conflict. – Nasscom Advisory

Business & Market

• Cyber M&A activity remains brisk with 42 deals announced in February 2026, signaling ongoing consolidation and investment in security technologies. – M&A Roundup

Advice & Analysis

• CISO Hannah Suarez argues cyber risk management must be business‑facing, with clear cloud ownership, business‑driven framework prioritization, and urgent supply‑chain risk attention to enable secure growth. – CISO Advice
• Password audits often miss what attackers really want—reused/breached credentials, orphaned and service accounts—and should add breached‑password screening, risk‑based prioritization and continuous monitoring. – Password Audits

Cybersecurity News | Daily Recap – hendryadrian.com