Trivy Supply Chain Attack Escalates, Oracle Issues Critical RCE Patch, and CISA Adds Actively Exploited Flaws to KEV Catalog
Summary
This intelligence brief for March 23, 2026, covers a rapidly escalating supply chain attack against the Trivy security scanner, with attackers publishing new malicious Docker images and re-establishing access. Oracle has issued an emergency out-of-band patch for a critical 9.8 CVSS RCE vulnerability in its Identity Manager. CISA has added actively exploited flaws in Apple, Laravel, and Craft CMS to its KEV catalog, mandating federal patching. Other major incidents include a data breach at Navia Benefit Solutions affecting 2.7 million individuals, a ransomware attack on the City of Los Angeles by the WorldLeaks group, and an international takedown of massive DDoS botnets that infected over 3 million IoT devices.
Today New Articles
URGENT: Oracle Patches Critical 9.8 CVSS Unauthenticated RCE Flaw
Oracle has released an emergency, out-of-band security update for a critical remote code execution (RCE) vulnerability, CVE-2026-21992. The flaw, which affects Oracle Identity Manager and Oracle Web Services Manager, carries a CVSS score of 9.8 and can be expl...
CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The flaws include an out-of-bounds write issue in Apple visionOS (CVE-2026-28217), a remot...
Navia Benefit Solutions Breach Exposes PII and PHI of 2.7 Million People
Navia Benefit Solutions, a third-party administrator of employee benefits, has disclosed a significant data breach impacting nearly 2.7 million individuals. The company revealed that an unauthorized party had access to its network for three weeks, from Decembe...
Over 7,500 Magento E-Commerce Sites Defaced in Ongoing Global Campaign
A widespread and ongoing defacement campaign has compromised over 7,500 websites running the Magento e-commerce platform since late February 2026. The attackers, using aliases like 'Typical Idiot Security', are exploiting a suspected file upload vulnerability...
WorldLeaks Ransomware Claims Attack on City of Los Angeles, Leaks Police Data
The City of Los Angeles has been listed as a victim on the darknet leak site of the WorldLeaks ransomware group. The group, believed to be a rebrand of the Hunters International gang, claims to have stolen nearly 160 GB of data and has published pages from a p...
Warning: Critical 10.0 CVSS Quest KACE Flaw from 2025 Now Actively Exploited
A critical authentication bypass vulnerability in the Quest KACE Systems Management Appliance (SMA), CVE-2025-32975, is being actively exploited in attacks observed in March 2026. The flaw, which has a perfect CVSS score of 10.0 and was patched in May 2025, al...
Puerto Rico Water Authority Hit by Cyberattack, Exposing Customer and Employee Data
The Puerto Rico Aqueduct and Sewer Authority (PRASA) has confirmed it was the victim of a cyberattack that resulted in the exposure of customer and employee data. The utility, which is responsible for the territory's water supply, stated that critical water di...
New 'Perseus' Malware with Espionage Features Used by Drug Cartels
Security researchers have identified a new malware strain named 'Perseus,' reportedly developed for and used by Drug Trafficking Organizations (DTOs) to conduct espionage against targets like journalists, officials, and rival groups. Perseus is a sophisticated...
A Look Inside 'The Gentlemen': A Sophisticated RaaS Operation
Security researchers have published detailed profiles of 'The Gentlemen,' a Ransomware-as-a-Service (RaaS) operation that emerged in mid-2025 and has been targeting organizations across at least 17 countries. The group employs a double-extortion strategy, exfi...