Daily Digest

Microsoft Patches Two Zero-Days in March Update; Actively Exploited Android Flaw and Global APT Campaigns Emerge

Microsoft Patches Two Zero-Days in March Update; Actively Exploited Android Flaw and Global APT Campaigns Emerge

March 10, 2026
8 articles (4 new, 4 updated)
24 min read

Summary

This intelligence brief for March 10, 2026, covers a significant wave of cybersecurity events. Microsoft's Patch Tuesday addressed 79 flaws, including two publicly disclosed zero-days in SQL Server and .NET. Concurrently, Google rushed a patch for an actively exploited zero-day in Android devices with Qualcomm chips, which CISA added to its KEV list. Espionage campaigns are on the rise, with China-linked APT UAT-9244 targeting South American telecoms and Iran's MuddyWater group infiltrating critical U.S. sectors. Other major incidents include a supply chain attack on the OpenClaw AI framework and a massive phishing service takedown by Europol and Microsoft.

Filter by Category

New Articles (4)

FBI Warns of Sophisticated Phishing Scam Impersonating City Officials to Steal Permit Fees

MEDIUM

FBI's IC3 Issues Alert on Nationwide Phishing Scheme Targeting Planning and Zoning Permit Applicants

The FBI's Internet Crime Complaint Center (IC3) has issued a public service announcement about a sophisticated, nationwide phishing campaign. Scammers are impersonating city and county officials, using publicly available permit data to create highly convincing emails that trick individuals and businesses into paying fraudulent fees. The attackers request payment via non-standard methods like wire transfers, P2P apps, and cryptocurrency, creating a significant financial risk for those engaged in the permitting process.

March 10, 2026
4 min read
PhishingScamFBIIC3Social Engineering +1 more
FBI Warns of Sophisticated Phishing Scam Impersonating City Officials to Steal Permit Fees
Phishing
Threat Intelligence
Regulatory

Texas Healthcare Provider CommuniCare Discloses Data Breach Affecting Nearly 20,000 Patients

HIGH

Barrio Comprehensive Family Health Care Center (CommuniCare) Reports Data Breach Exposing PII and PHI of 19,885 Individuals

The San Antonio-based Barrio Comprehensive Family Health Care Center, operating as CommuniCare, has reported a data breach impacting 19,885 individuals. The breach stemmed from unauthorized access to an employee's email account, which was first detected in September 2025. A subsequent investigation confirmed that the compromised account contained a trove of patient data, including personally identifiable information (PII) and protected health information (PHI) such as medical diagnoses, treatments, and prescription details.

March 10, 2026
4 min read
Data BreachHealthcareHIPAAPIIPHI +2 more
Texas Healthcare Provider CommuniCare Discloses Data Breach Affecting Nearly 20,000 Patients
Data Breach
Phishing
Incident Response

FDD Warns NIST of "Agentic AI" Security Risks, Highlighting Prompt Injection and Multi-Agent Dangers

INFORMATIONAL

Foundation for Defense of Democracies Submits Public Comment to NIST on Securing Agentic AI Systems

The Foundation for Defense of Democracies (FDD) has submitted a formal public comment to the U.S. National Institute of Standards and Technology (NIST), warning that the federal government is unprepared for the unique security risks posed by agentic artificial intelligence. The submission, part of NIST's RFI for a new AI Agent Security Framework, highlighted novel threats like indirect prompt injection, data poisoning, and multi-agent interaction risk. The FDD urged NIST to update core security standards to address these emerging dangers, which could be exploited by nation-state adversaries.

March 10, 2026
5 min read
Artificial IntelligenceAI SecurityNISTFDDPrompt Injection +2 more
FDD Warns NIST of "Agentic AI" Security Risks, Highlighting Prompt Injection and Multi-Agent Dangers
Policy and Compliance
Regulatory
Threat Intelligence

Transport for London Confirms 2024 Breach by 'Scattered Spiders' Affected 10 Million People

HIGH

Transport for London (TfL) Confirms 2024 Data Breach Impacted 10 Million Individuals, Attributed to Scattered Spiders

Transport for London (TfL) has officially confirmed the massive scale of a cyberattack that occurred in August 2024. The breach, attributed to the notorious hacking group 'Scattered Spiders', affected approximately 10 million people. The attackers stole a database containing sensitive personal information, including names, email addresses, phone numbers, and home addresses. The financial impact of the incident is estimated to be around £39 million ($52 million USD), highlighting the severe consequences of the attack long after its initial discovery.

