Daily Digest

CISA Warns on Intune & SharePoint Exploits; Russian Spies Target Signal; DarkSword iOS Zero-Click Hits iPhones

CISA Warns on Intune & SharePoint Exploits; Russian Spies Target Signal; DarkSword iOS Zero-Click Hits iPhones

March 20, 2026
6 articles (5 new, 1 updated)
18 min read

Summary

This 24-hour cybersecurity brief covers a critical period from March 19-20, 2026. Key events include CISA's urgent warnings following a destructive attack on Stryker using Microsoft Intune and active exploitation of a critical SharePoint RCE flaw (CVE-2026-20963). The FBI also attributed a global phishing campaign targeting Signal and WhatsApp users to Russian Intelligence. Concurrently, researchers detailed 'DarkSword,' a potent zero-click iOS exploit chain used by spyware vendors, and the Medusa ransomware group crippled a major US medical center. These incidents highlight escalating threats against cloud management tools, critical software vulnerabilities, and secure communication platforms.

Filter by Category

New Articles (5)

Identity Service Providers CGI Group and Aura Hit by Data Breaches

HIGH

Data Breaches at Identity Service Providers CGI Group and Aura Expose Sensitive User Data

Two separate data breaches have impacted companies in the identity services sector. IT consulting giant CGI Group, which manages Sweden's e-government platform, is investigating a breach after its data was found on the dark web. This raises concerns about the security of sensitive data for Swedish citizens who use the platform to access government services. In a separate incident, identity protection firm Aura confirmed a breach claimed by the ShinyHunters hacking collective. The attackers allegedly stole 12GB of files affecting 35,000 customers from a marketing tool used by a company Aura acquired in 2021. These incidents highlight the high value of PII and the persistent risk of third-party and supply-chain-related breaches.

March 20, 2026
3 min read
Data BreachShinyHuntersCGI GroupAuraThird-Party Risk +2 more
Identity Service Providers CGI Group and Aura Hit by Data Breaches
Data Breach
Supply Chain Attack
Threat Actor

Foster City Declares State of Emergency After Cyberattack Cripples Public Services

HIGH

Cyberattack on Foster City, California Disrupts All Non-Emergency Public Services

Foster City, California, has declared a state of emergency following a significant cybersecurity breach on March 19, 2026. The attack has caused a widespread shutdown of all non-emergency city services, impacting the public's ability to conduct business with the city. While police and fire departments remain operational, other municipal functions are temporarily paused. Officials have not disclosed the nature of the attack but have warned that public information may have been accessed. The city is working with external cybersecurity experts to restore systems and is encouraging residents who have done business with the city to change their passwords as a precaution.

March 20, 2026
3 min read
Foster CityCyberattackMunicipal GovernmentState of EmergencyPublic Services
Foster City Declares State of Emergency After Cyberattack Cripples Public Services
Cyberattack
Policy and Compliance
Ransomware

Poland Thwarts Iran-Linked Cyberattack on National Nuclear Research Center

MEDIUM

Poland Successfully Foils Cyberattack on its National Center for Nuclear Research

Polish officials announced on March 20, 2026, that they had successfully thwarted a cyberattack targeting the IT infrastructure of the country's National Center for Nuclear Research (NCBJ). While specific details about the attack's nature or methods were not disclosed, authorities have assessed that the malicious activity originated from Iran. The successful defense of a critical national research facility highlights the persistent threat of nation-state cyber espionage and attacks against sensitive scientific and infrastructure sectors. The incident comes amid a heightened state of alert in Western nations for such threats.

March 20, 2026
3 min read
PolandIranCyberattackNuclear SecurityNation-State +2 more
Poland Thwarts Iran-Linked Cyberattack on National Nuclear Research Center
Cyberattack
Threat Actor
Industrial Control Systems

RSAC 2026 Preview: AI Risks and Quantum Computing Threat Dominate Agenda

INFORMATIONAL

RSAC 2026 Preview: AI Security and Quantum Readiness Take Center Stage

As the cybersecurity industry gears up for RSA Conference 2026 in San Francisco, the agenda reveals a significant focus on two transformative technologies: agentic Artificial Intelligence (AI) and quantum computing. Key themes revolve around managing the new attack surfaces and identity challenges introduced by autonomous AI agents, and the urgent need for organizations to prepare for post-quantum cryptography (PQC). The industry conversation is shifting from theoretical discussions to practical implementation strategies, urging leaders to begin inventorying cryptographic assets and planning their migration to quantum-resistant algorithms now. The conference signals a move away from pure defense towards building long-term resilience in the face of these disruptive technologies.

March 20, 2026
3 min read
RSACAIQuantum ComputingPQCCybersecurity Conference +2 more
RSAC 2026 Preview: AI Risks and Quantum Computing Threat Dominate Agenda
Policy and Compliance
Security Operations

LAPSUS$ Hacking Group Reemerges, Claims Breach of Pharma Giant AstraZeneca

HIGH

LAPSUS$ Claims Data Breach at AstraZeneca, Attempts to Sell Internal Data

The notorious LAPSUS$ hacking group appears to have resurfaced, claiming a significant data breach at the pharmaceutical giant AstraZeneca. In a departure from some of their previous high-profile attacks, the group is attempting to sell a 3GB archive of allegedly stolen data on illicit forums. LAPSUS$ has posted screenshots as proof, claiming the data includes Java source code, Terraform configurations for AWS and Azure, and private keys for GitHub and Jenkins pipelines. They are directing potential buyers to contact them via the Session messaging app. AstraZeneca has not yet commented on the claim, but the reemergence of this highly unpredictable and effective group is a major concern for large enterprises.

March 20, 2026
4 min read
LAPSUS$AstraZenecaData BreachThreat ActorSource Code Leak +2 more
LAPSUS$ Hacking Group Reemerges, Claims Breach of Pharma Giant AstraZeneca
Threat Actor
Data Breach
Supply Chain Attack

Updated Articles (1)

Interlock Ransomware Exploited Critical Cisco Firewall Zero-Day for 36 Days Before Patch

CRITICAL

Interlock Ransomware Gang Actively Exploited Critical Cisco Zero-Day (CVE-2026-20131) for Over a Month

Update:

Further information has emerged regarding the Interlock ransomware group's exploitation of CVE-2026-20131. Amazon's threat intelligence team discovered the activity via their MadPot honeypot network, and Cisco was reportedly unaware of the active exploitation until Amazon's notification. CISA has set a patch-by deadline of March 22, 2026, for federal agencies. New cyber observables for detection include specific URL patterns, network traffic patterns indicative of Java deserialization payloads, and monitoring the `java` process on the FMC appliance for suspicious activity. Remediation steps also highlight MITRE D3FEND techniques like Software Update (D3-SU) and Network Isolation (D3-NI).

March 19, 2026
Updated: March 20, 2026
5 min read
Zero-DayRansomwareCiscoFirewallKEV +2 more
Interlock Ransomware Exploited Critical Cisco Firewall Zero-Day for 36 Days Before Patch
Vulnerability
Ransomware
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats