Cyber Threat Brief

By Carolina Clear Tech, LLC

Your daily cybersecurity briefing. Vulnerabilities, ransomware, threat actors, and patches that matter, explained for IT professionals and business leaders protecting small and mid-sized organizations... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Cyber Threat Brief:

How many episodes does Cyber Threat Brief have?

The podcast currently has 74 episodes available.

Cyber Threat Brief episodes:

March 25, 20262026-03-25: Two Russian cybercriminals sentenced to prison for ransomware enabling
Show Notes - 2026-03-25
Stories Covered
March 25, 2026
Today:
Trivy and Checkmarx GitHub Actions Supply Chain Compromise (CVE-2026-33634) [Critical Alerts]
Russian Access Broker Sentenced for Yanluowang Ransomware [Ransomware & Extortion]
Russian Botnet Manager Sentenced for BitPaymer Ransomware Attacks [Ransomware & Extortion]
Tax-Themed Malvertising Campaign Delivers EDR-Killing Malware [IOCs & Detection]
Railway.com PaaS Abused for Microsoft 365 Token Replay Attacks [Business & Infrastructure Threats]
FCC Bans All Foreign-Made Routers Over Supply Chain Risks [Business & Infrastructure Threats]
Palo Alto Networks Recruiting Scam Targets Senior Professionals [Business & Infrastructure Threats]
Microsoft Fixes Classic Outlook Gmail Sync Issues [Windows / AD Security]
Huntress Managed ITDR Expands to Google Workspace [General Security News]
Enterprise PCs Lag Behind Macs in Patching and Reliability [General Security News]
Manufacturing Cybersecurity Trends for 2026 [General Security News]
Schneider Electric Plant iT/Brewmaxx Multiple Redis Vulnerabilities [Vulnerability Disclosures]
Pharos Controls Mosaic Show Controller Unauthenticated RCE (CVE-2026-2417) [Vulnerability Disclosures]
Grassroots DICOM (GDCM) Memory Leak Denial of Service (CVE-2026-3650) [Vulnerability Disclosures]
Microsoft Security Update Guide CVE Disclosures [Vulnerability Disclosures]
CVEs Referenced
CVE-2025-46817, CVE-2025-46818, CVE-2025-49844, CVE-2026-0716, CVE-2026-0819, CVE-2026-1005, CVE-2026-2369, CVE-2026-2417, CVE-2026-2443, CVE-2026-25075, CVE-2026-2645, CVE-2026-27623, CVE-2026-3099, CVE-2026-3229, CVE-2026-3230, CVE-2026-33055, CVE-2026-33056, CVE-2026-33634, CVE-2026-3549, CVE-2026-3650, CVE-2026-4159, CVE-2026-4395, CVE-2026-4424, CVE-2026-4426
Indicators of Compromise
Domains:
checkmarx[.]zone, bringetax[.]com, paloaltonetworks-careers[.]com
Read the full brief
...more
20min
March 24, 20262026-03-24: ConnectWise and Citrix patch critical remote access flaws while attackers weaponize Trivy scanner
Show Notes - 2026-03-24
Stories Covered
Today:
ConnectWise ScreenConnect Cryptographic Flaw (CVE-2026-3564) [Critical Alerts]
Citrix NetScaler Memory Leak (CVE-2026-3055) [Critical Alerts]
Zimbra XSS Under Active Exploitation (CVE-2025-66376) [Critical Alerts]
Langflow RCE Exploited Within 20 Hours (CVE-2026-33017) [Critical Alerts]
Ubiquiti UniFi Path Traversal (CVE-2026-22557) [Critical Alerts]
GNU InetUtils Telnetd RCE (CVE-2026-32746) [Critical Alerts]
CISA KEV: CVE-2026-20131 [Critical Alerts]
Microsoft Defender Blocks GPO-Based Ransomware Pre-Deployment [Ransomware & Extortion]
Russian Initial Access Broker Sentenced to 81 Months [Ransomware & Extortion]
Third BlackCat Negotiator Charged [Ransomware & Extortion]
Australian Council Obtains Injunction Against Ransomware Actors [Ransomware & Extortion]
Trio-Tech International Reverses Materiality Assessment [Ransomware & Extortion]
3.7 Million Telehealth Patients Affected by Two Breaches [Ransomware & Extortion]
Woundtech Breach Exposes 928K Wound Care Patients [Ransomware & Extortion]
Trivy Supply Chain Attack Spreads to Docker and GitHub [Business & Infrastructure Threats]
IRS Phishing Campaign Deploys RMM Malware to 29,000 Users [Business & Infrastructure Threats]
Railway PaaS Abused for AI-Powered Phishing [Business & Infrastructure Threats]
DoJ Takes Down DDoS Botnets [Business & Infrastructure Threats]
Mazda Discloses Breach Exposing 692 Records [Business & Infrastructure Threats]
Navia Benefit Solutions Breach Affects 2.6M [Business & Infrastructure Threats]
