Early detection is not a best practice — it is the primary lever that separates a contained incident from a catastrophic breach. And yet, across thousands of organizations globally, the gap between when attackers move and when defenders notice remains…
Tag: Cyber Security News
Microsoft Releases Cumulative Updates for Windows 11 25H2/24H2 and 23H2
Microsoft has released its latest round of cumulative updates for March 2026, delivering essential security fixes and system improvements for Windows 11 users. These mandatory updates target Windows 11 versions 25H2 and 24H2 (KB5079473) and version 23H2 (KB5078883), focusing on…
Instagram Down: New Outage Causes Widespread Disruption in Posting and DM Functionality
A significant service disruption has hit Meta’s Instagram platform today, leaving thousands of users globally unable to access their accounts, refresh timelines, or send direct messages. As of March 11, 2026, the widespread downtime has primarily affected users in the…
Microsoft .NET 0-Day Vulnerability Enables Denial-of-Service Attacks
An emergency security update has been released to address a newly disclosed .NET Framework vulnerability, tracked as CVE-2026-26127. This security flaw allows unauthenticated, remote attackers to trigger a Denial-of-Service (DoS) condition on the network. With a CVSS score of 7.5,…
Gogs Vulnerability Enables Attackers to Silently Overwrite Large File Storage Objects
A critical security flaw has been discovered in a popular open-source, self-hosted Git service, allowing attackers to overwrite Large File Storage (LFS) objects secretly. Tracked as CVE-2026-25921, this maximum-severity vulnerability carries a CVSS 3.1 score of 10.0. It creates a…
Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges
Microsoft has disclosed a critical zero-day vulnerability in SQL Server that allows authenticated attackers to escalate their privileges to the highest administrative level on affected database systems. Tracked as CVE-2026-21262, the flaw was officially released on March 10, 2026, and…
Fortinet FortiManager fgtupdates Vulnerability Allows Attackers to Execute Malicious Commands
Fortinet has disclosed a high-severity stack-based buffer overflow vulnerability in its FortiManager platform that could allow remote unauthenticated attackers to execute unauthorized commands. Tracked as CVE-2025-54820 and assigned a CVSSv3 score of 7.0, the flaw poses a significant risk to…
Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation
Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite. The flaws, ranging from High to Critical severity, could allow attackers to escalate privileges on affected systems, with one critical flaw exploitable…
Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution
Fortinet released a sweeping security advisory on March 10, 2026, addressing eleven vulnerabilities across its core enterprise products, including FortiManager, FortiAnalyzer, FortiSwitchAXFixed, and FortiSandbox. The flaws range from authentication bypasses and buffer overflows to OS command injection and SQL injection,…
Ivanti Desktop and Server Management Vulnerability Allows Attackers to Escalate Privileges
Ivanti has issued a security update for its Desktop and Server Management (DSM) software, addressing a high-severity vulnerability that could allow a local authenticated attacker to escalate their privileges on affected systems. The flaw, tracked as CVE-2026-3483, carries a CVSS…
OpenAI to Acquire Promptfoo to Fix Vulnerabilities in AI Systems
OpenAI has announced its acquisition of Promptfoo, an artificial intelligence security platform designed to help enterprises find and fix vulnerabilities during development. This strategic move aims to secure AI systems against emerging threats, such as prompt injection and jailbreaks, before…
Malformed ZIP Files Allows Attackers to Bypass Antivirus and EDR Detections
A critical flaw in how antivirus and Endpoint Detection and Response (EDR) systems process archive files. Tracked as CVE-2026-0866, this weakness allows attackers to use intentionally malformed ZIP headers to sneak malicious payloads past standard security scanners entirely undetected. ZIP…
Cloudflare Pingora Vulnerabilities Allows Request Smuggling & Cache Poisoning Attacks
Cloudflare has released version 0.8.0 of its open-source Pingora framework to patch three critical vulnerabilities: CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836. These flaws allow HTTP request smuggling and cache poisoning, posing a severe threat to standalone Pingora deployments exposed directly to the…
Microsoft Patch Tuesday March 2026 – 78 Vulnerabilities Fixed, Including One 0-day
Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026, addressing 78 vulnerabilities across a wide range of products, including Windows, Microsoft Office, Azure, SQL Server, and .NET. The update includes one actively exploited zero-day vulnerability and…
CISA Warns of Ivanti Endpoint Manager Authentication Bypass Vulnerability Exploited in Attacks
A serious security flaw in Ivanti Endpoint Manager has caught federal attention after the Cybersecurity and Infrastructure Security Agency (CISA) added it to the Known Exploited Vulnerabilities (KEV) catalog on March 9, 2026. Tracked as CVE-2026-1603, this authentication bypass vulnerability…
Kali Linux Enhances AI-driven Penetration Testing with Local Ollama, 5ire, and MCP Kali Server
The Kali Linux team has published a new entry in its growing LLM-driven security series, this time eliminating all reliance on third-party cloud services by running large language models entirely on local hardware. The guide demonstrates how security professionals can…
SAP Security Update – Patch for Multiple Vulnerabilities that Enable Remote Code Execution
SAP released 15 new security notes on its March 2026 Patch Day, addressing a range of vulnerabilities across its product portfolio, including two critical-rated flaws that could enable remote code execution and complete system compromise. SAP strongly urges all customers…
iPhone Exploit Toolkit Used by Russian Spies Likely Originated from U.S. Contractor
A powerful iPhone exploit kit named “Coruna,” initially created for Western intelligence by U.S. contractor L3Harris, has fallen into the hands of Russian spies and Chinese cybercriminals. The Coruna toolkit features 23 different hacking components designed to compromise Apple iPhones.…
Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data
Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for configuration management and naming in distributed applications, making timely security updates critical. These newly discovered flaws could allow attackers to access sensitive configuration data or…
Anthropic Sued the U.S. Government for Labelling Claude as ‘Supply Chain Risk’
Artificial intelligence leader Anthropic has filed an unprecedented lawsuit against the United States government after being designated a “supply chain risk”. The legal action, filed in a California federal court on Monday, targets the executive office of President Donald Trump,…