Actively Exploited Zero-Days in Chrome and Cisco Firewalls Dominate a Week of Critical Patches and Policy Shifts

Publication Date: March 8, 2026

Summary

This week in cybersecurity saw a surge of critical incidents, led by Google patching two actively exploited zero-day vulnerabilities in Chrome, while the Interlock ransomware group was found to have exploited a Cisco firewall zero-day for over a month. Microsoft released its March Patch Tuesday, fixing 84 flaws, including two publicly disclosed bugs. In policy news, the White House unveiled a more offensive-focused national cyber strategy. Major data breaches also made headlines, with Navia exposing data of 2.7 million people and LexisNexis confirming a cloud breach. The period was marked by a clear trend of attackers leveraging zero-days for maximum impact and a continued rise in disruptive ransomware and phishing campaigns.

Today New Articles

Microsoft's March Patch Tuesday Fixes 84 Flaws, Including Two Publicly Known Zero-Days

Microsoft has released its March 2026 security updates, addressing a total of 84 vulnerabilities across its product portfolio, including Windows, Office, Azure, and SQL Server. The update includes patches for eight critical flaws, primarily involving remote co...

Navia Data Breach Exposes Personal and Health Data of Nearly 2.7 Million Individuals

Navia Benefit Solutions, a third-party benefits administrator, has disclosed a significant data breach that exposed the personal and health information of nearly 2.7 million people. The incident occurred between December 2025 and January 2026, during which att...

Industrial Cyber Threats Evolve from Spying to Physical Disruption, Dragos Warns

The Dragos 2026 OT/ICS Cybersecurity Year in Review report reveals a significant strategic shift by adversaries targeting industrial sectors. Attackers are moving beyond simple espionage and are now actively studying industrial processes with the intent to cau...

Stryker Hit by Destructive Attack as Hackers Weaponize Microsoft Intune for Mass Device Wipe

Medical technology leader Stryker was hit by a highly disruptive cyberattack where attackers used a compromised administrative account to issue remote wipe commands to thousands of corporate devices via Microsoft Intune. The attack, attributed to pro-Iranian h...

Russian APT28 Exploits Zimbra XSS Flaw in Phishing Campaign Against Ukraine

A Russian-backed APT group, believed to be APT28 (Fancy Bear), is exploiting a high-severity cross-site scripting (XSS) vulnerability in Zimbra Collaboration (CVE-2025-66376). The campaign targets Ukrainian government entities, including the State Hydrology Ag...

GitHub Phishing Campaign Lures Developers with Fake $5,000 OpenClaw Crypto Airdrop

A sophisticated phishing campaign is abusing GitHub to target developers with a fake crypto airdrop for a project named OpenClaw. Attackers create fake accounts, open issue threads, and tag legitimate developers, promising a $5,000 token allocation. The link l...

Article Updates

Critical Cisco Firewall Flaw (CVSS 10.0) Exploited as Zero-Day by Ransomware Gang

Update:Amazon's threat intelligence team discovered the Interlock ransomware group's full operational toolkit due to a misconfigured server. This major OPSEC failure revealed custom RATs, reconnaissance scripts, and detailed TTPs used in exploiting the Cisco FMC zero...