Aura Breach Exposes 900K Records [Business & Infrastructure Threats]
Puerto Rico Water Authority Confirms Cyberattack [Business & Infrastructure Threats]
Intuitive Robotic Surgery Breach [Business & Infrastructure Threats]
Schools Targeted in Rising Cyberattacks [Business & Infrastructure Threats]
GitHub Malware Problem [Business & Infrastructure Threats]
Copyright Infringement Phishing Campaign [Business & Infrastructure Threats]
Microsoft Exchange Online Service Issue [Windows / AD Security]
Windows 11 Promises vs. Reality [Windows / AD Security]
Microsoft Fixes Broken Update Days After Promising Fewer Broken Updates [Windows / AD Security]
CVE-2026-4438 and CVE-2026-4437 [Windows / AD Security]
Mandiant M-Trends 2026: Diverging Adversary Timelines [General Security News]
Talos Year in Review: Lightning-Fast Exploits [General Security News]
CrowdStrike Falcon Next-Gen SIEM Supports Third-Party EDR [General Security News]
Google Unleashes Gemini AI on Dark Web [General Security News]
AWS Bedrock Attack Vectors [General Security News]
Passwordless Authentication Research [General Security News]
OpenAI ChatGPT Library Feature [General Security News]
EU Broadcasters Warn on Smart TV Gatekeepers [General Security News]
CVE-2026-3564 (ConnectWise ScreenConnect) [Vulnerability Disclosures]
CVE-2026-3055 (Citrix NetScaler) [Vulnerability Disclosures]
CVE-2026-4368 (Citrix NetScaler) [Vulnerability Disclosures]
CVE-2025-66376 (Zimbra) [Vulnerability Disclosures]
CVE-2026-33017 (Langflow) [Vulnerability Disclosures]
CVE-2026-22557 (Ubiquiti UniFi) [Vulnerability Disclosures]
CVE-2026-32746 (GNU InetUtils) [Vulnerability Disclosures]
CVE-2026-20131 [Vulnerability Disclosures]
CVE-2026-4438 [Vulnerability Disclosures]
CVE-2026-4437 [Vulnerability Disclosures]
CVEs Referenced
CVE-2023-4966, CVE-2025-5777, CVE-2025-6543, CVE-2025-66376, CVE-2026-20131, CVE-2026-22557, CVE-2026-3055, CVE-2026-32746, CVE-2026-33017, CVE-2026-3564, CVE-2026-4368, CVE-2026-4437, CVE-2026-4438
Indicators of Compromise
Domains:
smartvault[.]im, irs-doc[.]com, gov-irs216[.]net., ua5v[.]com.
Read the full brief
...more
21min
March 23, 20262026-03-23: CISA orders federal agencies to patch DarkSword iOS exploits by April 3rd
Show Notes - 2026-03-23
Stories Covered
March 23, 2026
Today:
DarkSword iOS Exploit Kit (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520) [Critical Alerts]
Oracle Identity Manager Critical RCE (CVE-2026-21992) [Critical Alerts]
Quest KACE SMA Exploitation (CVE-2025-32975) [Critical Alerts]
Trivy Supply Chain Attack Expands [Business & Infrastructure Threats]
VoidStealer Bypasses Chrome Encryption [Business & Infrastructure Threats]
Iranian Handala Hackers Using Telegram C2 [Business & Infrastructure Threats]
GitHub Malware Distribution Epidemic [Business & Infrastructure Threats]
Microsoft Account Sign-In Emergency Fix (KB5085516) [Windows / AD Security]
Russian Intelligence Targeting Signal and WhatsApp [Windows / AD Security]
Microsoft Promises Windows 11 Quality Improvements [General Security News]
Microsoft Edge Chromium Updates [Vulnerability Disclosures]
CVEs Referenced
CVE-2025-14174, CVE-2025-31277, CVE-2025-32975, CVE-2025-43510, CVE-2025-43520, CVE-2025-43529, CVE-2026-20700, CVE-2026-21992, CVE-2026-4451, CVE-2026-4456, CVE-2026-4457, CVE-2026-4461, CVE-2026-4462, CVE-2026-4464
Indicators of Compromise
Domains:
225[.]156, handala-redwanted[.]to, handala-hack[.]to, justicehomeland[.]org, karmabelow80[.]org
Read the full brief
...more
18min
March 22, 20262026-03-22: Microsoft Azure Monitor alerts exploited for callback phishing with legitimate Microsoft headers
Show Notes - 2026-03-22
Stories Covered
Today:
Trivy Vulnerability Scanner Supply Chain Compromise [Critical Alerts]
Microsoft Azure Monitor Alert Abuse for Callback Phishing [Business & Infrastructure Threats]
Russian State Phishing Targeting Signal and WhatsApp Accounts [Business & Infrastructure Threats]
Google Announces Advanced Flow for Android APK Sideloading [General Security News]
Indicators of Compromise
Domains:
aquasecurtiy[.]org, aquasecurtiy[.]org.
