Cybersecurity News | Daily Recap [19 Mar 2026]

Daily Recap, active exploits include Microsoft SharePoint deserialization RCE (CVE-2026-20963) being exploited in the wild against unpatched SharePoint Server 2016/2019/Subscription, and Interlock ransomware leveraging a Cisco Secure FMC zero-day (CVE-2026-20131) before patching. It also notes CISA directives to patch Zimbra XSS (CVE-2025-66376) and patches across WebKit (CVE-2026-20643) and UniFi (CVE-2026-22557), ongoing Marquis and Aura breaches, and policy moves involving China, DPRK, and Volt Typhoon. #SharePointFlaw #InterlockRansomware #CiscoFMC #ZimbraXSS #WebKitPatch #UniFiFlaw #TelnetdRCE #ScreenConnectPatch #MarquisBreach #AuraBreach #DarkSwordKit #PerseusMalware #Stryker #Handala #China #DPRK #VoltTyphoon

Critical Microsoft SharePoint deserialization RCE (CVE-2026-20963, CVSS 9.8) is being exploited in the wild against unpatched SharePoint Server 2016/2019/Subscription instances, prompting CISA emergency remediation – SharePoint Flaw, SharePoint Flaw
Interlock ransomware exploited a Cisco Secure FMC zero-day (CVE-2026-20131) for at least 36 days before patching, deploying RATs, memory webshells and organized data-exfiltration tooling – Cisco FMC, Cisco FMC
CISA ordered federal agencies to patch an actively exploited stored XSS in Zimbra (CVE-2025-66376) abused via CSS @import in HTML emails, with BOD 22-01 deadlines – Zimbra XSS

Apple pushed background security updates fixing a cross-origin Navigation API bug in WebKit (CVE-2026-20643) across iOS/iPadOS/macOS to prevent same-origin bypass – WebKit Patch
Ubiquiti patched two UniFi Network flaws including a maximum-severity path traversal (CVE-2026-22557) that could enable account takeover; fixed in 10.1.89+ – UniFi Flaw
A critical unauthenticated root RCE in GNU Inetutils telnetd (CVE-2026-32746, CVSS 9.8) enables root execution during the initial Telnet handshake; vendors advise disabling Telnet or running without root – Telnetd RCE
ConnectWise released a patch for a flaw that could allow ScreenConnect hijacking – ScreenConnect Patch

Bank-software vendor Marquis says a ransomware attack exposed data for ~672,075 people (state filings and analyses suggest the true affected count may be higher), and legal actions have followed – Marquis Breach, Marquis Breach
Identity-protection firm Aura confirmed a voice‑phishing incident exposed ~900,000 marketing contacts (≈20,000 current, 15,000 former customers); ShinyHunters claimed responsibility – Aura Breach

The JavaScript-only iOS full-chain exploit kit DarkSword enabled instant full-device compromise and rapid data exfiltration across multiple operators (including suspected UNC6353) before Apple patched the chained flaws – DarkSword Kit, DarkSword Kit
New Android malware Perseus, distributed via sideloaded IPTV apps like Roja Directa TV, abuses Accessibility Services to scan user notes for secrets, fully compromise devices, and targets financial/crypto users in Turkey and Italy – Perseus Malware

CISA urged organizations to harden Microsoft Intune after an March 11 attack that exploited Intune to steal data and remotely wipe ~80,000 devices at Stryker, recommending least‑privilege RBAC, Entra ID controls, enforced MFA, and multi-admin approvals to counter groups like Handala – Intune Warning

The U.S. Intelligence Community’s 2026 threat assessment names China as the top cyber threat (with Russia, Iran, and North Korea also highlighted) and warns of pre‑positioned access, ransomware, AI-enabled attacks, and proxy strikes – US Threats
OFAC sanctioned six individuals and two entities over a DPRK IT worker scheme that uses fake remote‑job scams, AI persona fabrication, VPNs, and malware-driven extortion to funnel revenue to WMD programs – DPRK Sanctions

Senate questioning: DHS nominee Mullin declined to commit to restoring CISA staffing or reversing budget cuts, raising concerns about readiness amid tensions with Iran and incidents like the Stryker attack – Mullin Hearing
U.S. intelligence chief was pressed over omitting election interference from the annual assessment, sparking debate on foreign influence, CISA cuts, and groups like Volt Typhoon – Intel Hearing
A CISA official said the agency has not observed an overall uptick in cyber threats amid the Iran war – CISA Status

Palo Alto startup Raven emerged from stealth with $20 million to expand runtime protection for cloud‑native apps and block anomalous AI agents in production – Raven Funding
Autonomous offensive security firm XBOW raised $120M in Series C at a > $1B valuation to scale AI-driven autonomous vulnerability discovery and validation – XBOW Raise
Cloud security startup Native exited stealth with $42M to enforce policy intent across multi‑cloud environments with impact simulation and staged rollouts – Native Funding

Analysis: “The Collapse of Predictive Security” argues attackers now weaponize high‑risk flaws within days, urging preemptive exposure management, stronger hygiene, credential controls, and AI‑augmented response workflows – Predictive Security