Daily Digest

White House Unveils Offensive Cyber Strategy as Microsoft & Google Patch Actively Exploited Zero-Days

White House Unveils Offensive Cyber Strategy as Microsoft & Google Patch Actively Exploited Zero-Days

March 13, 2026
5 articles (5 new)
15 min read

Summary

This week in cybersecurity, the Trump administration announced a major shift in U.S. policy with a new, more aggressive national cyber strategy focused on offensive operations and deregulation. Concurrently, Microsoft and Google scrambled to release emergency patches for multiple zero-day vulnerabilities under active exploitation, including critical flaws in Windows RRAS and the Chrome browser. Threat actors also remained highly active, with state-sponsored groups from China targeting defense contractors and Southeast Asian militaries, while an international takedown disrupted the 'Tycoon 2FA' phishing-as-a-service platform that enabled widespread MFA bypass attacks.

Filter by Category

New Articles (5)

Microsoft Rushes Emergency Hotpatch for Critical RCE Flaws in Windows RRAS

CRITICAL

Microsoft Releases Out-of-Band Hotpatch KB5084597 for Critical Windows RRAS Remote Code Execution Vulnerabilities

Microsoft has issued an emergency, out-of-band hotpatch (KB5084597) on March 13, 2026, to address three critical remote code execution (RCE) vulnerabilities in the Windows Routing and Remote Access Service (RRAS). The flaws—CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111—affect Windows 11 and can be exploited by an attacker who tricks a user into connecting to a malicious remote server. A successful exploit could allow the attacker to execute arbitrary code on the victim's device. The hotpatch is being delivered via Windows Update and allows for a no-reboot installation on supported Enterprise devices, underscoring the severity of the vulnerabilities in this core networking component.

March 13, 2026
5 min read
MicrosoftWindows 11RRASVulnerabilityRemote Code Execution +2 more
Microsoft Rushes Emergency Hotpatch for Critical RCE Flaws in Windows RRAS
Vulnerability
Patch Management
Cyberattack

Chinese Spy Group Targets Southeast Asian Militaries with Custom 'AppleChris' & 'MemFun' Backdoors

HIGH

Suspected Chinese Espionage Group CL-STA-1087 Uses Custom Malware in Long-Running Campaign Against Southeast Asian Militaries

A suspected China-based cyber espionage group, tracked as CL-STA-1087, is conducting a long-running intelligence-gathering campaign against military organizations in Southeast Asia. Active since at least 2020, the operation demonstrates high sophistication, using custom backdoors named 'AppleChris' and 'MemFun' along with a credential harvesting tool called 'Getpass.' The threat actors focus on exfiltrating specific, high-value intelligence related to military capabilities, organizational structures, and collaborations with Western forces. Researchers at Palo Alto Networks Unit 42 detected the intrusion after observing suspicious PowerShell commands used to establish reverse shells to a command-and-control server, indicating a patient and persistent adversary focused on strategic espionage rather than widespread disruption.

March 13, 2026
5 min read
Cyber EspionageAPTChinaMalwareBackdoor +2 more
Chinese Spy Group Targets Southeast Asian Militaries with Custom 'AppleChris' & 'MemFun' Backdoors
Threat Actor
Cyberattack
Malware

Malicious AI Browser Extensions Caught Stealing ChatGPT Prompts and Corporate Data

HIGH

Malicious AI-Themed Browser Extensions Harvest Sensitive Data from Users and LLMs

Security researchers have uncovered a widespread data harvesting campaign involving malicious Chromium browser extensions disguised as helpful AI assistants. These extensions, installed nearly 900,000 times from official browser stores, targeted over 20,000 enterprise environments. The malware's primary function was to steal browsing history and exfiltrate the full content of user interactions with Large Language Models (LLMs) like ChatGPT and DeepSeek. This allowed attackers to capture potentially sensitive corporate data, intellectual property, and source code that employees were inputting into AI services. The incident highlights the significant 'shadow IT' risk posed by ungoverned browser extensions and the use of public AI tools for business purposes.

March 13, 2026
5 min read
Browser ExtensionSpywareData ExfiltrationAI SecurityChatGPT +2 more
Malicious AI Browser Extensions Caught Stealing ChatGPT Prompts and Corporate Data
Malware
Data Breach
Cloud Security

'SocksEscort' Proxy Botnet Used for Millions in Fraud Dismantled by FBI & Europol

HIGH

International 'Operation Lightning' Takes Down SocksEscort Residential Proxy Network

An international law enforcement action named 'Operation Lightning' has dismantled 'SocksEscort,' a massive residential proxy service that facilitated widespread cybercrime. The service operated by infecting hundreds of thousands of home and business routers worldwide with the 'AVRecon' botnet malware. This network of compromised devices was then sold to criminals, who used it to hide their activities while committing large-scale fraud, including ransomware, ad fraud, and identity theft, resulting in tens of millions of dollars in losses. The operation, led by the FBI and Europol, involved seizing 34 domains and 23 servers, and freezing $3.5 million in cryptocurrency, dealing a major blow to the cybercrime ecosystem.

March 13, 2026
5 min read
BotnetProxy ServiceTakedownCybercrimeIoT Security +3 more
'SocksEscort' Proxy Botnet Used for Millions in Fraud Dismantled by FBI & Europol
Cyberattack
Malware
Threat Intelligence

China's CERT Warns 'OpenClaw' AI Model Can Be Abused to Delete Data, Expose Keys

HIGH

China's National CERT Issues Security Warning on 'OpenClaw' AI Model, Leading to Reported Ban

China's national Computer Emergency Response Team (CERT) has issued a significant security warning about the 'OpenClaw' AI model. According to the alert reported on March 12, 2026, the model can be manipulated to perform dangerous and destructive actions, such as deleting user data, exposing sensitive information like secret keys, and loading malicious content onto a system. The perceived severity of these vulnerabilities has reportedly led authorities in Beijing to ban the use of the AI model. The warning highlights the growing concerns among national security bodies about the inherent risks and potential for misuse of powerful, publicly available large language models.

March 13, 2026
5 min read
AI SecurityLarge Language ModelLLMPrompt InjectionVulnerability +1 more
China's CERT Warns 'OpenClaw' AI Model Can Be Abused to Delete Data, Expose Keys
Vulnerability
Threat Intelligence
Other

📢 Share This Publication

Help others stay informed about cybersecurity threats