The Lyceum: Cybersecurity Weekly — Mar 22, 2026

This was the week the boring stuff bit back. The tools you never think about — your phone's OS version, your office email server, your browser, a plain text file — turned out to be exactly where attackers are living. Meanwhile, ransomware hit a city's transit system, an AI agent framework became a CVE factory, and Bruce Schneier proved you can poison an AI's brain with a fake hot dog eating contest. The through-line: trust is the attack surface now, and the things you assume are safe are the things getting exploited.

• March 2026 Patch Tuesday (Microsoft): 83 CVEs patched including two publicly disclosed zero-days — CVE-2026-21262 (SQL Server privilege escalation, CVSS 8.8) and CVE-2026-26127 (.NET denial of service, CVSS 7.5).
• Android Security Bulletin — March 2026 (Google): Patches a Qualcomm display component zero-day (CVE-2026-21385) already under limited active exploitation; requires patch level 2026-03-05.
• Chrome 146 Emergency Update (Google): Fixes two actively exploited zero-days in V8 and Skia (CVE-2026-3909, CVE-2026-3910).
• Metasploit Framework 6.4.123 (Rapid7): Two new exploit modules (AVideo-Encoder, FreePBX) plus seven bug fixes.
• Metasploit Pro 5.0.0 (Rapid7): Major release adding AD CS exploitation techniques, SAML SSO, and new exploit modules.
• OpenClaw 2026.3.1 (OpenClaw): Security release addressing five CVEs disclosed in a 48-hour window, including remote code execution and authorization bypass flaws.

If you rode the LA Metro this week and couldn't figure out when your train was coming, now you know why.

The WorldLeaks ransomware group breached the City of Los Angeles and posted 159.9 GB of claimed stolen data on its leak site on March 20th. The damage cascaded into transit: LA Metro restricted internal systems, and riders reported problems adding funds to TAP cards online. Foster City separately declared a state of emergency after a related ransomware incident disrupted municipal services and warned residents to change passwords. Additional reporting suggests Bay Area transit operations felt spillover effects.

WorldLeaks isn't small-time. Ransom-DB tracks 127 victims since May 2025, with the U.S. as its primary target. If Los Angeles confirms exactly what's in that 159.9 GB, this escalates from a municipal IT headache into a mass data breach notification affecting potentially millions of residents. If the data turns out to include law enforcement records, court filings, or utility accounts, the fallout will be measured in years of identity monitoring letters. The signal to watch: whether other major cities accelerate ransomware-specific incident response funding, or whether this gets absorbed as background noise.

If you've been casually tapping "remind me later" on iOS updates, DarkSword is the bill coming due.

Researchers at Google, iVerify, and Lookout revealed a full-chain iOS exploit kit that's been silently hacking iPhones since late 2025 via booby-trapped websites — no taps or installs required. DarkSword strings together six vulnerabilities (three were zero-days at the time of use) to go from browser bug to full device takeover. It targets older-but-common iOS versions (roughly 18.4–18.7) and has been linked to both commercial spyware vendors and suspected state-backed operations across at least four countries. Apple has since patched the bugs and issued rare public warnings urging users on older devices to update.

Building on this, Apple separately warned users of older iPhones that they're also at risk from the Coruna toolkit — a 23-component exploitation package originally built inside U.S. defense contractor L3Harris. Apple's Lockdown Mode would have blocked both kits, but almost nobody enables it. If you or someone you know is still running an iPhone that can't reach the latest iOS, start treating it like an untrusted device: minimal sensitive apps, assume communications could be monitored, plan a replacement. The shift here is that "I'll update eventually" is now a documented surveillance risk, not just a best-practice violation.

Your web browser remains the front door to basically everything you do online, and attackers keep trying the handle.

Google shipped an emergency Chrome update to fix two zero-day flaws — CVE-2026-3909 (Skia graphics library) and CVE-2026-3910 (V8 JavaScript engine) — that Google said were already being exploited in the wild. A malicious website could feed Chrome crafted content and potentially run code within — and sometimes beyond — the browser sandbox. Chrome 146 on desktop is patched; Edge, Opera, and other Chromium-based browsers are rolling out fixes.

If your browser didn't recently nag you to restart, go to Settings → About and force-check. Staying one version behind Chrome now means being a known, documented target. The failure mode is simple: if Chromium-adjacent browsers like Edge or Brave lag behind Google's patch timeline, expect targeted campaigns that discriminate by user-agent string, hitting whichever browser family is slowest.

Amazon's threat intelligence team disclosed that the Interlock ransomware group exploited a critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center for 36 days before Cisco publicly disclosed it. The attackers used the flaw to execute code and gain control of devices, giving them a substantial head start. Researchers attributed part of the discovery to attacker operational mistakes — misconfigured servers that exposed their toolkit.

