editorially independent. We may make money when you click on links
to our partners.
Learn More
Major Threats & Vulnerabilities
Critical Software and Platform Flaws
A SQL injection flaw in Elementor’s Ally accessibility plugin exposed over 400,000 WordPress sites to potential data theft. The vulnerability stemmed from improper input sanitization, allowing attackers to extract sensitive database information. Administrators should update immediately to the patched version.
Microsoft’s March Patch Tuesday addressed a wide range of issues, including 78 vulnerabilities across Windows and Office products. The update fixed critical flaws in Office’s Preview Pane and an Excel Copilot data leak discovered by an AI agent. Organizations are urged to apply these patches promptly.
Separately, Microsoft issued an emergency patch for a .NET denial-of-service vulnerability that could allow remote attackers to crash applications via memory manipulation. While no exploitation has been reported, administrators should patch and implement rate limiting and WAF rules.
A SQL Server privilege escalation flaw was also patched, affecting versions 2016–2025. Attackers with limited access could elevate privileges to sysadmin level. Microsoft recommends enforcing least-privilege access and using MFA for administrative accounts.
Zoom disclosed multiple Windows vulnerabilities, including a critical flaw in its Workplace Mail feature. The vulnerabilities could allow remote privilege escalation without authentication. Users should update immediately and monitor for suspicious activity.
In another case, AWS revealed cryptographic weaknesses in its AWS-LC library that could allow attackers to bypass certificate validation or exploit timing flaws. While no active exploitation is known, users should update to the latest version.
Active Directory and Privilege Escalation Risks
A serious Active Directory vulnerability was patched by Microsoft after researchers found it could allow SYSTEM-level privilege escalation. The flaw involved crafted Unicode characters in SPN and UPN entries that bypassed Kerberos safeguards. Enterprises should ensure all domain controllers are updated and legacy authentication protocols are disabled.
Web and Application Exploits
The AVideo platform was found vulnerable to a zero-click exploit that allows unauthenticated attackers to hijack live streaming servers. Administrators should patch immediately and restrict access to vulnerable endpoints.
Another WordPress plugin, User Registration & Membership, was found to contain a flaw allowing attackers to create rogue admin accounts without authentication. The vulnerability is actively exploited, and users are urged to patch immediately.
Malware Campaigns and Supply Chain Threats
Attackers cloned Claude Code installation pages to distribute Amatera infostealer malware. The fake Claude Code pages used sponsored ads to lure developers. Security teams should verify installation commands and use DNS filtering and EDR tools.
A malicious npm package named @openclaw-ai/openclawai was discovered delivering GhostClaw malware, which steals credentials and crypto wallets. Developers should verify package authenticity and restrict postinstall scripts.
Meanwhile, a fake CleanMyMac website is spreading macOS malware capable of bypassing Gatekeeper protections. Users should only download software from verified sources and use MDM tools to restrict installations.
Emerging AI and Social Engineering Threats
The CyberProof 2026 report warns that identity-based and AI-driven attacks are on the rise, with compromised credentials fueling 22% of breaches. Organizations should deploy phishing-resistant MFA and monitor authentication anomalies.
A Teams impersonation campaign has been deploying A0Backdoor malware by posing as IT support. Security teams should restrict Quick Assist usage and enforce application allow-listing.
Phishing actors are also abusing .arpa domains—normally reserved for DNS infrastructure—to host malicious content. Organizations should monitor DNS logs for anomalies and strengthen filtering rules.
Industry News
Major Breaches and Investigations
Hacktivists claimed responsibility for an alleged destructive wiper attack on medical technology firm Stryker, disrupting operations across multiple countries. The incident affected its Microsoft environment and remains under investigation.
Ericsson confirmed a breach impacting over 15,000 individuals after a third-party vendor was compromised. Exposed data includes Social Security numbers and financial details, prompting calls for stronger vendor risk management.
The FBI is investigating suspicious activity in a wiretap surveillance system that manages court-authorized warrants. Unauthorized access could expose sensitive metadata and legal documents.
In a separate case, a contractor was arrested for stealing $46 million in cryptocurrency from the U.S. Marshals Service. The crypto heist was traced through blockchain analysis, and the case is pending trial.
Legal and Regulatory Developments
An EU court opinion advised that banks must immediately reimburse phishing victims under PSD2, potentially reshaping financial liability standards. Institutions are urged to review fraud response procedures.
Anthropic filed a lawsuit against the Pentagon after being labeled a supply chain risk and banned from defense contracts. The dispute underscores growing tension between AI ethics and national security policy.
Security Tips & Best Practices
How Secure Is Your AD Environment?
- Apply the latest patches and disable legacy authentication protocols like NTLM.
- Use Active Directory security tools to strengthen identity management.
- Implement least privilege and PAM to limit administrative changes.
- Monitor for suspicious SPN and group membership changes and audit configurations regularly.
How Secure Is Your SQL Server Environment?
- Regularly apply patches and enforce least-privilege roles for administrative actions.
- Use Windows authentication with MFA and restrict access through firewalls to trusted systems.
- Enable auditing, logging, and encryption such as TDE to protect data at rest.
Is Your Dev Pipeline Letting Malware In?
- Use DevSecOps tools and verify package authenticity to detect malicious dependencies before integration.
- Restrict install scripts and pin dependency versions to prevent unauthorized updates.
- Monitor developer endpoints and use trusted internal mirrors to ensure safe dependencies.
Are Your Credentials Safe from Infostealers?
- Use a password manager and enable MFA to protect accounts even if credentials are stolen.
- Deploy EDR tools and avoid saving credentials in browsers to limit data exposure.
- Avoid downloading untrusted software and monitor for credential leaks to rotate passwords quickly.
How Secure Is Your WordPress Website?
- Regularly update WordPress, themes, and plugins and remove unused components.
- Enable MFA and limit login attempts to prevent brute-force attacks.
- Use a web application firewall and maintain regular backups for quick recovery.
Organizations can leverage Active Directory and SQL Server hardening tools, DevSecOps scanning utilities, and web application firewalls to mitigate the vulnerabilities highlighted this week. Regular patching, MFA enforcement, and dependency verification remain the most effective defenses against emerging threats.
If you want to see more from our Newsletter Archive please click here.
