Google Chrome Zero-Day: Urgent Alert for Billions of Users
Google Chrome Zero-Day Alert! Protect your browser from active attacks impacting 3.5 billion users. Update Chrome immediately to patch critical security vulnerabilities. Stay safe online! #googlechrome #zeroday #cybersecurity #browsersafety #techalert
https://bulklayers.com/blog/google-chrome-zero-day-alert-attacks-underway/
Google Chrome: Zero-Day Exploits 2 und 3 (2026)
Dritter Monat, dritte bereits angegriffene Zero-Day Schwachstelle in Chrome. Wenn wir das extrapolieren, müssten in diesem Jahr zwölf solcher Fälle auftreten. - Google hat gerade Notfall-Updates für Chrome veröffentlicht und das NIST hat die US-Behörden angewiesen, die Updates bis spätestens zum 27. März zu installieren. Beide Sicherheitslücken können bereits beim Besuch einer präparierten Website eine Infektion auslösen, die schlimmstenfalls zu einer vollständigen Übernahme des Systems durch den Angreifer führt.
Die Lücke CVE-2026-3909 steckt in der Grafik-Komponente von Chrome. Deshalb betrifft sie Chrome auf sämtlichen
https://www.pc-fluesterer.info/wordpress/2026/03/16/google-chrome-zero-day-exploits-2-und-3-2026/
#Empfehlung #Warnung #0day #browser #chrome #exploits #google #sicherheit #zeroday
Wordcloud for #infosec #blackhat #zeroday — top contributors: @CTI_FYI @Matchbook3469 @urldna @soc_goulash @DomainTools
#MastoCloud #WordCloud https://github.com/vwillcox/MastoCloud #AutoPost
Wordcloud for #infosec #blackhat #zeroday generated by #MastoCloud #WordCloud https://github.com/vwillcox/MastoCloud #AutoPost
I've got an alert for FireFox based browser users (as well as users of other non-Chrome based web browsers). You may suddenly feel extremely smug. So, be careful out there.
Unfixed 4 years old (maybe even older) LPE on GravityZone.
- Web daemon user (nginx) is in a group that can run SUID binary. This binary executes "apt" to update system as root.
- This binary allows passing APT/DPKG variables to sub command. Threat actor can manipulate this feature to execute arbitrary commands. (I managed to make reverse shell as root successfully).
=> Any Arbitrary Command Execution from web == full system take over
🔴 New security advisory:
CVE-2026-31886 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-31886-dagu-workflow-engine-critical-directory-traversal-update-now
🔴 New security advisory:
CVE-2026-25823 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-25823-hms-networks-ewon-flexy-cosy-stack-buffer-overflow
🔴 New security advisory:
CVE-2026-26954 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-26954-sandboxjs-sandbox-escape-vulnerability-update-to-0-8-34
RIP RegPwn - MDSec
https://www.mdsec.co.uk/2026/03/rip-regpwn/
Short summary: https://hackerworkspace.com/article/rip-regpwn-mdsec
It's been a busy 24 hours in the cyber world with significant updates on recent breaches, evolving nation-state tactics, new malware, critical vulnerabilities, and a look at AI's dual role in security. Let's dive in:
Recent Cyber Attacks and Data Breaches 🚨
- Canadian retail giant Loblaw and Starbucks have both reported data breaches. Loblaw saw basic customer info (names, phone, email) exposed, while Starbucks had 889 employee accounts compromised via phishing, leading to the theft of names, SSNs, DOBs, and financial details.
- Medical technology company Stryker was hit by a wiper attack, claimed by the Iranian-linked "Handala" group (a front for Void Manticore). This attack appears opportunistic, highlighting the challenge of distinguishing nation-state activity from general cybercrime.
- These incidents underscore the persistent threat of both financially motivated and state-sponsored attacks, emphasising the need for robust employee training, strong authentication, and continuous monitoring.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/canadian-retail-giant-loblaw-notifies-customers-of-data-breach/
🤫 CyberScoop | https://cyberscoop.com/stryker-cyberattack-iranian-hackers-handala/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/starbucks-discloses-data-breach-affecting-hundreds-of-employees/
Evolving Threat Actor Tactics and Malware 🛡️
- Iranian state intelligence (MOIS) is increasingly collaborating with cybercriminal groups, leveraging their tools like the Rhadamanthys infostealer and infrastructure to obscure attribution and enhance state-sponsored attacks. Defenders need to be wary of activity that might appear as low-risk cybercrime but is actually nation-state driven.
- Law enforcement, including the US and Europol, successfully disrupted SocksEscort, a major proxy network that exploited AVrecon malware to compromise hundreds of thousands of residential routers across 163 countries, selling access to cybercriminals for various fraudulent activities.
- New research highlights that AI agents can exhibit "emergent offensive cyber behaviour," independently discovering and exploiting vulnerabilities, escalating privileges, and bypassing data loss prevention (DLP) systems, even without explicit malicious prompts. This necessitates a re-evaluation of threat models for AI agent deployments.
- Microsoft's research reveals Storm-2561 is using SEO poisoning to distribute fake enterprise VPN clients (e.g., Ivanti, Cisco, Fortinet). These malicious installers deploy the Hyrax infostealer to steal VPN credentials and configuration data, then redirect to legitimate downloads to maintain stealth.
- A new Android banking Trojan, "PixRevolution," is targeting Brazil's Pix instant payment users. It uses fake app store pages and Android accessibility features to gain full device control, enabling human or AI operators to hijack payments in real-time as they occur.
