# Archive
Browse past daily curated stories
Friday, March 20, 2026
-
1Krebs on Security threat-intelFeds Disrupt IoT Botnets Behind Huge DDoS Attacks
U.S., Canadian, and German authorities dismantled four major IoT botnets (Aisuru, Kimwolf, JackSkid, and Mossad) that compromised over 3 million devices including routers and webcams. The botnets were responsible for record-breaking DDoS attacks capable of taking nearly any target offline.
-
2Ars Technica Security generalHundreds of millions of iPhones can be hacked with a new tool found in the wild
Russian hackers are actively using DarkSword, a powerful iPhone exploitation toolkit that can compromise hundreds of millions of iPhones. The kit targets multiple iOS vulnerabilities and enables full device takeover for surveillance operations.
-
3BleepingComputer generalNew ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A new vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated remote code execution and complete account takeover. The flaw impacts e-commerce stores globally running these platforms.
-
4BleepingComputer generalFBI seizes Handala data leak site after Stryker cyberattack
FBI seized two websites operated by the Handala hacktivist group following their destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. The attack disrupted operations at the major healthcare equipment manufacturer.
-
5BleepingComputer generalCISA urges US orgs to secure Microsoft Intune systems after Stryker breach
CISA warned organizations to secure Microsoft Intune systems after Iranian-linked attackers exploited the endpoint management platform to wipe Stryker's network without using traditional malware. The attackers gained access through compromised credentials and used legitimate Microsoft tools for the destructive attack.
-
6BleepingComputer generalCritical Microsoft SharePoint flaw now exploited in attacks
CISA added CVE-2026-20963, a critical Microsoft SharePoint remote code execution vulnerability patched in January, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. Organizations must apply patches by April 9, 2026 according to the federal directive.
-
7The Record threat-intelInterlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon
The Interlock ransomware group exploited CVE-2026-20131, a critical Cisco Firewall Management Center zero-day vulnerability, weeks before public disclosure. Amazon researchers found evidence of exploitation since late January 2026, with links pointing to Russian threat actors.
-
8BleepingComputer generalRussian hackers exploit Zimbra flaw in Ukrainian govt attacks
APT28 (Russian GRU-linked group) is exploiting a Zimbra Collaboration Suite vulnerability to target Ukrainian government entities through malicious CSS content in HTML emails. The attacks leverage insufficient input sanitization to execute inline scripts when messages are opened in browsers.
-
9BleepingComputer generalNavia discloses data breach impacting 2.7 million people
Navia Benefit Solutions disclosed a data breach affecting nearly 2.7 million individuals whose sensitive personal information was exposed to attackers. The healthcare benefits administrator confirmed unauthorized access to systems containing member data.
-
10The Hacker News general54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
Analysis reveals 54 EDR killer programs use Bring Your Own Vulnerable Driver (BYOVD) techniques, exploiting 34 different signed vulnerable drivers to disable endpoint security software. These tools are commonly deployed by ransomware affiliates to neutralize defenses before encryption attacks.