Read the full brief
...more
7min
March 21, 20262026-03-21: CISA adds five actively exploited CVEs to KEV with a two-week patching deadline
Show Notes - 2026-03-21
Stories Covered
2026-03-21
Today:
CISA Adds Five Known Exploited Vulnerabilities to Catalog [Critical Alerts]
CISA Orders Feds to Patch Max-Severity Cisco Flaw by Sunday (CVE-2026-20131) [Critical Alerts]
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure [Critical Alerts]
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager [Critical Alerts]
Interlock Ransomware Targets Cisco Enterprise Firewalls [Ransomware & Extortion]
Beast Gang Exposes Ransomware Server [Ransomware & Extortion]
City of Hamilton Ransomware Highlights Insurance Gaps [Ransomware & Extortion]
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm [Business & Infrastructure Threats]
Russian Intelligence Services Target Commercial Messaging Applications [Business & Infrastructure Threats]
Justice Department Disrupts Botnet Networks Hijacking 3 Million Devices [Business & Infrastructure Threats]
Operation Alice Shuts Down 373,000 Dark Web Sites [Business & Infrastructure Threats]
Operation Synergia III Disrupts Global Cybercrime Infrastructure [Business & Infrastructure Threats]
UK Cyber Watchdog Warns JLR Bailout Sets Worrying Precedent [Business & Infrastructure Threats]
Microsoft Breaks Microsoft Account Sign-Ins in Windows 11 with Latest Update [Windows / AD Security]
Microsoft Publishes Multiple CVE Advisories [Windows / AD Security]
MuddyWater (Boggy Serpens) Increases Technological Capabilities [General Security News]
DarkSword iOS Exploit Targeting iOS 18.4 to 18.7 [General Security News]
CISA KEV Additions (Due April 3, 2026) [Vulnerability Disclosures]
Microsoft Security Update Guide Publications [Vulnerability Disclosures]
CVEs Referenced
CVE-2025-31277, CVE-2025-32432, CVE-2025-43510, CVE-2025-43520, CVE-2025-54068, CVE-2026-20131, CVE-2026-21992, CVE-2026-23204, CVE-2026-23271, CVE-2026-23272, CVE-2026-23274, CVE-2026-23276, CVE-2026-23277, CVE-2026-23278, CVE-2026-30922, CVE-2026-32766, CVE-2026-33017, CVE-2026-3479, CVE-2026-3632, CVE-2026-3633, CVE-2026-3634
Indicators of Compromise
Domains:
205[.]251
IP Addresses:
12.2.1.4, 14.1.2.1
Read the full brief
...more
24min
March 20, 20262026-03-20: SharePoint CVE-2026-20963 under active exploitation with federal patch deadline Saturday
Show Notes - 2026-03-20
Stories Covered
Today:
SharePoint CVE-2026-20963 Under Active Exploitation [Critical Alerts]
Cisco Firewall Management Deserialization Flaw (CVE-2026-20131) [Critical Alerts]
Gentlemen RaaS Exploiting FortiGate at Scale [Ransomware & Extortion]
Medusa Ransomware Exfiltrated 1TB from University of Mississippi Medical Center [Ransomware & Extortion]
FBI Seizes Handala Domains After Stryker Attack [Business & Infrastructure Threats]
BMC FootPrints Pre-Auth RCE Chain [Business & Infrastructure Threats]
Tax Season Phishing Campaigns Target Accountants [Business & Infrastructure Threats]
54 EDR Killers Abuse 35 Vulnerable Drivers [Business & Infrastructure Threats]
Langflow Vulnerability Exploited Hours After Disclosure [Business & Infrastructure Threats]
March Windows 11 Update Breaks Microsoft Account Sign-Ins [Windows / AD Security]
CISA Urges Intune Hardening After Stryker Breach [Windows / AD Security]
Microsoft Bing Images RCE (CVE-2026-32191) [Windows / AD Security]
Schneider Electric EcoStruxure Automation Expert (CVE-2026-2273) [Vulnerability Disclosures]
Linux Kernel CVEs in MSRC Feed [Vulnerability Disclosures]
CVEs Referenced
CVE-2024-55591, CVE-2025-53770, CVE-2025-71221, CVE-2025-71225, CVE-2025-71227, CVE-2025-71233, CVE-2025-71236, CVE-2025-71257, CVE-2025-71258, CVE-2025-71259, CVE-2025-71260, CVE-2026-20131, CVE-2026-20963, CVE-2026-2273, CVE-2026-23110, CVE-2026-23113, CVE-2026-23118, CVE-2026-23126, CVE-2026-23154, CVE-2026-23157, CVE-2026-23169, CVE-2026-23171, CVE-2026-23191, CVE-2026-23207, CVE-2026-23208, CVE-2026-23213, CVE-2026-23214, CVE-2026-23221, CVE-2026-23227, CVE-2026-23269, CVE-2026-32191
Indicators of Compromise
Domains:
handala-redwanted[.]to, handala-hack[.]to, Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, Handala-Redwanted[.]to.