This is the nightmare scenario for enterprise security: your perimeter defense device is the entry point, and the vendor hasn't told you yet. The DB Digest roundup highlights the real-world ransomware fallout. If you run Cisco firewall management consoles, check that patches are applied and that admin interfaces aren't exposed to the open internet. The broader lesson: assume there are more of these quiet windows between exploitation and disclosure, and design your monitoring to catch anomalies even when you don't know what the vulnerability is yet.

OpenClaw — the AI agent framework that surpassed React as GitHub's most-starred project — accumulated five new CVEs in 48 hours this week, and the picture they paint is ugly.

One critical flaw allowed remote webpages to connect to OpenClaw's localhost gateway (because the software implicitly trusted localhost). Another let attackers brute-force gateway passwords. A third allowed bypassing operator pairing to self-assign admin privileges. The plugin marketplace, ClawHub, compounds the risk: researchers found hundreds of malicious "skills" masquerading as productivity add-ons. Install a helpful-looking plugin and you've given it the same privileges as your agent — including access to your files, shell, and credentials. A separate CVE detail from RedPacket Security documents one of the specific flaws.

Meanwhile, a new research preprint introduces ClawWorm — a self-replicating attack that needs just one malicious message to rewrite an agent's configuration, execute arbitrary payloads on restart, and auto-spread to other agents via messaging integrations. It's a lab demo, but built on production software with real-world defaults. If you use OpenClaw, update to 2026.3.1 immediately, audit every installed skill, and treat the agent like you'd treat an SSH server — not a cute toy.

Nobody has ever looked at a text file and thought "that could hack me." That instinct is now wrong.

CVE-2026-20841 is an 8.8-rated remote code execution flaw in modern Windows Notepad. A crafted Markdown file opens a malicious hyperlink that launches unverified protocols and can pull in and execute remote code — one click, full compromise. Proof-of-concept exploit code is already on GitHub. Notepad's ubiquity and broad trust means phishing campaigns could be more effective.

Here's the catch: the patch shipped through the Microsoft Store, not Windows Update, so it may not have installed automatically. Open the Store, check Notepad, enable automatic app updates. Until you've confirmed the fix, treat random .md attachments the same as unknown executables. If this CVE starts appearing in active phishing campaigns — and with public exploit code, it likely will — the conversion rate will be high precisely because nobody suspects a text file.

Recorded Future believes 2026 will be the first year new ransomware actors outside Russia outnumber those emerging within it — not because Russian operations are declining, but because the global ecosystem has expanded dramatically.

The stranger development: ransomware groups made less money in 2025 despite a 47% increase in publicly reported attacks in 2025, and they're responding by pivoting to new pressure tactics. According to Recorded Future, insider recruitment attempts — particularly targeting native English speakers — increased significantly throughout 2025. In one documented case from an FBI advisory, an attacker completed a social engineering help desk scam but couldn't install tools remotely due to security controls, so they turned to gig workers to finish the job physically. Your IT help desk's verification process is now a ransomware attack surface.

Separately, Bitdefender's March threat debrief flagged the return of AtomSilo — a ransomware group dormant since 2021 that reappeared in February 2026. Dormant-and-return patterns sometimes mean original operators are back; sometimes someone bought the brand for dark web credibility. Either way, if you're threat-blocking based on known-bad lists, a resurrected actor is exactly the thing your tooling won't catch on day one. The broader trend is fragmentation: smaller groups, faster rebranding, enterprise-grade efficiency.

Xakep.ru reports on Perseus, a newly identified Android banking trojan that specifically targets note-taking apps — scanning saved notes for passwords, seed phrases, and financial details that users store in plain text. The malware disguises itself as a system utility and uses accessibility services to read content across apps. This is a practical reminder that "I'll just save it in Notes" is now an explicitly targeted behavior, not just bad hygiene.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Xakep.ru covers new Interpol statistics showing that fraud operations using AI tools — deepfake voice, generated documents, automated social engineering — are generating 4.5 times the revenue of traditional scam operations (March 2026 Interpol assessment). The data comes from Interpol's latest global assessment and suggests AI isn't just making fraud easier; it's making it dramatically more profitable, which will attract more criminal investment.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

Xakep.ru provides technical detail on the Stryker medical technology cyberattack, reporting that attackers wiped corporate data across the company's environment without deploying traditional malware — instead abusing legitimate device management tools (consistent with the Intune/MDM vector reported in English-language coverage). The Russian-language reporting adds operational specifics about the wipe methodology that haven't appeared in English sources.

Source: Xakep.ru — Russian. No English-language coverage confirmed at time of publication.

A city that can't sell you a bus pass because ransomware ate its servers. A text file that runs malware if you click wrong. An AI agent framework so popular it's speedrunning every security mistake the web made in 2005.

Somewhere, a ransomware gang is browsing LinkedIn for its next hire, and the scariest part is they probably have a better onboarding process than your company.

Until next week — patch your Notepad, distrust your notes app, and don't eat any hot dogs in South Dakota.

If someone you know still thinks a .txt file can't hurt them, forward this their way.