Little fires everywhere for March Patch Tuesday
Just 57 CVEs to contend with (plus advisories), but six are already under exploit in the wild
Similar Posts
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Bys sCybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. “This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,” Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News….
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
Bys sCisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation. “In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild,” the company…
Moscow, Idaho, clinics reopen after Gritman cyber incident
Bys sDysruptionHub reports: Gritman Medical Center began reopening clinics in Moscow, Idaho, on Friday after a cybersecurity incident disrupted outpatient care beginning early Wednesday, though the hospital and emergency department remained open throughout. Gritman first publicly disclosed the problem Thursday, saying several primary and specialty clinics were closed because of an electronic systems outage. In an update later that night,……
Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
Bys sA former CIA analyst was sentenced today to 37 months in prison for unlawfully retaining and transmitting Top Secret National Defense Information to people who were not entitled to receive it, information which was publicly posted on social media platforms in October 2024. According to court documents, Asif William Rahman, 34, of Vienna, was an…
Ransomwared NHS software supplier nabs £3M discount from ICO for good behavior
Bys sConnor Jones reports the latest update on the ransomware attack affecting Advanced Computer Software: The UK’s data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary’s security failings led to a ransomware attack affecting NHS care. This is nearly half the fine the Information Commissioner’s Office provisionally floated…
Developer Workstations Are Now Part of the Software Supply Chain
Bys sSupply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud…