Cybersecurity Daily — Mar 10, 2026
Photo: lyceumnews.com
Tuesday, March 10, 2026
The Big Picture
CISA just added three actively exploited flaws to its emergency patch list — including a SolarWinds bug rated 9.8/10 — Microsoft dropped two zero-days in a massive Patch Tuesday, and a popular AI coding extension installed on nearly 5 million developer machines will execute whatever an attacker hides inside a PNG file. The theme today is: the tools you trust are being turned against you, and patch windows are measured in hours, not quarters.
Today's Stories
CISA Says Patch Now: SolarWinds, Ivanti, and Omnissa Flaws Are Already Under Attack
If you manage IT infrastructure and read one thing today, this is it. CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalog yesterday — the government's way of saying attackers are using these against real targets now.
Headliners: a deserialization flaw in SolarWinds Web Help Desk (CVE-2025-26399, 9.8/10) that allows command execution, an authentication bypass in Ivanti Endpoint Manager (CVE-2026-1603, 8.6/10) that leaks stored credentials without a password, and a server-side request forgery in Omnissa Workspace ONE UEM (formerly VMware) that exposes sensitive data with no login required.
Plain version: attackers send a crafted request and the software does the rest. SolarWinds and Ivanti sit at the center of corporate IT — compromise them and attackers get a master key. Some reporting ties the SolarWinds bug to initial-access activity by ransomware groups.
Federal agencies have a 21-day remediation clock under CISA/OMB guidance. Everyone else should act like they do: prioritize internet-facing instances and rotate any credentials stored by these services after patching.
Microsoft's March Patch Tuesday: Two Zero-Days, a SQL Server Escalation, and 79 Reasons to Update Today
Microsoft shipped fixes for 79 vulnerabilities today, including two zero-days already being exploited in the wild before patches existed. Drop everything.
The riskiest for DBAs is CVE-2026-21262, a SQL Server elevation-of-privilege bug affecting supported versions from 2016 SP3 through SQL Server 2025 — a low-access foothold can quickly turn into full control of your data tier. Other standouts: RCE in Office (open a malicious file, lose your machine) and a Print Spooler bug (CVE-2026-23669) that revives PrintNightmare-style lateral movement.
Identity risks: Microsoft Authenticator fixed CVE-2026-26123, where a malicious mobile app could impersonate Authenticator to intercept sensitive data — dangerous in BYOD settings. A publicly disclosed .NET DoS (CVE-2026-26127) raises rapid proof-of-concept risk.
Patches are on Windows Update and WSUS. Prioritize SQL servers and internet-facing systems; if SQL exploit code appears publicly this week, automated attacks will follow fast.
That AI Coding Tool on 5 Million Developer Machines? It Hands Over Full System Access Via a PNG
This is the story developers need to share with their teams today. German firm ERNW disclosed a critical flaw in Blackbox AI, an AI coding platform with 4.8 million VS Code extension installs. A hidden prompt in a PNG tricked the extension: it performed OCR, followed the embedded commands, downloaded a malicious file, and executed it — yielding RCE and full system access in the demo with no extra user action.
When the AI hesitated, the researcher used basic social engineering — blame, apology prompt — and it executed. Multiple notifications to Blackbox AI over two months across three emails got zero responses. The extension hasn't been updated since November 2025. There is no patch. Require manual approval for every agent action and don't let this tool run autonomously on anything you care about.
Russian state-linked hackers steal verification codes for Signal and WhatsApp accounts
Russian state-linked hackers are actively targeting Signal and WhatsApp accounts belonging to government officials, military personnel, and journalists worldwide — not by cracking encryption, but by tricking people into handing over their verification codes. The Netherlands' AIVD and MIVD warn of a large-scale campaign that has already hit the Dutch government.
This is social engineering: attackers chat with targets, sometimes posing as a Signal support bot, to get PINs. For WhatsApp they abuse "Linked Devices" — and unlike Signal, a successful WhatsApp takeover can expose past messages, often without the victim noticing.
Check for "doubles" in group chats — the same person listed twice, maybe with a small name change. End-to-end encryption protects transit; it doesn't stop app-level hijacking. Audit your linked devices today. Two national agencies confirm this and multiple outlets corroborate — confidence is high.
⚡ What Most People Missed
A fake OpenClaw package is sitting in npm right now, stealing everything. JFrog found a malicious npm package posing as an OpenClaw AI installer that harvests system credentials, browser data, crypto wallets, SSH keys, Apple Keychain databases, and iMessage history — while installing a persistent remote access trojan. It's been downloaded 178 times and remains in the registry. If anyone installed anything OpenClaw-related recently, treat that machine as compromised.
Velvet Tempest is using ClickFix to drop a new backdoor called CastleRAT. Ransomware actors are tricking victims into pasting terminal commands "to fix an error" to install backdoors. If you haven't briefed employees on ClickFix-style lures, do it now.
World_Leaks ransomware is running burst-fire campaigns and most defenders haven't noticed. Active since May 2025 with 127 confirmed victims across 15 countries, the group names multiple victims in quick bursts — three in one day in December — to overwhelm sector defenses. Their most recent confirmed attack was March 8. If you’re in financial services, manufacturing, or government contracting, expect hunting.
Field Effect says 80% of incidents start with hijacked cloud identities. Their 2026 Cyber Threat Outlook found attackers phish credentials and then abuse collaboration tools — Teams, Zoom Quick Assist, fake M365 tenants posing as IT helpdesks — to maintain access with legitimate tokens, making detection far harder.
Cisco Secure Firewall Management Center has two fresh CVSS 10.0 bugs. CVE-2026-20079 and CVE-2026-20131 let unauthenticated attackers reach root-level access via crafted HTTP requests. The firewall you bought to segment attackers can become their beachhead — verify exposure of management interfaces now.
📅 What to Watch
- If exploit code for CVE-2026-21262 (SQL Server privilege escalation) hits public repos this week, expect initial-access brokers to weaponize it for ransomware crews — a database foothold that turns into full-network compromise.
- If Blackbox AI pushes a VS Code Marketplace update in the next 48 hours, watch whether it changes default autonomy or adds manual-approval prompts; a narrow fix could still leave unsafe defaults that let agents run unvetted code.
- If the ShinyHunters Salesforce Aura data theft claim is confirmed, expect a wave of breach notifications from up to 400 companies — and a spike in abused API tokens and fraudulent support requests tied to exposed orgs; immediately audit connected app permissions and API access logs.
- If more European hospitals report outages similar to Szczecin's in the coming days, it likely signals a coordinated campaign or shared initial-access vector against regional healthcare networks rather than isolated opportunism.
- If Dell or CISA formally highlight CVE-2026-22769 in RecoverPoint (CVSS 10.0), expect attackers to prioritize compromising backups to thwart recovery; verify offline/immutable backups, replication integrity, and access controls on recovery appliances.
That's the Tuesday. Patch Tuesday, three KEV additions, a silent AI extension, and Russian spies asking nicely for your verification code — all in 24 hours. Check your linked devices, hug your DBA, and don't open PNGs from strangers.
See you tomorrow. Stay patched.