Actively Exploited Zero-Days in Chrome and Cisco Firewalls Dominate a Week of Critical Patches and Policy Shifts

Microsoft Addresses 84 Vulnerabilities in March 2026 Patch Tuesday, Including Critical RCEs and Publicly Disclosed Flaws

Microsoft has released its March 2026 security updates, addressing a total of 84 vulnerabilities across its product portfolio, including Windows, Office, Azure, and SQL Server. The update includes patches for eight critical flaws, primarily involving remote code execution and elevation of privilege. While none of the vulnerabilities were actively exploited at the time of release, two were publicly disclosed, increasing the urgency for remediation. These include a critical elevation of privilege bug in SQL Server (CVE-2026-21262) and a denial-of-service flaw in .NET (CVE-2026-26127). The patches cover a wide range of products, with elevation of privilege flaws representing the largest category of fixes.

Patch TuesdayMicrosoftVulnerabilityRCEElevation of Privilege +3 more

Microsoft's March Patch Tuesday Fixes 84 Flaws, Including Two Publicly Known Zero-Days

Patch Management

Vulnerability

Navia Data Breach Exposes Personal and Health Data of Nearly 2.7 Million Individuals

Benefits Administrator Navia Discloses Massive Data Breach Affecting 2.7 Million People

Navia Benefit Solutions, a third-party benefits administrator, has disclosed a significant data breach that exposed the personal and health information of nearly 2.7 million people. The incident occurred between December 2025 and January 2026, during which attackers had unauthorized access to Navia's systems. The stolen data includes names, Social Security numbers, dates of birth, and sensitive health plan information related to HRAs, FSAs, and COBRA plans. The breach has impacted employees from over 10,000 companies, including union workers in Washington state. Navia is now facing multiple class-action lawsuits.

Data BreachNaviaHealthcarePIIPHI +2 more

Data Breach

Supply Chain Attack

Policy and Compliance

Industrial Cyber Threats Evolve from Spying to Physical Disruption, Dragos Warns

Dragos 2026 Report: Adversaries Now Targeting Physical Disruption in Industrial Control Systems

The Dragos 2026 OT/ICS Cybersecurity Year in Review report reveals a significant strategic shift by adversaries targeting industrial sectors. Attackers are moving beyond simple espionage and are now actively studying industrial processes with the intent to cause physical operational impact. The report identifies three new APT groups specializing in industrial attacks, including SYLVANITE, an initial access broker. While nation-state threats are growing in sophistication, the report also highlights that ransomware remains a primary threat, with 119 distinct groups targeting over 3,300 industrial organizations in 2025.

ICSOTDragosThreat IntelligenceAPT +3 more

Industrial Cyber Threats Evolve from Spying to Physical Disruption, Dragos Warns

Threat Intelligence

Industrial Control Systems

Threat Actor

Stryker Hit by Destructive Attack as Hackers Weaponize Microsoft Intune for Mass Device Wipe

Medical Tech Giant Stryker Suffers Destructive Attack via Compromised Microsoft Intune Admin Account

Medical technology leader Stryker was hit by a highly disruptive cyberattack where attackers used a compromised administrative account to issue remote wipe commands to thousands of corporate devices via Microsoft Intune. The attack, attributed to pro-Iranian hackers, was not technically sophisticated but leveraged legitimate IT administration functions for destructive purposes. The mass device wipe caused significant operational disruption, leading to delays in surgical cases due to inventory delivery issues. The incident serves as a stark warning that Mobile Device Management (MDM) platforms must be treated as critical, high-risk assets requiring stringent security controls.

CyberattackStrykerMicrosoft IntuneMDMData Destruction +2 more

Stryker Hit by Destructive Attack as Hackers Weaponize Microsoft Intune for Mass Device Wipe

Cyberattack

Incident Response

Cloud Security

Russian APT28 Exploits Zimbra XSS Flaw in Phishing Campaign Against Ukraine

APT28 Suspected of Exploiting Zimbra Vulnerability (CVE-2025-66376) to Target Ukrainian Government

A Russian-backed APT group, believed to be APT28 (Fancy Bear), is exploiting a high-severity cross-site scripting (XSS) vulnerability in Zimbra Collaboration (CVE-2025-66376). The campaign targets Ukrainian government entities, including the State Hydrology Agency, with sophisticated phishing emails. The attack uses a stored XSS flaw embedded directly in the email's HTML body, which executes upon opening in a vulnerable Zimbra webmail client. The malicious JavaScript payload is designed to steal credentials, 2FA data, and emails. CISA has added the vulnerability to its KEV catalog.

APT28Fancy BearRussiaUkraineZimbra +4 more

4 min read

Threat Actor

Phishing

Cyberattack

GitHub Phishing Campaign Lures Developers with Fake $5,000 OpenClaw Crypto Airdrop

MEDIUM

Developers Targeted in GitHub-Hosted Phishing Campaign Pushing Fake OpenClaw Crypto Airdrop

A sophisticated phishing campaign is abusing GitHub to target developers with a fake crypto airdrop for a project named OpenClaw. Attackers create fake accounts, open issue threads, and tag legitimate developers, promising a $5,000 token allocation. The link leads to a convincing clone of the real OpenClaw website with a malicious 'Connect your wallet' button. This button executes a wallet-draining script that steals funds from connected crypto wallets like MetaMask and Trust Wallet. The campaign uses social engineering by targeting developers who have shown interest in the legitimate OpenClaw project.