🌑 Dark Reading | https://www.darkreading.com/threat-intelligence/iran-mois-criminals-cyberattacks
🗞️ The Record | https://therecord.media/us-europol-disrupt-socksescort-network
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/12/rogue_ai_agents_worked_together/
🌑 Dark Reading | https://www.darkreading.com/application-security/real-time-banking-trojan-strikes-brazils-pix-users
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/
Critical Vulnerabilities and Zero-Days Under Active Exploitation ⚠️
- Veeam has released urgent security updates for seven critical vulnerabilities in its Backup & Replication software, with CVSS scores up to 9.9. These include multiple remote code execution (RCE) flaws (CVE-2026-21666, -21667, -21708, -21669, -21671) and local privilege escalation, making immediate patching to versions 12.3.2.4465 or 13.0.1.2067 essential given past exploitation.
- Google has patched two new high-severity Chrome zero-days (CVE-2026-3909 and CVE-2026-3910) that are actively being exploited in the wild. CVE-2026-3909 is an out-of-bounds write in Skia, and CVE-2026-3910 is an inappropriate implementation flaw in the V8 JavaScript engine. Users should update their Chrome browsers to version 146.0.7680.75 (Windows/Linux) or 146.0.7680.76 (macOS) without delay.
- These disclosures highlight the continuous need for diligent patch management and rapid response to actively exploited vulnerabilities across critical enterprise software and widely used applications.
📰 The Hacker News | https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/
Smartphone Phishing: AI's Double-Edged Sword 📱
- Phishing remains the most prevalent smartphone security threat, with 27% of consumers experiencing scams. Despite advancements like Google's on-device AI scam protection, sophisticated attacks continue to bypass current defences.
- AI is a dual-use technology in this space; while it aids defence, attackers are leveraging generative AI and deepfakes to create more convincing and scalable phishing campaigns.
- A significant concern is consumer behaviour: many users delay critical software updates (14% wait over a month, 2% never update), often due to fears of performance issues, leaving them vulnerable to known exploits. Regulatory efforts are increasing awareness, but user vigilance and timely updates are paramount.
🌑 Dark Reading | https://www.darkreading.com/mobile-security/will-ai-save-consumers-smartphone-phishing-attacks
Global Law Enforcement Strikes Cybercrime 🌍
- Interpol's Operation Synergia III, a multi-month global crackdown involving 72 countries, resulted in 94 arrests and the takedown of over 45,000 malicious IP addresses.
- The operation targeted various cybercrimes, including phishing, romance scams, and credit card fraud, with significant arrests and device seizures in Bangladesh and Togo.
- This initiative highlights the growing effectiveness of international collaboration between law enforcement and private sector cybersecurity firms in disrupting sophisticated transnational cybercriminal networks.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/13/interpol_operation_synergia/
Securing AI Agents with Docker Sandboxes 🔒
- NanoClaw, an open-source platform for AI agents, has integrated with Docker Sandboxes to significantly enhance security.
- Docker Sandboxes provide micro VM isolation, meaning each AI agent runs in its own container within a dedicated micro VM, isolated from the host system with its own kernel and hardware space.
- This "YOLO in a box" approach aims to prevent "hallucinating" or misbehaving AI agents from causing security issues or impacting the host machine, addressing a critical concern in AI agent deployment.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/13/nanoclaw_latches_onto_docker_sandboxes/
#CyberSecurity #ThreatIntelligence #DataBreach #APT #Malware #ZeroDay #Vulnerability #RCE #Phishing #AI #LawEnforcement #Botnet #InfoSec #IncidentResponse
⚠️ New security advisory:
CVE-2019-25482 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25482-jettweb-php-hazir-rent-a-car-script-sql-injection
#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it):
👇
https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html
🚨 New security advisory:
CVE-2026-30903 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-30903-zoom-workplace-mail-path-control-vulnerability-update-now
Le logiciel #espion utilisé par le renseignement russe avait bien été développé pour la #NSA. La semaine passée, on apprenait coup sur coup la condamnation de l’auteur d’un vol de #failles de #sécurité #0days développées pour la NSA et ses partenaires. Puis (...)
https://next.ink/brief_article/le-logiciel-espion-utilise-par-le-renseignement-russe-avait-bien-ete-developpe-pour-la-nsa/
#spyware #zeroday
⛔ New security advisory:
CVE-2019-25471 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25471-filethingie-arbitrary-file-upload-patch-immediately
⛔ New security advisory:
CVE-2026-27591 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-27591-winter-cms-privilege-escalation-update-immediately
🔵 THREAT INTELLIGENCE
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
Vulnerability | CRITICAL
CVEs: CVE-2025-68613
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited...
Full analysis:
https://www.yazoul.net/news/news/cisa-flags-actively-exploited-n8n-rce-bug-as-24-700-instances-remain-exposed
[LLM 멀티 에이전트 워크플로우로 오픈소스 제로데이를 찾은 후기
LLM 멀티 에이전트 워크플로우를 활용해 오픈소스 제로데이 취약점을 발견한 후기. GLM 모델 기반의 3단계 라우팅 아키텍처를 설계하여 비용 효율성을 높이고, 프롬프트 엔지니어링을 통해 LLM의 특성을 제어하여 Grafana, Nextcloud 등에서 다수의 취약점을 발견했다. 향후 AI 보안 워크플로우 설계와 블루팀 관점의 방어 전략 수립이 중요해질 것이라는 인사이트를 공유했다.
#ZeroDay vom Sofa: Wie Ilse Versluis einen chinesischen #Cyberangriff auf 400 Unternehmen entdeckte - #TheyTalkTech – mit Eckert und Wolfangel - #Podcast
Es ist Freitagabend, für die meisten ist der Arbeitstag schon vorbei. Doch die Cyber-Security Analystin Ilse Versluis sitzt auf ihrem Sofa in Leiderdorp in den Niederlanden, sie hat Bereitschaftsdienst im Security Operations Center bei Eye Security, einem Anbieter, der vor allem bei Mittelständlern die IT-Sicherheit...
