March 28, 2026

Hello all,

Whether it was because threat actors were attending RSAC in San Francisco this week, or because those that would be reporting cyber-attacks and such a were away, there seemed to me to be a lower number of reports of vulnerabilities and successful attacks. If it was due to RSAC, thank you for the breather! There were also some good news reports of a couple of high profile take-downs, and a dirtbag getting an 81-month prison sentence for his participation in cybercrime. It’s always nice to hear about the wins. On to the headline news.

Headline NEWS:

• Citrix NetScaler and NetScaler Gateway have several defects, one of which is critical, that can be used to achieve unauthenticated access to sensitive information. There is no currently known active exploitation, but threat actors love to exploit these devices, so it is only a matter of time before they figure it out. So patch soon.
• FCC Bans All New Routers Not Made in America. In a surprising move that leaves many wondering how they will supply consumers with new routers when the existing models reach end of servicing, which happens with regularity for these types of devices, the Federal Communications Commission has exercised its authority and ordered that no new routers that are made overseas will be approved for import and sale in the US. I guess we’ll see if manufacturers move some of their facilities here, or if the shortages that are likely to result will force the FCC to alter their decision.
• TP-Link is warning about a critical router unauthenticated authorization bypass defect, and two other serious issues, in their Archer NX wireless routers that require patching. The manufacturer strongly recommends that customers download and install the latest firmware version. I wonder if defects like this contributed to the FCC’s decision banning new foreign routers this week.

In Ransomware, Malware, and Vulnerabilities News:

• Several report from the likes of Absolute Security, Mandiant, Cisco Talos, and more have been published recently, that we’ve linked, that are exposing alarming statistics such as attackers handing off initial access to ransomware operators in as little as 22 seconds, 32% of exploited vulnerabilities being over 10 years old, critical operating system patches taking an average of 127 days to apply, median global dwell time before detecting an adversary on a system rose to 14 days, and much more. The linked reports are well worth your time to read over.

In Other News Events of Note and Interest:

• Digital divide: App-only services exclude millions. Last month I attempted to take my wife to the show Shen Yun, New York-based performing arts company that presents classical Chinese dance, vibrant costumes, and animated backdrops to portray 5,000 years of traditional Chinese culture and stories, when it was scheduled to be in our city. Unfortunately, both of us came down with the flu. I thought about gifting someone the tickets so that they could go in our place, however the only way to do business with the ticket vendor, and the only way to redeem the ticket at the gate was via an app on your phone; printed tickets were not acceptable. The people I would have gifted the tickets would have had no way to redeem them. I recently ran across an article that describes this exact same digital divide that I encountered. I fully understand and embrace modernity; it is how I make a living. However, there should be alternative methods made available for those that either by choice or by circumstance do not have an app access. Thankfully, I had purchased insurance and was able to recoup the cost of the rather expensive tickets and hopefully the next time Shen Yun comes around we’ll be healthy.

Musings

AI Spotlight – The vowels have been in an uproar lately with E, O, and U holding an emergency meeting because A and I keep hogging the spotlight like they’re the Beyoncé and Jay‑Z of the alphabet. E insists it’s the most useful, O keeps dramatically sighing in perfectly round tones, and U is muttering that it’s tired of only being noticed in “unique” situations. Y is sitting sullen, rocking back and forth in the corner of the room quietly repeating over and over, “I’m a vowel sometimes”. Meanwhile A and I just stroll in, glowing with main‑character energy, pretending they didn’t hear the entire alphabet group chat explode over their popularity.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
• CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read
• FCC Bans All New Routers Not Made in America
• TP-Link warns users to patch critical router auth bypass flaw 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• Meta and YouTube Lose Landmark Social-Media Addiction Trial
• Iran-linked group claims hack of FBI Director Kash Patel
• Hong Kong police can demand phone and computer passwords under amended national security law
• Supreme Court Limits Liability for Internet Service Providers
• Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
• Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network
• 81-month sentence for Russian hacker behind major ransomware campaigns
• Vulnerabilities and Exploits
• iOS 26.4 has fixes for 35+ security issues on iPhone, details here
• Absolute Security 2026 Resilience Risk Index Report
• Attackers are handing off access in 22 seconds, Mandiant finds
• Lightning-fast exploits mean patch fast, says Cisco Talos
• 32% of top-exploited vulnerabilities are over a decade old
• Enterprise Cybersecurity Software Fails 20% of the Time, Warns Report
• Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
• Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
• FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
• Why Your Brain is a Cyber Security Risk
• Chrome update fixes 8 high-risk browser vulnerabilities
• Electric Motorcycles Don’t Have To Be Security Nightmares, But This One Was
• New joint intel report warns of cyber threats to growing LEO satellite constellations
• Solar cyber threats expand, but inverters still stay in the crosshairs
• A year of open source vulnerability trends: CVEs, advisories, and malware
• BIND Updates Patch High-Severity Vulnerabilities
• Critical NVIDIA Vulnerabilities Risk Remote Code Execution and Denial-of-Service Attacks
• Phishing, Malware, and similar
• Apple says no one using Lockdown Mode has been hacked with spyware
• FBI links Signal phishing attacks to Russian intelligence services
• The phone call is the new phishing email
• Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth
• Gemini picks up criminal activity buried in dark web noise
• RSAC 2026: The Surprising Reason Phishing Still Works on Everyone
• WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
• Breaches, Leaks, and Ransomware
• The rise of ransomware attacks
• Stryker: Cyberattack has been contained
• After hackers hit an Iowa company, cars around the country failed to start
• WorldLeaks group breached the City of Los Angels
• Bay Area city declares state of emergency 6 days after cyberattack
• Navia Data Breach Impacts 2.7 Million
• Mazda discloses security breach exposing employee and partner data
• INC Ransomware Group target Airports Company; 500GB of data at risk
• AstraZeneca Data Breach: What You Need to Know
• Crunchyroll probes breach after hacker claims to steal 6.8M users’ data
• 1 Million Impacted by QualDerm Data Breach
• BPFdoor in Telecom Networks: Sleeper Cells in the backbone
• St Anne’s School in Southampton closed after cyber attack
• Hightower Holding Data Breach Impacts 130,000 

