Daily Digest

CISA Issues Urgent Alerts for Intune, SharePoint, and Zimbra Flaws Amidst Active Exploitation and Ransomware Attacks

CISA Issues Urgent Alerts for Intune, SharePoint, and Zimbra Flaws Amidst Active Exploitation and Ransomware Attacks

March 19, 2026
9 articles (8 new, 1 updated)
27 min read

Summary

This cybersecurity brief for March 19, 2026, covers a series of critical alerts from CISA regarding actively exploited vulnerabilities in Microsoft Intune, SharePoint, and Zimbra. The advisories follow a disruptive wiper attack on Stryker and confirmation of in-the-wild exploitation. Concurrently, new details emerged about the Interlock ransomware group leveraging a Cisco firewall zero-day for over a month before a patch was available. Other major incidents include multiple data breaches affecting hundreds of thousands of individuals and reports on sophisticated iOS exploit chains, highlighting a landscape of escalating threats from supply chain attacks, ransomware, and state-sponsored actors.

Filter by Category

New Articles (8)

Fintech Firm Marquis Revises Breach Impact to 672,000; Akira Ransomware Suspected

HIGH

Marquis Data Breach Revision Confirms 672,075 Individuals Affected; SonicWall Flaw Implicated

Fintech provider Marquis has officially revised the number of individuals impacted by its August 2025 data breach to 672,075. The breach, which stemmed from an exploited vulnerability in a SonicWall firewall, exposed the personal and financial data of customers from over 700 financial institutions. Compromised data includes names, Social Security numbers, and financial account details. While not officially confirmed, the Akira ransomware group, known for exploiting SonicWall flaws, is suspected to be behind the attack, with some reports alleging a ransom was paid.

March 19, 2026
4 min read
FintechSupply Chain AttackRansomwareAkiraSonicWall +2 more
Fintech Firm Marquis Revises Breach Impact to 672,000; Akira Ransomware Suspected

Dragonforce Ransomware Claims Attack on U.S. Hydraulics Firm Dynex/Rivett

HIGH

Dragonforce Ransomware Threatens to Leak Data from U.S. Manufacturer Dynex/Rivett Inc.

The Dragonforce ransomware group has claimed responsibility for a cyberattack against Dynex/Rivett Inc., a U.S.-based manufacturer of hydraulic systems. In a post on March 18, 2026, the group announced the attack and threatened to publish a 'full leak' of stolen data if the company does not make contact to negotiate. This incident employs a typical double-extortion tactic, where data is both encrypted and stolen to maximize pressure on the victim to pay a ransom. The nature and volume of the exfiltrated data have not been specified.

March 19, 2026
3 min read
RansomwareDragonforceDouble ExtortionManufacturingData Leak
Dragonforce Ransomware Claims Attack on U.S. Hydraulics Firm Dynex/Rivett

Freedom Mobile Data Breach Exposes Customer PII via Compromised Subcontractor

MEDIUM

Freedom Mobile Discloses Data Breach After Subcontractor Credentials Used to Access Customer Data

Canadian telecom provider Freedom Mobile disclosed a data breach on March 18, 2026, that occurred in January. An unauthorized third party gained access to the company's customer account management platform for one week using the compromised credentials of a subcontractor. The breach exposed customer PII including names, addresses, dates of birth, and phone numbers. Freedom Mobile confirmed that more sensitive data like passwords and financial information was not affected, but the incident highlights the significant risks posed by supply chain security gaps.

March 19, 2026
3 min read
Supply Chain AttackPIITelecommunicationsCredential CompromiseThird-Party Risk
Freedom Mobile Data Breach Exposes Customer PII via Compromised Subcontractor

Apple Silently Patches WebKit Flaw That Could Let Sites Steal Your Data

MEDIUM

Apple Patches WebKit Cross-Origin Flaw (CVE-2026-20643) That Bypassed Same-Origin Policy

Apple released a silent, background security patch on March 18, 2026, to fix a cross-origin vulnerability in WebKit, its core web rendering engine. The flaw, CVE-2026-20643, could allow a malicious website to bypass the same-origin policy, a fundamental browser security feature. This would enable an attacker to access or steal data from other websites open in different tabs. The patch was delivered automatically to users on the latest versions of iOS and macOS. There is no evidence of active exploitation.

