The Lyceum: Cybersecurity Weekly — Mar 20, 2026

This was one of those weeks where the threats came from every direction at once — and the defenses scored some real points too. A SharePoint vulnerability that Microsoft called "unlikely to be exploited" in January is now actively compromised in the wild, a perfect-score Cisco bug has been fueling ransomware since before anyone knew about it, and a supply-chain campaign called GlassWorm poisoned over 400 developer repositories using invisible characters you literally cannot see. Meanwhile, law enforcement landed genuine blows: the Justice Department dismantled multiple botnets, Interpol arrested 94 people across 72 countries, and the White House published a new cyber strategy that leans hard into offense. The lesson this week isn't that things are getting worse — it's that the seams where software meets trust (your SharePoint server, your developer toolchain, your iPhone, the AI agent plugged into your database) are exactly where attackers are pulling hardest.

• March 2026 Patch Tuesday (Microsoft): 79–84 CVEs fixed including two publicly disclosed zero-days — CVE-2026-21262 (SQL Server privilege escalation, CVSS 8.8) and CVE-2026-26127 (.NET denial of service, CVSS 7.5). Neither was exploited in the wild at patch time.
• Chrome 146.0.7680.75/76 (Google): Emergency out-of-band release patching CVE-2026-3909 and CVE-2026-3910, two zero-days exploited in the wild targeting the V8 engine and memory handling.
• CISA KEV additions: SharePoint CVE-2026-20963, Cisco FMC CVE-2026-20131, and multiple iOS vulnerabilities from the Coruna toolkit all added to the Known Exploited Vulnerabilities catalog this month.
• OWASP MCP Top 10 (OWASP): Beta framework cataloging the top ten security risks for Model Context Protocol implementations — the plumbing connecting AI agents to enterprise tools.
• UiPath Orchestrator February 2026 release (UiPath): Adds MCP Servers as a first-class feature, embedding AI agent protocol support directly into one of the largest RPA platforms.
• MCP-38 Threat Taxonomy (arXiv preprint): Researchers published a comprehensive catalog of 38 distinct vulnerability classes in MCP systems, mapping attack surfaces across malicious developers, external attackers, and structural flaws.

SharePoint — Microsoft's document management platform sitting at the center of countless corporate workflows — has a critical vulnerability that attackers are now exploiting in the wild.

CVE-2026-20963 is a remote code execution flaw (CVSS 9.8 — nearly the worst possible score) caused by a "deserialization" bug. Deserialization is the process software uses to unpack incoming data; when it goes wrong, an attacker can slip executable code into that data stream and take over the server. Microsoft's own advisory confirms that an unauthenticated attacker can write and execute arbitrary code remotely on SharePoint Server 2016, 2019, and Subscription Edition — no user interaction required.

Here's the timeline that should make you uncomfortable: Microsoft patched this in January and assessed it as "less likely" to be exploited. That assessment was wrong. On March 18, CISA added it to the Known Exploited Vulnerabilities catalog — the government's confirmed list of actively attacked flaws. Remote code execution bugs like this are prized by ransomware syndicates because once code execution is achieved, attackers can deploy backdoors, move laterally, and own the broader network.

CISA ordered federal agencies to patch by March 21. If your IT team hasn't confirmed your SharePoint patch status, that conversation needs to happen today — not next sprint. The signal to watch: if CISA escalates to a formal emergency directive, it means exploitation has spread beyond the initial wave.

A CVSS score of 10.0 means a vulnerability is as bad as it gets: trivial to exploit, requires no special access, and delivers full system compromise. This week, one of those showed up in ransomware attack logs — and it had been there for months.

Amazon revealed that the Interlock ransomware group has been exploiting CVE-2026-20131 in Cisco's Firepower Management Center since January 26 — more than a month before public disclosure. Cisco FMC is the software organizations use to manage their firewall defenses. Compromising it doesn't just break through the front door; it hands attackers the keys to the security system itself, enabling root access that makes ransomware deployment dramatically easier.

Interlock historically targets sectors where operational disruption creates maximum payment pressure: healthcare, education, manufacturing, and government. CISA ordered federal agencies to patch by March 22 — a compressed timeline that signals how seriously the agency views management-plane compromise. If your organization runs Cisco FMC, verify the patch immediately. If your FMC logs show anomalous activity going back to late January, that's not a patching problem anymore — it's an incident response trigger.

