Episode 4 — 23 Mar 2026
1. CISA orders feds to patch DarkSword iOS flaws exploited attacks
Source: Bleeping Computer
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. As Google Threat Intelligence Group (GTIG) and iVerify researchers revealed last week , the DarkSword delivery...
2. Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Source: The Hacker News
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer...
3. Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
Source: Security Week
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
4. Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Source: The Hacker News
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious...
