Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [27 Mar 2026]

admin
Cybersecurity News | Daily Recap [27 Mar 2026]
Daily Recap, critical flaws in PTC Windchill/FlexPLM are being exploited or mitigated, with mitigations available but no patch yet and German authorities mobilized, while Langflow’s code-injection flaw (CVE-2026-33017) is being actively exploited for unauthenticated RCE and requires upgrading to 1.9.0 or disabling the endpoint. Breaches and espionage actions span energy-sector ransomware campaigns by FrostyGoop, RansomHub and Zerosevengroup; Bearlyfy’s GenieLocker deployments against Russian firms; Nova Scotia Power data exposure after SocGholish intrusion; and state-linked activity around Red Menshen, Nasir Security, RedLine, Xinbi, plus enforcement moves such as Apple’s age-verification push and Snapchat’s DSA probe. #PTCWindchill #Langflow #Claude #ShadowPrompt #GenieLocker #Bearlyfy #NovaScotiaPower #RedMenshen #NasirSecurity #RedLine #Xinbi #TikTokForBusiness #Snapchat #SocGholish

Vulnerabilities & Patches

  • CISA warned of a critical deserialization flaw in PTC Windchill/FlexPLM (allowing unauthenticated RCE) with mitigations available but no patch yet and German authorities mobilized – PTC Flaw
  • A critical code-injection bug in Langflow (CVE-2026-33017) is being actively exploited for unauthenticated RCE; upgrade to 1.9.0 or disable the endpoint – Langflow Flaw
  • ShadowPrompt” in Anthropic’s Claude Chrome extension allowed zero-click XSS prompt injection and token access; Anthropic and Arkose Labs have patched the flaws – Claude Flaw
  • Node.js released security updates across 20/22/24/25 lines fixing multiple issues including an incomplete fix for CVE-2026-21637 that could allow remote DoS via TLS SNICallback exceptions – Node.js Fixes
  • BIND issued updates addressing several high-severity vulnerabilities—admins should apply vendor fixes promptly – BIND Patches

Breaches & Ransomware

  • Ransomware against the global energy sector surged in 2025 with 187 confirmed incidents causing encryption, data theft, operational disruption and multimillion-dollar losses; groups include FrostyGoop, RansomHub and ZerosevengroupEnergy Ransomware
  • Pro‑Ukraine group Bearlyfy has hit more than 70 Russian firms since 2025 and deployed proprietary Windows ransomware GenieLocker, escalating extortion and sabotage (research coverage) – Bearlyfy Campaign, Bearlyfy Campaign
  • Nova Scotia Power breach exposed data for over 900,000 current and former customers (including driver’s licenses and SINs) after a SocGholish infection led to lateral movement, exfiltration and ransomware – Nova Scotia Breach
  • Hightower Holding confirmed a data breach impacting approximately 130,000 individuals – Hightower Breach
  • AFC Ajax hack exposed fan emails and personal details and allowed ticket hijack via exposed APIs and shared keys, enabling VIP/season-ticket transfers – Ajax Hack
  • The Dutch National Police disclosed a limited-impact phishing breach that was detected and blocked by the SOC; a criminal investigation is ongoing – Dutch Phishing
  • Attackers are phishing TikTok for Business accounts using Cloudflare Turnstile and Google Storage pages to steal credentials and session cookies, enabling account takeover even with 2FA – TikTok Phish

Espionage & State-Linked Ops

  • China-linked Red Menshen deployed stealthy BPFDoor implants to spy via telecom networks, enabling long-term covert access – Red Menshen
  • Researchers found Chinese hackers embedded deep within global telecom backbone infrastructure, raising risk to network integrity and intercept capabilities – Telecom Intrusion
  • Nasir Security, likely Iranian-aligned, is conducting supply-chain intrusions and psychological operations against vendors supporting Middle East energy firms to amplify perceived impact and harvest infrastructure documents – Nasir Campaign

Prosecutions, Sanctions & Illicit Markets

  • Alleged RedLine developer Hambardzum Minasyan was extradited to the US and faces up to 30 years after accusations of running infostealer infrastructure and laundering proceeds – RedLine Extradited
  • The UK sanctioned Telegram marketplace Xinbi and linked compounds to disrupt data trading, satellite-equipment sales and crypto laundering used by Asian scam centres – Xinbi Sanction
  • A US official accused China of implicitly supporting large scam compounds in Southeast Asia and commingling proceeds with state-linked projects, warning it costs Americans billions annually – China Scam Claims
  • Three individuals were charged for attempting to smuggle “America-made” AI technology reportedly worth $170M—authorities are prosecuting illicit tech exports – AI Tech Smuggling

Policy & Platform Enforcement

  • Apple will require UK iPhone/iPad users to verify they are adults before accessing certain services and 18+ apps in iOS 26.4, using account data, linked credit cards or government IDs to comply with Ofcom and the ICOApple Age-Checks
  • The European Commission opened a DSA child-protection probe into Snapchat over age assurance, defaults and moderation, with potential remedies or fines up to 6% of global turnover – Snapchat DSA

Updates & Events

  • Microsoft previewed Windows 11 update KB5079391 adding a Smart App Control toggle without reinstall, support for >1000 Hz refresh rates, native USB4 monitors and various stability fixes – Windows Update
  • Webinar “Exposure‑Driven Resilience” demonstrates automating continuous, attacker-driven testing of defenses with live demos to validate detection and response – Validate Defenses

Cybersecurity News | Daily Recap – hendryadrian.com