Daily Digest

Google Patches Actively Exploited Chrome Zero-Days; Iran-Linked Wiper Attack Hits Med-Tech Giant Stryker

March 16, 2026

5 articles (5 new)

15 min read

Summary

This cybersecurity brief for March 16, 2026, covers critical developments including emergency patches from Google for two actively exploited Chrome zero-days (CVE-2026-3909, CVE-2026-3910) added to CISA's KEV catalog. A major destructive wiper attack by the Iran-linked Handala group crippled medical tech firm Stryker by weaponizing its Microsoft Intune platform. Other significant events include a supply chain attack on the AppsFlyer SDK to steal cryptocurrency, a critical data exposure at UK's Companies House affecting five million businesses, and Microsoft's emergency hotpatch for Windows 11 RRAS flaws.

Filter by Category

New Articles (5)

Ransomware Splinters as Attacks Surge 59% in Asia-Pacific, S-RM Report Finds

INFORMATIONAL

S-RM Report: Ransomware Ecosystem Fragments into 67 Groups as Attacks on APAC Region Skyrocket

S-RM's 2026 Cyber Incident Insights Report reveals a significant shift in the ransomware landscape, which is fragmenting into a more diverse and unpredictable ecosystem. Based on over 800 incidents in 2025, the report identified 67 distinct ransomware groups, an increase from the previous year. This diversification includes both sophisticated RaaS operations like Akira and Qilin and newer, less predictable actors. A key finding is the dramatic 59% year-over-year increase in ransomware attacks in the Asia-Pacific (APAC) region, driven by rapid digitization and immature security postures. The report also warns of emerging risks from the insecure adoption of AI agents with privileged access in enterprise environments.

March 16, 2026

5 min read

RansomwareThreat IntelligenceS-RMAPACRaaS +1 more

Threat Intelligence

Ransomware

Cyberattack

UK Companies House Flaw Exposes Data of 5 Million Companies

HIGH

Major Security Flaw in UK Companies House WebFiling Service Exposes Private Data of 5 Million Companies

The UK's official business registry, Companies House, has confirmed a significant security vulnerability in its WebFiling service that exposed the sensitive data of personnel from five million registered companies. The flaw, which was active from October 2025 until March 2026, allowed any logged-in user to view non-public information of other companies, including directors' residential addresses and full dates of birth, by manipulating their browser session. The service was taken offline for emergency maintenance and restored on March 16, 2026, after a patch was applied. Companies House has reported the incident to the ICO and NCSC and is urging all UK businesses to review their filing history for any unauthorized changes.

March 16, 2026

6 min read

Data BreachCompanies HouseUKVulnerabilityPII +1 more

UK Companies House Flaw Exposes Data of 5 Million Companies

Data Breach

Vulnerability

Regulatory

CISA KEV Alert: Actively Exploited Wing FTP Server Flaw Added to Catalog

MEDIUM

CISA Adds Actively Exploited Wing FTP Server Information Disclosure Flaw (CVE-2025-47813) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-47813, a medium-severity information disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) catalog. This indicates the flaw is being actively exploited in the wild. The vulnerability allows an unauthenticated attacker to reveal the full local installation path of the server by sending a crafted request. While not an RCE flaw itself, attackers are using this information for reconnaissance to facilitate more severe follow-on attacks. A patch has been available since May 2025 in version 7.4.4. CISA has mandated that federal agencies remediate the flaw by March 30, 2026.

March 16, 2026

6 min read

CISAKEVWing FTP ServerVulnerabilityInformation Disclosure

CISA KEV Alert: Actively Exploited Wing FTP Server Flaw Added to Catalog

Vulnerability

Patch Management

Play Ransomware Claims Attack on U.S. Aviation Firm Executive Aviation

HIGH

Play Ransomware Group Adds U.S.-Based Executive Aviation to its Victim List

The Play ransomware group, also known as Playcrypt, has claimed responsibility for a cyberattack against Executive Aviation, a company in the U.S. aviation sector. On March 15, 2026, the group posted the company's name on its dark web leak site, threatening to publish a 'full leak' of stolen data unless a ransom is paid. This incident highlights the ongoing targeting of critical infrastructure sectors by sophisticated ransomware operators. The Play group is known for its double-extortion tactics and often gains initial access by exploiting vulnerabilities in public-facing VPN or RDP services. The attack serves as a warning to the aviation industry to bolster its defenses against such threats.

March 16, 2026

6 min read

RansomwarePlayAviationCritical InfrastructureDouble Extortion

Ransomware

Cyberattack

Threat Actor

'The Gentlemen' Ransomware Hits Thai Financial Firm Chase Asia

HIGH

New Ransomware Group 'The Gentlemen' Claims Attack on Thai Financial Services Firm Chase Asia

A relatively new ransomware group calling itself 'The Gentlemen' has claimed responsibility for a cyberattack on Chase Asia, a major debt collection and loan management firm in Thailand. On March 16, 2026, the group threatened to publish the company's data if contact was not made. 'The Gentlemen' is believed to be a sophisticated Ransomware-as-a-Service (RaaS) operation that emerged from the Qilin ransomware ecosystem. The group is known to target Windows, Linux, and ESXi environments and has previously exploited Fortinet VPN vulnerabilities for initial access. This attack on a prominent financial firm highlights the expanding reach of organized cybercrime into the Asia-Pacific market.

March 16, 2026

6 min read

RansomwareThe GentlemenQilinBYOVDFinancial Services +1 more

Ransomware

Threat Actor

Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats