Cybersecurity News | Daily Recap [11 Mar 2026]

hendryadrian.com

hendryadrian.com

Patching & Vulnerabilities

• Microsoft released March Patch Tuesday addressing 79–84 vulnerabilities including two zero-days (CVE-2026-26127, CVE-2026-21262) across SQL Server, .NET, Office, Azure and Windows with hotpatch options — MS Patch Tue, MS 84 Fixes, MS 83 Fixes
• Fortinet, Ivanti and Intel issued updates fixing dozens of flaws including remote code execution and privilege escalation bugs across FortiWeb, FortiClientLinux, Ivanti DSM and Intel UEFI firmware — Vendor Patches
• Industrial vendors including Siemens, Schneider Electric, Moxa and Mitsubishi Electric fixed ICS/OT bugs (XSS, misconfigurations, remote DoS) with CISA and CERT advisories for Simatic S7-1500, EcoStruxure and MELSEC — ICS Patches
• Adobe patched 80 vulnerabilities across eight products (Commerce, Illustrator, Acrobat, Premiere Pro), including multiple high-severity Commerce/Magento issues with no known exploitation reported — Adobe Patches
• SAP released 15 notes for March Security Patch Day addressing critical deserialization and Log4j-related code injection flaws (including CVE-2026-27685) and high-severity supply-chain DoS bugs — SAP Patches
• CISA shortened deadlines for patching after adding actively exploited flaws (including a critical SolarWinds Web Help Desk bug and Ivanti CVE-2026-1603) to its Known Exploited Vulnerabilities catalog — CISA Deadlines
• Microsoft released extended and cumulative updates — Windows 10 KB5078885 (ESU) and Windows 11 KB5079473 / KB5078883 — delivering security fixes, Secure Boot certificate rollout, and WDAC/Sysmon improvements — Win10 ESU, Win11 KBs

Active Attacks & Malware

• A cyberattack tied to the Medusa ransomware gang exposed data for 237,830 people at Wisconsin’s largest ambulance provider, including SSNs and medical records — Bell Ambulance
• A Szczecin regional hospital in Poland reverted to paper workflows after an IT encryption incident that blocked access to records while recovery and investigation continue — Polish Hospital
• Researchers warn of a campaign exploiting FortiGate NGFW CVEs and weak credentials to steal configs, decrypt fortidcagent LDAP creds, create persistent admins and exfiltrate NTDS.dit via cloud infrastructure — FortiGate Breach
• New KadNap botnet has infected roughly 14,000 ASUS routers and edge devices, forming a P2P proxy network tied to Doppelganger services with heavy U.S. concentration — KadNap Botnet
• Kaspersky uncovered BeatBanker Android malware disguised as a Starlink app that combines banking trojan features, Monero mining (XMRig) and the BTMOB RAT to maintain stealth and persistence — BeatBanker
• A new EDR bypass dubbed BlackSanta was observed targeting HR departments to kill endpoint detection and response protections — BlackSanta
• The “Zombie ZIP” technique manipulates ZIP headers to slip DEFLATE-compressed payloads past scanners (PoC bypassed 50/51 VirusTotal engines) and prompted a CERT/CC bulletin and CVE-2026-0866 — Zombie ZIP

Supply-Chain & DevOps Attacks

• Threat actor UNC6426 exploited a compromised nx npm package postinstall script to deploy the QUIETVAULT stealer and abuse GitHub→AWS OIDC to gain admin AWS access, exfiltrate S3 data and destroy production within 72 hours — UNC6426
• Researchers removed five malicious Rust crates (notably chrono_anchor) that exfiltrated .env secrets and documented an AI bot (hackerbot-claw) exploiting GitHub Actions and a Trivy extension vuln (CVE-2026-28353), urging key rotation and CI audits — Rust Crates

Influence & Espionage

• Meta disrupted an Iran-linked influence operation that used AI-generated personas on Instagram to cultivate U.S. relationships and later push political messaging via fake journalists and amplifiers — Iran Instagram
• Automated calls and spoofed texts impersonating the Israeli Home Front Command were attributed to Iranian or pro‑Iranian actors as part of a coordinated psychological cyber warfare campaign during Operation Rising Lion — Iran Calls
• Finnish intelligence warns of persistent state-backed cyber espionage from Russia and China targeting Finland’s tech sector, research institutions and government networks for long-term economic and technological intelligence collection — Finland Intel, Finland Intel

Phishing, Identity & Anti-Scam

• Meta rolled out new anti-scam protections across WhatsApp, Facebook and Messenger to detect device‑linking fraud, suspicious friend requests, fake job offers and impersonation using AI detection and user warnings — Meta Tools
• Microsoft is previewing phishing‑resistant, passwordless Windows sign‑ins using Entra passkeys and Windows Hello to reduce credential phishing across managed and unmanaged devices — Entra Passkeys
• The FBI warned of a planning-and-zoning permit phishing campaign that uses public permit data to coerce victims into fake payment requests via wire, P2P services or crypto — Permit Phish

AI Security & Startups

• Scanner raised $22M to scale a cloud-native security data lake and AI threat-hunting platform with its Model Context Protocol for fast detection and response — Scanner Funding
• Tel Aviv startup Jazz emerged with $61M to commercialize an AI-powered context-aware DLP platform using an Agentic Investigator to reduce DLP noise — Jazz Funding
• Kai surfaced from stealth with $125M to build an AI platform bridging IT and OT security visibility and response — Kai Funding
• OpenAI is acquiring AI security startup Promptfoo to bolster code- and model‑security capabilities — OpenAI Buy

Webinars & Research

• A webinar explores securing fragile OT environments and why traditional scanning fails for legacy PLCs, offering visibility and protocol-level defenses for unpatchable assets — OT Webinar
• A separate webinar and guide examine how autonomous AI agents create new data‑leak attack surfaces and practical auditing steps to stop AI-driven exfiltration — AI Webinar
• Analysis shows adversaries using geometric tests as a new “Turing” technique to prove human-like behavior and evade automated defenses in fraud and abuse flows — New Turing

Cybersecurity News | Daily Recap – hendryadrian.com