March 10, 2026
5 min read
Data BreachScattered SpidersTfLSocial EngineeringPII +1 more
Transport for London Confirms 2024 Breach by 'Scattered Spiders' Affected 10 Million People
Data Breach
Threat Actor
Cyberattack

Updated Articles (4)

Critical Zero-Click RCE Flaw (CVE-2026-25253) Hits OpenClaw AI Agent Framework

CRITICAL

Critical Zero-Click RCE Vulnerability, CVE-2026-25253, Disclosed in Popular OpenClaw AI Agent Framework

Update:

The OpenClaw AI Agent Framework is experiencing an escalated security crisis. A widespread supply chain attack has been confirmed, with over 1,184 malicious 'skills' flooding the ClawHub marketplace, capable of full system compromise. The existing CVE-2026-25253 RCE vulnerability is now detailed to include sandbox escape capabilities. Additionally, a new flaw, 'ClawJacked,' allows covert hijacking of local AI agent instances. Users are urged to update to version 2026.2.26 or later immediately and treat all previously installed skills as untrusted due to the confirmed widespread compromise.

February 15, 2026
Updated: March 10, 2026
6 min read
OpenClawCVE-2026-25253RCEZero-ClickVulnerability +2 more
Critical Zero-Click RCE Flaw (CVE-2026-25253) Hits OpenClaw AI Agent Framework
Vulnerability
Cyberattack
Supply Chain Attack

Paint Giant AkzoNobel Hit by Anubis Ransomware; 170GB of Client Data and Passports Leaked

HIGH

AkzoNobel Confirms US Site Breached; Anubis Ransomware Claims 170GB Data Theft

Update:

AkzoNobel has provided an update on the Anubis ransomware attack, clarifying that the operational impact at the affected U.S. site was minimal. This refines earlier reports which indicated the attack caused disruption, suggesting effective containment and incident response limited the overall business impact. The core details of the attack, including the 170GB data exfiltration by the Anubis group, remain consistent.

March 6, 2026
Updated: March 10, 2026
4 min read
AnubisRansomwareAkzoNobelData LeakManufacturing +2 more
Paint Giant AkzoNobel Hit by Anubis Ransomware; 170GB of Client Data and Passports Leaked
Ransomware
Data Breach
Cyberattack

China-Linked Group UAT9244 Targets South American Telecoms with New Malware Suite

HIGH

New China-Linked Threat Actor 'UAT9244' Targets South American Telecoms with Custom Malware

Update:

Further analysis of the UAT-9244 campaign indicates the group has been active since at least 2024 and shows operational overlaps with the known threat cluster 'FamousSparrow'. New technical details specify that 'TernDoor' is a Windows backdoor, a variant of 'CrowDoor', utilizing DLL Side-Loading (T1574.002) for evasion. 'PeerTime' is designed for Linux systems and embedded network devices, notably employing the BitTorrent protocol for C2 communications (T1071.003) to blend with legitimate traffic. 'BruteEntry' is described as a brute-force scanning tool installed on compromised network edge devices, turning them into scanning platforms. These details highlight increased sophistication and a broader attack surface.

March 9, 2026
Updated: March 10, 2026
5 min read
APTChinaEspionageTelecommunicationsMalware +1 more
China-Linked Group UAT9244 Targets South American Telecoms with New Malware Suite
Threat Actor
Threat Intelligence
Cyberattack

Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update

CRITICAL

Google's March 2026 Android Update Fixes Actively Exploited Qualcomm Zero-Day (CVE-2026-21385)

Update:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the actively exploited Qualcomm zero-day vulnerability, CVE-2026-21385, to its Known Exploited Vulnerabilities (KEV) catalog. This critical update mandates all U.S. federal agencies to apply the patch by March 24, 2026, underscoring the severe and immediate threat posed by this flaw. The vulnerability, an integer overflow in a graphics driver, affects over 235 Qualcomm chipsets and can lead to full device compromise. This CISA action highlights the widespread risk and urgency for all Android users to update their devices as soon as patches are available from their manufacturers.

March 2, 2026
Updated: March 10, 2026
5 min read
AndroidQualcommZero-DayMemory CorruptionPatch Management +1 more
Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update
Vulnerability
Patch Management
Mobile Security

📢 Share This Publication

Help others stay informed about cybersecurity threats