Microsoft Patches Two Zero-Days in March Update; Actively Exploited Android Flaw and Global APT Campaigns Emerge

Publication Date: March 10, 2026

Summary

This intelligence brief for March 10, 2026, covers a significant wave of cybersecurity events. Microsoft's Patch Tuesday addressed 79 flaws, including two publicly disclosed zero-days in SQL Server and .NET. Concurrently, Google rushed a patch for an actively exploited zero-day in Android devices with Qualcomm chips, which CISA added to its KEV list. Espionage campaigns are on the rise, with China-linked APT UAT-9244 targeting South American telecoms and Iran's MuddyWater group infiltrating critical U.S. sectors. Other major incidents include a supply chain attack on the OpenClaw AI framework and a massive phishing service takedown by Europol and Microsoft.

Today New Articles

FBI Warns of Sophisticated Phishing Scam Impersonating City Officials to Steal Permit Fees

The FBI's Internet Crime Complaint Center (IC3) has issued a public service announcement about a sophisticated, nationwide phishing campaign. Scammers are impersonating city and county officials, using publicly available permit data to create highly convincing...

Texas Healthcare Provider CommuniCare Discloses Data Breach Affecting Nearly 20,000 Patients

The San Antonio-based Barrio Comprehensive Family Health Care Center, operating as CommuniCare, has reported a data breach impacting 19,885 individuals. The breach stemmed from unauthorized access to an employee's email account, which was first detected in Sep...

FDD Warns NIST of "Agentic AI" Security Risks, Highlighting Prompt Injection and Multi-Agent Dangers

The Foundation for Defense of Democracies (FDD) has submitted a formal public comment to the U.S. National Institute of Standards and Technology (NIST), warning that the federal government is unprepared for the unique security risks posed by agentic artificial...

Transport for London Confirms 2024 Breach by 'Scattered Spiders' Affected 10 Million People

Transport for London (TfL) has officially confirmed the massive scale of a cyberattack that occurred in August 2024. The breach, attributed to the notorious hacking group 'Scattered Spiders', affected approximately 10 million people. The attackers stole a data...

Article Updates

Critical Zero-Click RCE Flaw (CVE-2026-25253) Hits OpenClaw AI Agent Framework

Update:The OpenClaw AI Agent Framework is experiencing an escalated security crisis. A widespread supply chain attack has been confirmed, with over 1,184 malicious 'skills' flooding the ClawHub marketplace, capable of full system compromise. The existing CVE-2026-252...

Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update

Update:The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the actively exploited Qualcomm zero-day vulnerability, CVE-2026-21385, to its Known Exploited Vulnerabilities (KEV) catalog. This critical update mandates all U.S. federal agencies to...

Paint Giant AkzoNobel Hit by Anubis Ransomware; 170GB of Client Data and Passports Leaked

Update:AkzoNobel has provided an update on the Anubis ransomware attack, clarifying that the operational impact at the affected U.S. site was minimal. This refines earlier reports which indicated the attack caused disruption, suggesting effective containment and inci...

China-Linked Group UAT9244 Targets South American Telecoms with New Malware Suite

Update:Further analysis of the UAT-9244 campaign indicates the group has been active since at least 2024 and shows operational overlaps with the known threat cluster 'FamousSparrow'. New technical details specify that 'TernDoor' is a Windows backdoor, a variant of 'C...