# Archive
Browse past daily curated stories
Wednesday, March 04, 2026
-
1BleepingComputer generalCISA flags VMware Aria Operations RCE flaw as exploited in attacks
CISA added VMware Aria Operations vulnerability CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, confirming active exploitation of this RCE flaw. Federal agencies must patch by the CISA deadline, and the KEV listing signals widespread threat actor interest in this VMware infrastructure management platform vulnerability.
-
2Dark Reading generalQualcomm Zero-Day Exploited in Targeted Android Attacks
Google patched CVE-2026-21385, a high-severity memory corruption flaw in Qualcomm's graphics component that has been actively exploited in targeted Android attacks. The vulnerability allows buffer over-read when adding user data without checking available buffer space, with exploitation potentially linked to commercial spyware or nation-state groups.
-
3SecurityWeek generalIranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters
Iranian drone strikes directly hit two AWS data centers in the UAE and damaged another facility in Bahrain, disrupting cloud services across the Middle East. The physical attacks demonstrate how geopolitical conflicts can directly impact critical cloud infrastructure that enterprises worldwide depend on for operations.
-
4BleepingComputer generalPaint maker giant AkzoNobel confirms cyberattack on U.S. site
Dutch paint giant AkzoNobel confirmed hackers breached the network of one of its U.S. sites in what appears to be a targeted attack on industrial infrastructure. The breach affects a multinational company with significant manufacturing operations, highlighting ongoing threats to critical industrial sector organizations.
-
5Dark Reading generalDark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate
Interpol's operation against an African cybercrime syndicate led to 574 arrests and recovery of over $3 million, with threat hunters helping decrypt six malware variants. The international law enforcement action demonstrates the scale of organized cybercrime operations and the critical role of private sector threat intelligence in dismantling criminal networks.
-
6CyberScoop generalPossible U.S.-developed exploits linked to first known ‘mass’ iOS attack
Researchers traced U.S.-developed exploits through a supply chain from spyware vendors to Russian hackers to Chinese cybercriminals in the first known mass iOS attack. The exploit kit's journey illustrates how advanced nation-state tools proliferate through cybercriminal ecosystems, creating broader security risks beyond their original targets.
-
7BleepingComputer generalLexisNexis confirms data breach as hackers leak stolen files
LexisNexis Legal & Professional confirmed a data breach where hackers accessed customer and business information, with threat actors subsequently leaking 2 GB of stolen data containing millions of records. The breach affects a major legal and professional services data provider, potentially exposing sensitive client information and legal research data.
-
8BleepingComputer generalMicrosoft: Hackers abuse OAuth error flows to spread malware
Microsoft identified hackers abusing legitimate OAuth redirection mechanisms to bypass email and browser phishing protections, targeting government and public-sector organizations. The technique leverages trusted OAuth flows to redirect victims to attacker-controlled infrastructure without stealing authentication tokens, representing an evolution in phishing tactics.
-
9SecurityWeek generalQuantum Decryption of RSA is Much Closer than Expected
A newly announced quantum algorithm challenges assumptions about RSA decryption timelines, suggesting quantum computers could break RSA encryption much sooner than expected without requiring million-qubit systems. This development accelerates concerns about quantum threats to current encryption standards and the urgency of post-quantum cryptography adoption.
-
10CyberScoop generalResearchers discover suite of agentic AI browser vulnerabilities
Researchers discovered vulnerabilities in agentic AI browsers like Comet that allow attackers to access local file systems, browse directories, and exfiltrate data through simple calendar invites. The findings highlight new attack surfaces created by AI-powered browsing tools that can be manipulated to perform unauthorized system operations.