Microsoft issued an out-of-band hotpatch on March 13, 2026, to address a set of serious vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool that affect Windows 11. The update, tracked as KB5084597 and aimed at OS builds 26200.7982 (25H2) and 26100.7982 (24H2), patches three CVEs that can allow a remote attacker to disrupt RRAS or execute
Category: Cybersecurity
Zero-Day, APT, Exfiltration, Lateral-Movement, Privilege-Escalation, Botnet, Rootkit, Backdoor, Keylogger, Smishing, Vishing, Spear-Phishing, Social-Engineering, MITM, SQL-Injection, XSS, CSRF, Path-Traversal, Buffer-Overflow, Honeypot, CVE, CVSS, Red-Team, Blue-Team, Threat-Hunting, Malware-Analysis, MITRE-ATT&CK, Insider-Threat, Jailbreak, Shellcode, Exploit-Kit, LFI, RFI, Obfuscation, Payload, security advisory, vulnerability disclosure, CWE, OWASP, cybersecurity news, threat intelligence, SOC, SIEM, cryptotheft, evasion, CVE Security
CrackArmor: Nine AppArmor Flaws Let Local Users Escalate to Root — What Organizations Need to Know
AppArmor, a widely deployed Linux Mandatory Access Control (MAC) framework, is at the center of a set of serious vulnerabilities that researchers have dubbed “CrackArmor.” Disclosed on March 12, 2026 by the Qualys Threat Research Unit (TRU), the collection of flaws affects AppArmor’s implementation as a Linux Security Module (LSM) and has been present in the upstream kernel since around
WhatsApp Introduces Parent‑Managed Accounts for Pre‑Teens — What You Need to Know
WhatsApp has begun rolling out parent‑managed accounts for pre‑teens, a new account type that gives parents and guardians control over who can contact their child and which groups the child can join. The feature is limited to messaging and calling and intentionally excludes access to Meta AI, Channels, Status, and location sharing. What the accounts do Parents control contact and
Microsoft Active Directory Domain Services Vulnerability (CVE-2026-25177) — What Administrators Need to Know
In early March 2026, Microsoft released an important security update addressing a high-severity vulnerability in Active Directory Domain Services (AD DS) tracked as CVE-2026-25177. The flaw received a CVSS score of 8.8 and can allow an authenticated network actor with limited permissions to escalate privileges to full SYSTEM on a targeted domain controller. Microsoft and third-party researchers coordinated fixes and
Google Completes $32 Billion Acquisition of Wiz
Google has finalized its acquisition of Wiz, the Israeli cloud and AI security company, in an all-cash transaction valued at $32 billion. The deal, announced as closed in March 2026, is the largest acquisition in Google’s history and represents a major move by Google Cloud to deepen its capabilities in cloud-native and AI security. Deal overview The acquisition brings the
Zombie ZIP: How Malformed Archives Can Hide Malware from Security Scanners
A new archive-manipulation technique called “Zombie ZIP” lets attackers conceal payloads inside ZIP files in a way that can evade many antivirus and endpoint detection solutions. The method was described by security researcher Chris Aziz of Bombadil Systems and has drawn warnings from CERT/CC and the wider security community. This post explains how Zombie ZIP works, what research and evidence