Imagine your company hired a software developer last month. Good coder, ships tickets on time, responsive on Slack. Now imagine they're actually a North Korean operative routing their paycheck to Kim Jong Un's weapons program.

IBM X-Force and Flare Research published a detailed report this week — "Inside the North Korean Infiltrator Threat" — revealing how North Korea's fake IT worker operation functions at scale. The numbers, drawn from U.S. government data: upwards of 100,000 operatives spread across 40 countries, generating approximately $500 million annually for Pyongyang. The operation is more organized than most legitimate staffing agencies, with dedicated recruiters, facilitators, and Western "collaborators" who lend their real identities to make fake workers appear legitimate.

The new wrinkle is AI. According to the Stimson Center, starting in Q3 2025, deepfake technologies appeared more frequently in active use — voice modification with female voice profiles, AI-enabled noise cancellation to mask environmental sounds during interviews, and synthetic imagery for identity documents. Multiple people often work behind a single fake employee, aiming for promotions to gain deeper system access.

What does failure to detect this look like? Your company unknowingly funds weapons development while giving a hostile state access to your codebase. The most effective detection technique reported so far is embarrassingly low-tech: identity verification for remote hires needs to get much more rigorous, and HR teams should be briefed on the specific behavioral patterns these operatives exhibit. Watch for updated CISA and FBI vetting guidance for remote contractors in defense and critical infrastructure.

Two coordinated operations landed this week. The U.S. Department of Justice and international partners disrupted multiple botnets — reported under names including Aisuru, KimWolf, JackSkid, and Mossad — that collectively infected millions of devices (routers, cameras, IoT gear) and rented them out for DDoS attacks. Separately, Interpol's Operation Synergia III, spanning 72 countries, resulted in 94 arrests, 110 more individuals under investigation, and the takedown of over 45,000 malicious IP addresses and servers used for phishing and ransomware.

These are real operational wins: removing command-and-control infrastructure raises the cost for attackers and buys defenders time. But botnets are resilient organisms. The underlying vulnerabilities — unpatched devices, weak firmware, minimal ISP cooperation — remain. The signal to watch: if DDoS volumes rebound quickly, the takedowns were a temporary disruption. If they stay suppressed for months, it means the follow-through (device hardening, ISP cooperation, firmware updates) is working.

If you've ever called a Crime Stoppers tip line trusting the ironclad promise that your identity would be protected, this story is about you.

A data exposure revealed that approximately 8.3 million records from Crime Stoppers USA — the nonprofit network operating anonymous tip lines for law enforcement agencies nationwide — were accessible in a misconfigured database. The records included tip submissions, names, email addresses, phone numbers, and details about both tipsters and investigation subjects. An activist group dumped a large dataset labeled "BlueLeaks 2.0"; DDoSecrets is hosting portions for journalists, and early reviewers report the 91.5 GB archive includes IP addresses and backend logs that make re-identification straightforward.

The problem here is categorically different from a retail data leak. People who call these tip lines are often reporting on gang activity, domestic violence, or organized crime — situations where exposure could put them in physical danger. The promise of anonymity isn't a marketing feature; it's the entire premise. And the breach mechanism? A misconfigured database — no sophisticated attack, just a door left unlocked. Watch for law enforcement agencies to reassess their partnerships with third-party tip management vendors, and for tipster participation rates to drop measurably.

Most AI security stories this year have been theoretical. This one isn't. Researchers at PromptArmor documented Snowflake's AI component — Snowflake being one of the largest cloud data platforms in the world — being manipulated through prompt injection to escape its restricted environment and execute malicious code on the underlying infrastructure.

Prompt injection works by hiding malicious instructions in data the AI processes. When AI analyzes your company's documents, emails, or database records, those records can contain hidden commands. The assumption that an AI runs "in a sandbox" and can't affect surrounding systems turns out to be more fragile than the enterprise software industry has been letting on.

What changes if this class of vulnerability is systemic (PromptArmor's researchers say it is)? Every company deploying AI tools to analyze internal data needs to treat the AI's execution environment as a potential breakout point — not a safe container. Expect similar findings across other cloud AI platforms. The observable signal: if other major cloud vendors disclose sandbox escapes in the coming weeks, it confirms that prompt injection as a code execution vector is an industry-wide problem, and enterprise AI deployment policies will need to catch up fast. Snowflake has not commented publicly on the scope or resolution.

