Microsoft Patches Two Zero-Days Amid Wave of Breaches and State-Sponsored Cyberespionage Campaigns

Publication Date: March 11, 2026

Summary

This 24-hour period saw Microsoft release its March 2026 Patch Tuesday, addressing 79 vulnerabilities including two publicly known zero-days in SQL Server and .NET. Concurrently, major data breaches were disclosed by Ericsson and Canadian retailer Loblaw, both highlighting different facets of cyber risk. State-sponsored activity remains high, with reports detailing a sustained two-year campaign by Russia's APT28 against Ukraine and a surge in espionage targeting the Middle East by actors linked to China, Iran, and Belarus. Law enforcement also scored a win by disrupting the 'Tycoon 2FA' phishing platform, while new reports detailed sophisticated supply chain attacks against the npm ecosystem and a critical flaw in Nginx UI.

Today New Articles

Ericsson Data Breach Exposes Personal Info of 15,000 Due to Third-Party Vendor Compromise

Telecommunications giant Ericsson has reported a data breach impacting approximately 15,000 individuals associated with its US operations. The incident was not a direct breach of Ericsson's systems but originated from a compromise at an unnamed third-party ser...

APT28 Hits Ukrainian Military with Custom 'BeardShell' Malware in Two-Year Espionage Campaign

The Russian state-sponsored threat group APT28, also known as Fancy Bear, has been conducting a persistent cyberespionage campaign against the Ukrainian military for nearly two years. Research from ESET reveals the group, attributed to Russia's GRU, has been u...

State-Aligned Hackers from China, Iran, Belarus Escalate Espionage in Middle East

A new report from Proofpoint reveals a significant uptick in cyber-espionage campaigns targeting government and diplomatic entities in the Middle East. Threat actors with suspected alignments to China (UNK_InnerAmbush), Iran (TA402, TA453), Belarus (TA473), an...

First-Ever 'Wormable' Malware in npm History Detailed in Analysis of 2025 Supply Chain Attacks

A detailed analysis of major JavaScript supply chain attacks from late 2025 reveals a significant escalation in threat actor sophistication. The campaigns included the compromise of massively popular npm packages like 'Chalk' and 'Debug,' which collectively se...

Critical Nginx UI Flaw (CVE-2026-27944) Allows Unauthenticated Backup Theft and Decryption

A critical information disclosure vulnerability, CVE-2026-27944, has been discovered in Nginx UI, a popular web interface for managing Nginx servers. The flaw, which has a CVSS score of 9.8, allows a remote, unauthenticated attacker to download a full system b...

Canadian Retail Giant Loblaw Investigates Data Breach Exposing Customer Info

Loblaw Companies Limited, Canada's largest food and pharmacy retailer, has announced it is investigating a data breach after detecting suspicious activity on its network. The company stated that an unauthorized third party accessed a non-critical segment of it...

Russian State Hackers Target Signal & WhatsApp Accounts of High-Value Individuals

Dutch intelligence agencies AIVD and MIVD have issued a warning about a large-scale phishing campaign by Russian state-backed hackers aimed at compromising the Signal and WhatsApp accounts of high-value targets. The campaign targets government officials, milit...

ShinyHunters Linked to Voice Phishing Campaign Targeting Okta Admins to Steal SaaS Data

A 2026 cyberattack campaign is using voice phishing (vishing) and social engineering to compromise Okta administrator accounts, with TTPs consistent with the ShinyHunters threat group. According to Obsidian Security, attackers socially engineer IT help desks o...