NCU-ISAO

Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

🛑 Russian-linked TA446 is using DarkSword iOS exploit kit in targeted phishing emails. Spoofed “discussion invites” trigger exploits only on iPhones and deliver GHOSTBLADE malware, expanding from credential theft to device compromise across government, academia, and policy targets. 🔗 How DarkSword is used in these attacks → thehackernews.com/2026/03/ta446-…

🛑 A China-linked group has embedded kernel-level sleeper implants in telecom networks since 2021. Its BPFDoor backdoor runs inside the OS, triggers via crafted packets, and enables long-term monitoring of government networks and users. 🔗 Read → thehackernews.com/2026/03/china-…

🛑 A device code phishing campaign is hitting 340+ Microsoft 365 orgs using OAuth abuse. Victims enter codes on real Microsoft pages, generating access and refresh tokens attackers reuse—even after password resets. 🔗 Read → thehackernews.com/2026/03/device…

🛡️ Kali Linux 2026.1 Released With 8 New Hacking Tools Source: cybersecuritynews.com/kali-linux-202… Kali Linux 2026.1 has officially been released, marking the first major update of the year for the popular penetration testing distribution. Under the hood, the distribution has bumped its Linux kernel to version 6.18, accompanied by 183 package updates, 25 new packages, and the removal of nine deprecated ones. Continuing their annual tradition, the Kali development team has introduced a comprehensive 2026 theme refresh. The Update also adds eight powerful new utilities to expand vulnerability scanning and adversary emulation. #cybersecuritynews #kalilinux

A phishing campaign is abusing an official device code OAuth flow. Instead of stealing passwords, attackers trick you into entering a verification code on the real login page to hijack OAuth tokens. This grants long-term access to email and files. Details: bit.ly/3PvgHG0

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks securityweek.com/cisco-firewall…

🛡️ We added Synacor Zimbra Collaboration Suite (ZCS) cross-site scripting vulnerability CVE-2025-66376 to our KEV Catalog. Visit go.dhs.gov/Z3Q for more information. #Cybersecurity #InfoSec

🛡️ We added Microsoft SharePoint deserialization of untrusted data vulnerability CVE-2026-20963 to our KEV Catalog. Visit go.dhs.gov/Z3Q for more information. #Cybersecurity #InfoSec

🚨 Rapid7 MDR is monitoring an increase in phishing campaigns via #MicrosoftTeams, wherein threat actors are impersonating internal IT departments then persuading users to grant remote access. Find our guidance in a new blog: r-7.co/46Y0grO

The cybercriminal threat actor tracked by Microsoft Threat Intelligence as Storm-2561 is running an SEO-poisoning campaign that redirects people searching for enterprise VPN software to spoofed sites and malicious ZIP downloads leading to credential theft. msft.it/6019Qlydd The ZIP file contains a malicious, digitally signed installer that masquerade as a trusted VPN client. The attack chain ultimately loads a variant of Hyrax infostealer that captures VPN sign-in credentials and VPN configuration data, and exfiltrates it to attacker infrastructure. Read the full Microsoft Defender Experts analysis of the tactics, techniques, and procedures (TTPs) and indicators of compromise of this Storm-2561 campaign, and get protection, detection, and hunting guidance:

⚠️ Veeam fixed multiple flaws in Backup & Replication, including 9.9-severity RCE bugs that let authenticated domain users run code on backup servers. Affected: all v12 builds before 12.3.2.4465. 🔗 CVEs and patch details → thehackernews.com/2026/03/veeam-…

People upgraded years ago. Most institutions didn’t notice. Tap and QR are signals, not the story. The real shift is intent-based payments, policy, and orchestration at checkout. Read more: news.banksocial.io/payments-orche…

HPE warns of critical AOS-CX flaw allowing admin password resets bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Security updates for March 2026 are now available. Details are here: msft.it/6018SZEg0 #PatchTuesday

🛑 Two Chrome extensions turned malicious after an ownership transfer. Researchers say QuickLens (7,000 users) now strips security headers and pulls remote code every 5 minutes. The payload executes via hidden elements, leaving no malicious code in the extension source. 🔗 Read → thehackernews.com/2026/03/chrome…

🎉 What an incredible night at Bits & Bytes during #GAC2026. Huge thanks to our cohosts @pureITcuso, @Kinectiv, @NcuIsao, @DefenseStorm, and , and to everyone who joined us for great conversations and connections shaping the future of Credit Union tech. 💙

Microsoft: Hackers abusing AI at every stage of cyberattacks bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

🛡️ Claude AI Uncovers 22 Firefox Vulnerabilities in Two Weeks Source: cybersecuritynews.com/claude-ai-22-f… Anthropic’s Claude Opus 4.6 demonstrated this by uncovering over 500 zero-day vulnerabilities in heavily scrutinized open-source projects. During a two-week collaborative engagement with Mozilla in February 2026, the AI model identified 22 unique security flaws within the Firefox web browser. Mozilla classified 14 of these as high-severity vulnerabilities, representing nearly 20% of all high-severity Firefox flaws remediated the previous year. #cybersecuruitynews #claude

🛑 New botnet loader Aeternum uses Polygon smart contracts as its C2 channel. Commands go straight to the public blockchain—infected devices pull & execute them. No servers. No domains. No easy takedown. (Also: US investigators linked a 300-device proxy net to a Belarus seller.) 🔗 Details → thehackernews.com/2026/02/aetern…