CISA Issues Urgent Alerts for Intune, SharePoint, and Zimbra Flaws Amidst Active Exploitation and Ransomware Attacks

Marquis Data Breach Revision Confirms 672,075 Individuals Affected; SonicWall Flaw Implicated

Fintech provider Marquis has officially revised the number of individuals impacted by its August 2025 data breach to 672,075. The breach, which stemmed from an exploited vulnerability in a SonicWall firewall, exposed the personal and financial data of customers from over 700 financial institutions. Compromised data includes names, Social Security numbers, and financial account details. While not officially confirmed, the Akira ransomware group, known for exploiting SonicWall flaws, is suspected to be behind the attack, with some reports alleging a ransom was paid.

FintechSupply Chain AttackRansomwareAkiraSonicWall +2 more

4 min read

Fintech Firm Marquis Revises Breach Impact to 672,000; Akira Ransomware Suspected

Data Breach

Supply Chain Attack

Dragonforce Ransomware Claims Attack on U.S. Hydraulics Firm Dynex/Rivett

Dragonforce Ransomware Threatens to Leak Data from U.S. Manufacturer Dynex/Rivett Inc.

The Dragonforce ransomware group has claimed responsibility for a cyberattack against Dynex/Rivett Inc., a U.S.-based manufacturer of hydraulic systems. In a post on March 18, 2026, the group announced the attack and threatened to publish a 'full leak' of stolen data if the company does not make contact to negotiate. This incident employs a typical double-extortion tactic, where data is both encrypted and stolen to maximize pressure on the victim to pay a ransom. The nature and volume of the exfiltrated data have not been specified.

RansomwareDragonforceDouble ExtortionManufacturingData Leak

Threat Actor

Cyberattack

Freedom Mobile Data Breach Exposes Customer PII via Compromised Subcontractor

MEDIUM

Freedom Mobile Discloses Data Breach After Subcontractor Credentials Used to Access Customer Data

Canadian telecom provider Freedom Mobile disclosed a data breach on March 18, 2026, that occurred in January. An unauthorized third party gained access to the company's customer account management platform for one week using the compromised credentials of a subcontractor. The breach exposed customer PII including names, addresses, dates of birth, and phone numbers. Freedom Mobile confirmed that more sensitive data like passwords and financial information was not affected, but the incident highlights the significant risks posed by supply chain security gaps.

Supply Chain AttackPIITelecommunicationsCredential CompromiseThird-Party Risk

Data Breach

Supply Chain Attack

Phishing

Apple Silently Patches WebKit Flaw That Could Let Sites Steal Your Data

MEDIUM

Apple Patches WebKit Cross-Origin Flaw (CVE-2026-20643) That Bypassed Same-Origin Policy

Apple released a silent, background security patch on March 18, 2026, to fix a cross-origin vulnerability in WebKit, its core web rendering engine. The flaw, CVE-2026-20643, could allow a malicious website to bypass the same-origin policy, a fundamental browser security feature. This would enable an attacker to access or steal data from other websites open in different tabs. The patch was delivered automatically to users on the latest versions of iOS and macOS. There is no evidence of active exploitation.

AppleWebKitSame-Origin PolicyCross-OriginVulnerability +1 more

Apple Silently Patches WebKit Flaw That Could Let Sites Steal Your Data

Patch Management

Mobile Security

Data of 129,509 Vault Strategies Customers Leaked Online After Ransomware Attack

Vault Strategies Data Breach Escalates as PII of 129,509 Individuals is Published Online

Data stolen from benefits administrator Vault Strategies during a December 2025 ransomware attack by the 'Incransom' group has now been made public. On March 18, 2026, a searchable database containing the extensive Personally Identifiable Information (PII) of 129,509 individuals was posted online. The exposed data includes full names, addresses, dates of birth, and Social Security numbers, placing victims at high risk of identity theft and prompting investigations into a potential class-action lawsuit.

Data LeakRansomwareIncransomSSNPII +1 more

Data Breach

Threat Actor

CISA Warns of Critical Code Injection Flaw in Schneider Electric ICS Software

CISA Highlights Critical Code Injection Vulnerability (CVE-2026-2273) in Schneider Electric EcoStruxure

CISA issued an ICS advisory on March 19, 2026, for a critical code injection vulnerability, CVE-2026-2273, in Schneider Electric's EcoStruxure Automation Expert software. The flaw, with a CVSS score of 8.2, could allow an authenticated attacker to achieve arbitrary command execution by tricking a user into opening a malicious project file. This could lead to a compromise of the engineering workstation and pose a significant risk to industrial control systems. Schneider Electric has released a patched version.

ICSOTSchneider ElectricCode InjectionVulnerability +1 more

4 min read

CISA Warns of Critical Code Injection Flaw in Schneider Electric ICS Software

Industrial Control Systems

Patch Management

Public Sector Unprepared for AI-Powered Attacks, Report Finds

INFORMATIONAL

Report: Public Sector Defenses Outpaced by AI-Driven Cyberattacks and Supply Chain Risks

A March 18, 2026 report by LevelBlue reveals that public-sector organizations are struggling to defend against a rising tide of cyberattacks, especially those enhanced by AI. The study found that nearly one-third of state, local, and education (SLED) entities suffered a breach in the last year. A concerning 44% lack full visibility into their supply chain, and only 28% feel prepared for AI-enabled threats, highlighting significant gaps in visibility, readiness, and workforce training across the public sector.

Public SectorAICybersecurity ReportSupply Chain RiskGovernment +1 more

Public Sector Unprepared for AI-Powered Attacks, Report Finds

Policy and Compliance

Threat Intelligence

Phishing

CISA Adds Actively Exploited Zimbra XSS Flaw to KEV Catalog

CISA Confirms Active Exploitation of Zimbra XSS Flaw (CVE-2025-66376), Adds to KEV Catalog

On March 18, 2026, CISA added a cross-site scripting (XSS) vulnerability in Synacor's Zimbra Collaboration Suite, CVE-2025-66376, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms the vulnerability is being actively exploited in the wild. The flaw could allow attackers to inject malicious scripts into the web client, potentially leading to session hijacking or data theft. U.S. federal agencies are now required to remediate the vulnerability promptly.

CISAKEVZimbraXSSVulnerability +1 more

CISA Adds Actively Exploited Zimbra XSS Flaw to KEV Catalog

RansomwareInterlockCiscoZero-DayVulnerability +3 more

Patch Management

Phishing

Updated Articles (1)

Interlock Ransomware Weaponized Cisco Firewall Zero-Day 36 Days Before Patch

CRITICAL

Interlock Ransomware Exploited Critical Cisco Firewall Zero-Day (CVE-2026-20131) for Over a Month

Update:

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20131 to its Known Exploited Vulnerabilities (KEV) catalog on March 19, 2026, mandating federal agencies to patch the critical flaw. The vulnerability, an insecure deserialization issue, has been explicitly rated with a CVSS score of 10.0. Further technical analysis reveals Interlock's use of an ELF binary with custom JavaScript and Java-based RATs, PowerShell for reconnaissance, Bash scripts for reverse proxies, and legitimate tools like ConnectWise ScreenConnect and Volatility Framework for defense evasion and lateral movement. The scope also includes Cisco Security Cloud Control (SCC) Firewall Management.

March 8, 2026

Updated: March 19, 2026

5 min read