March 19, 2026
3 min read
AppleWebKitSame-Origin PolicyCross-OriginVulnerability +1 more
Apple Silently Patches WebKit Flaw That Could Let Sites Steal Your Data

Data of 129,509 Vault Strategies Customers Leaked Online After Ransomware Attack

HIGH

Vault Strategies Data Breach Escalates as PII of 129,509 Individuals is Published Online

Data stolen from benefits administrator Vault Strategies during a December 2025 ransomware attack by the 'Incransom' group has now been made public. On March 18, 2026, a searchable database containing the extensive Personally Identifiable Information (PII) of 129,509 individuals was posted online. The exposed data includes full names, addresses, dates of birth, and Social Security numbers, placing victims at high risk of identity theft and prompting investigations into a potential class-action lawsuit.

March 19, 2026
3 min read
Data LeakRansomwareIncransomSSNPII +1 more
Data of 129,509 Vault Strategies Customers Leaked Online After Ransomware Attack

CISA Warns of Critical Code Injection Flaw in Schneider Electric ICS Software

HIGH

CISA Highlights Critical Code Injection Vulnerability (CVE-2026-2273) in Schneider Electric EcoStruxure

CISA issued an ICS advisory on March 19, 2026, for a critical code injection vulnerability, CVE-2026-2273, in Schneider Electric's EcoStruxure Automation Expert software. The flaw, with a CVSS score of 8.2, could allow an authenticated attacker to achieve arbitrary command execution by tricking a user into opening a malicious project file. This could lead to a compromise of the engineering workstation and pose a significant risk to industrial control systems. Schneider Electric has released a patched version.

March 19, 2026
4 min read
ICSOTSchneider ElectricCode InjectionVulnerability +1 more
CISA Warns of Critical Code Injection Flaw in Schneider Electric ICS Software

Public Sector Unprepared for AI-Powered Attacks, Report Finds

INFORMATIONAL

Report: Public Sector Defenses Outpaced by AI-Driven Cyberattacks and Supply Chain Risks

A March 18, 2026 report by LevelBlue reveals that public-sector organizations are struggling to defend against a rising tide of cyberattacks, especially those enhanced by AI. The study found that nearly one-third of state, local, and education (SLED) entities suffered a breach in the last year. A concerning 44% lack full visibility into their supply chain, and only 28% feel prepared for AI-enabled threats, highlighting significant gaps in visibility, readiness, and workforce training across the public sector.

March 19, 2026
3 min read
Public SectorAICybersecurity ReportSupply Chain RiskGovernment +1 more
Public Sector Unprepared for AI-Powered Attacks, Report Finds

CISA Adds Actively Exploited Zimbra XSS Flaw to KEV Catalog

HIGH

CISA Confirms Active Exploitation of Zimbra XSS Flaw (CVE-2025-66376), Adds to KEV Catalog

On March 18, 2026, CISA added a cross-site scripting (XSS) vulnerability in Synacor's Zimbra Collaboration Suite, CVE-2025-66376, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms the vulnerability is being actively exploited in the wild. The flaw could allow attackers to inject malicious scripts into the web client, potentially leading to session hijacking or data theft. U.S. federal agencies are now required to remediate the vulnerability promptly.

March 19, 2026
3 min read
CISAKEVZimbraXSSVulnerability +1 more
CISA Adds Actively Exploited Zimbra XSS Flaw to KEV Catalog

Updated Articles (1)

Interlock Ransomware Weaponized Cisco Firewall Zero-Day 36 Days Before Patch

CRITICAL

Interlock Ransomware Exploited Critical Cisco Firewall Zero-Day (CVE-2026-20131) for Over a Month

Update:

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20131 to its Known Exploited Vulnerabilities (KEV) catalog on March 19, 2026, mandating federal agencies to patch the critical flaw. The vulnerability, an insecure deserialization issue, has been explicitly rated with a CVSS score of 10.0. Further technical analysis reveals Interlock's use of an ELF binary with custom JavaScript and Java-based RATs, PowerShell for reconnaissance, Bash scripts for reverse proxies, and legitimate tools like ConnectWise ScreenConnect and Volatility Framework for defense evasion and lateral movement. The scope also includes Cisco Security Cloud Control (SCC) Firewall Management.

March 8, 2026
Updated: March 19, 2026
5 min read
RansomwareInterlockCiscoZero-DayVulnerability +3 more
Interlock Ransomware Weaponized Cisco Firewall Zero-Day 36 Days Before Patch

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.