Other News Events of Note and Interest

• Digital divide: App-only services exclude millions
• Jen Easterly, cybersecurity’s ‘relentless optimist’
• Top product launches at RSAC 2026
• RSAC 2026 Recap: Chatbots, Deepfakes, and Smart Glasses Highlight a Security World on Edge
• World’s First Antimatter Delivery by Truck Signals a ‘New Era’ in Physics
• Apple takes aim at Google Workspace and Microsoft 365 with new hosted business email
• The CVE Program, a bedrock of global cyber defense, is teetering on the brink
• NIST updates its DNS security guidance for the first time in over a decade
• Firefox gets big update with built-in VPN, Split View, and other improvements
• Firefox is adding a free VPN for all users – but can you trust it?
• The Trust Gap Facing the Next Generation of Security Technology – Security Sales & Integration
• Half of VMware users plan to reduce usage by 2028
• Good luck, Americans, your Wi-Fi choices are about to get worse
• New FCC router ban could leave home networks less secure
• Alphabet’s drone delivery startup, Wing, expands service to the Bay Area
• AR glasses are here, but what about accessibility?
• From Zip To Nought: The Rise And Fall Of Iomega
• AI, LLM’s, and Skynet
• AI in the SOC: What Could Go Wrong?
• AI Will Accelerate Your Tech Debt
• The case for worrying about AI-specific cognitive debt
• More! More! More! Tech Workers Max Out Their A.I. Use
• OpenAI Scraps Sora Video Platform Months After Launch
• Google bumps up Q Day deadline to 2029, far sooner than previously thought
• Google unleashes Gemini AI agents on the dark web
• Claude can now automate your entire desktop, but with a serious limitation
• Microsoft’s superintelligence team ships MAI-Image-2, a text-to-image generator
• Microsoft Proposes Better Identity, Guardrails for AI Agents
• Anthropic wins preliminary injunction in Trump DOD fight
• Anthropic left details of unreleased AI model, exclusive CEO event, in unsecured database
• Dangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AI
• Microsoft
• What’s new in Microsoft Sentinel: RSAC 2026
• Advancing Windows driver security: Removing trust for the cross-signed driver program
• PowerToys 0.98.1 is out with improvements for one of the best Windows tools and more
• Latest feature in New Outlook may finally make you ditch Outlook Classic
• Users get errors 0x800CCC0E & 0x800CCC0F synchronizing Gmail and Yahoo accounts in classic Outlook
• New Outlook’s March 2026 update improves folder search and shared mailboxes as it catches up with Outlook classic
• External MFA in Microsoft Entra ID is now Generally Available
• Microsoft hands Entra ID users new option for MFA
• Microsoft retires endpoint sensitive data alerting in Defender
• Microsoft outlines agentic AI security strategy with new Defender, Entra and Purview capabilities
• Microsoft blocks trick that unlocked performance-boosting native NVMe driver on Windows 11
• Microsoft Entra Tenant Governance: Secure and Manage Multi-Tenant Environments at Scale
• Tested: Windows 11 now has a second taskbar, and it works surprisingly well
• Windows 11 KB5079391 out with features, direct download links for offline installers (.msu)
• Microsoft pulls Windows 11 KB5079391 preview after it causes install error loop on 25H2 and 24H2
• Windows 11’s sudo command is more useful than PowerShell’s Run as Administrator ever was
• Windows error codes finally make sense thanks to this decades-old Microsoft tool
• The Secure Boot certificates on your PC expire in June, and Windows 10 machines will never get the fix
• Microsoft releases Windows 11 KB5081494, KB5083482 setup and recovery updates