CISA Issues Urgent Alerts for Intune, SharePoint, and Zimbra Flaws Amidst Active Exploitation and Ransomware Attacks

Fintech Firm Marquis Revises Breach Impact to 672,000; Akira Ransomware Suspected

Fintech provider Marquis has officially revised the number of individuals impacted by its August 2025 data breach to 672,075. The breach, which stemmed from an exploited vulnerability in a SonicWall firewall, exposed the personal and financial data of customer...

Dragonforce Ransomware Claims Attack on U.S. Hydraulics Firm Dynex/Rivett

The Dragonforce ransomware group has claimed responsibility for a cyberattack against Dynex/Rivett Inc., a U.S.-based manufacturer of hydraulic systems. In a post on March 18, 2026, the group announced the attack and threatened to publish a 'full leak' of stol...

Freedom Mobile Data Breach Exposes Customer PII via Compromised Subcontractor

Canadian telecom provider Freedom Mobile disclosed a data breach on March 18, 2026, that occurred in January. An unauthorized third party gained access to the company's customer account management platform for one week using the compromised credentials of a su...

Apple Silently Patches WebKit Flaw That Could Let Sites Steal Your Data

Apple released a silent, background security patch on March 18, 2026, to fix a cross-origin vulnerability in WebKit, its core web rendering engine. The flaw, CVE-2026-20643, could allow a malicious website to bypass the same-origin policy, a fundamental browse...

Data of 129,509 Vault Strategies Customers Leaked Online After Ransomware Attack

Data stolen from benefits administrator Vault Strategies during a December 2025 ransomware attack by the 'Incransom' group has now been made public. On March 18, 2026, a searchable database containing the extensive Personally Identifiable Information (PII) of...

CISA Warns of Critical Code Injection Flaw in Schneider Electric ICS Software

CISA issued an ICS advisory on March 19, 2026, for a critical code injection vulnerability, CVE-2026-2273, in Schneider Electric's EcoStruxure Automation Expert software. The flaw, with a CVSS score of 8.2, could allow an authenticated attacker to achieve arbi...

Public Sector Unprepared for AI-Powered Attacks, Report Finds

A March 18, 2026 report by LevelBlue reveals that public-sector organizations are struggling to defend against a rising tide of cyberattacks, especially those enhanced by AI. The study found that nearly one-third of state, local, and education (SLED) entities...

CISA Adds Actively Exploited Zimbra XSS Flaw to KEV Catalog

On March 18, 2026, CISA added a cross-site scripting (XSS) vulnerability in Synacor's Zimbra Collaboration Suite, CVE-2025-66376, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms the vulnerability is being actively exploited in the wi...

Interlock Ransomware Weaponized Cisco Firewall Zero-Day 36 Days Before Patch

Update:The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20131 to its Known Exploited Vulnerabilities (KEV) catalog on March 19, 2026, mandating federal agencies to patch the critical flaw. The vulnerability, an insecure deserialization i...