Ukraine's Computer Emergency Response Team issued Advisory #19542 this week warning that APT28 — the Russian military intelligence unit better known as Fancy Bear — is actively exploiting CVE-2026-21509 against both Ukrainian and EU targets. The expansion to EU targets is the new and notable element.

APT28 is the same group that broke into the Democratic National Committee in 2016 and has been linked to election interference across multiple countries. Their shift toward broader European targeting reflects what analysts have warned about for months: Russia's cyber operations, initially intensified against Ukraine, are increasingly redirected toward NATO allies and EU member states. Some reporting ties the exploitation specifically to attacks against device-management infrastructure like Microsoft Intune — platforms that, if compromised, let an attacker push malicious configurations at scale to every managed endpoint.

If your organization operates in EU defense, government, or critical infrastructure, this advisory is an operational warning. The signal to watch: if Five Eyes agencies publish a joint advisory on APT28 EU targeting, it means this week's CERT-UA warning has been corroborated at the intelligence-sharing level — a much higher confidence threshold.

A full-chain iOS exploit kit called DarkSword strings together six vulnerabilities — three of them previously unknown zero-days — to take over iPhones running iOS 18.4 through 18.7. Google's threat team links DarkSword to both commercial spyware vendors and state-aligned actors in Turkey, Russia, and Saudi Arabia, all riding the same exploit chain for different campaigns.

The early-signal part is that one exploit kit is rapidly becoming a shared service — more like off-the-shelf crimeware than a bespoke spy tool. Apple has pushed patches. If you manage mobile device fleets, this is the week to audit which iOS versions are actually deployed, especially for executives and high-risk staff. The signal to watch: if Apple issues an additional emergency iOS patch this week, treat it as a top-tier action item. "Old but still working" phones are now high-value liabilities.

A supply-chain campaign called GlassWorm has compromised over 400 repositories and extensions across GitHub, npm, and the Open VSX extension registry — platforms developers use to build the software you rely on daily.

The technique is genuinely clever: attackers embed malicious payloads using "zero-width" Unicode characters — invisible text that looks perfectly normal in code editors. They steal developer tokens to force-push altered code directly into legitimate repositories, and some payloads use Solana blockchain transactions as a command-and-control channel. At least 72 malicious Open VSX extensions and a wave of trojanized npm/PyPI libraries have been identified.

What makes this dangerous is where the attack lives: exactly where developers think they're doing code review safely. A pull request can look clean to a human while shipping a backdoor. If your organization relies on open-source dependencies (and it does), this is the week to enable Unicode-highlighting plugins in editors, add static checks for anomalous Unicode in CI pipelines, and rotate developer tokens. The signal to watch: if major code hosts roll out stricter checks around invisible Unicode and forced pushes, it means GlassWorm-style attacks are being treated as a persistent industry problem rather than a one-off.

Xakep.ru reports a newly disclosed vulnerability in Ubuntu that allows local attackers to escalate privileges to root — full administrative control over the system. The flaw affects recent Ubuntu versions and could be chained with initial access techniques (phishing, compromised web apps) to achieve complete system takeover on Linux servers and workstations. Given Ubuntu's dominance in cloud and enterprise Linux deployments, this is operationally significant for anyone running Ubuntu infrastructure. No English-language coverage of this specific disclosure was found at time of publication.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Xakep.ru details a new Android banking trojan called Perseus that specifically targets data stored in note-taking apps — passwords, seed phrases, account numbers that users stash in their phone's notes assuming they're private. Perseus is distributed through fake IPTV and streaming sideload apps and exfiltrates credentials to attacker-controlled infrastructure. This represents an evolution in mobile banking malware: instead of overlaying fake login screens, it goes straight for the unstructured data users think is hidden.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Xakep.ru cites new Interpol statistics showing that fraud operations leveraging AI tools generate approximately 4.5 times more revenue than traditional fraud methods. The data reportedly comes from Interpol's analysis of recent enforcement actions and financial intelligence. This quantifies what security professionals have suspected: AI doesn't just make fraud easier — it makes it dramatically more profitable, which means the investment in AI-enabled attack tooling will only accelerate.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

A text editor that executes malware, a tip line that was never anonymous, and a hundred thousand fake coworkers quietly collecting paychecks for a nuclear weapons program.

Somewhere, a developer is staring at a pull request full of invisible characters and thinking "looks clean to me" — which is exactly what the characters were designed for.

Stay paranoid. It's working.

Know someone who should be reading this? Forward it — they'll thank you before the next patch deadline.