Read the full brief
...more
20min
March 19, 20262026-03-19: Interlock ransomware exploited a Cisco firewall zero-day for five weeks before disclosure
Show Notes - 2026-03-19
Stories Covered
Today:
Cisco FMC Zero-Day CVE-2026-20131 (CVSS 10.0) [Critical Alerts]
ConnectWise ScreenConnect CVE-2026-3564 [Critical Alerts]
CISA KEV: Zimbra CVE-2025-66376 and SharePoint CVE-2026-20963 [Critical Alerts]
Marquis Breach: 672,000 Records Stolen in August 2025 SonicWall Attack [Ransomware & Extortion]
DarkSword iOS Exploit Kit Targets Multiple Countries [Business & Infrastructure Threats]
CISA Alert: Endpoint Management System Hardening After Stryker Attack [Business & Infrastructure Threats]
Aura Data Breach: 900,000 Marketing Contacts Exposed via Vishing [Business & Infrastructure Threats]
Microsoft AI Observability Framework [Windows / AD Security]
Microsoft Pauses Copilot Auto-Deployment [Windows / AD Security]
Talos: Ransomware Exfiltration Playbook [General Security News]
Palo Alto Networks: AI Agent Security Tradeoffs [General Security News]
pyOpenSSL Vulnerabilities (CVE-2026-27448, CVE-2026-27459) [Vulnerability Disclosures]
Linux Kernel and Filesystem CVEs [Vulnerability Disclosures]
Expat XML Parser CVE-2026-4224 [Vulnerability Disclosures]
Python http.cookies CVE-2026-3644 [Vulnerability Disclosures]
CVEs Referenced
CVE-2025-14174, CVE-2025-31277, CVE-2025-3935, CVE-2025-43510, CVE-2025-43520, CVE-2025-43529, CVE-2025-66376, CVE-2025-71265, CVE-2025-71266, CVE-2025-71267, CVE-2026-20131, CVE-2026-20700, CVE-2026-20963, CVE-2026-23233, CVE-2026-23242, CVE-2026-23243, CVE-2026-23244, CVE-2026-23245, CVE-2026-23246, CVE-2026-23247, CVE-2026-23248, CVE-2026-27448, CVE-2026-27459, CVE-2026-3564, CVE-2026-3644, CVE-2026-4224
Read the full brief
...more
20min
March 18, 20262026-03-18: LeakNet ransomware adopts ClickFix social engineering to bypass traditional initial access methods
Show Notes - 2026-03-18
Stories Covered
Today:
Critical Unpatched Telnetd Flaw (CVE-2026-32746) [Critical Alerts]
CISA Adds Wing FTP Vulnerability to KEV Catalog [Critical Alerts]
Ubuntu Privilege Escalation (CVE-2026-3888) [Critical Alerts]
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader [Ransomware & Extortion]
Warlock Ransomware Group Augments Post-Exploitation Activities [Ransomware & Extortion]
Ransomware Market Shifts as Payment Rates Hit Record Lows [Ransomware & Extortion]
GlassWorm Malware Hits 400+ Code Repos on GitHub, npm, VSCode, OpenVSX [Business & Infrastructure Threats]
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE [Business & Infrastructure Threats]
Europe Sanctions Chinese and Iranian Firms for Cyberattacks [Business & Infrastructure Threats]
Credential Theft Soared in H2 2025 [Business & Infrastructure Threats]
Microsoft: Enabling Teams Meeting Add-in Breaks Outlook Classic [Windows / AD Security]
Microsoft Shares Fix for Windows C: Drive Access Issues on Samsung PCs [Windows / AD Security]
New Windows 11 Hotpatch Fixes Bluetooth Device Visibility Issue [Windows / AD Security]
Microsoft Stops Force-Installing the Microsoft 365 Copilot App [Windows / AD Security]
UK Companies House Portal Had Major Bug [General Security News]
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass (CVE-2026-20643) [General Security News]
South Korean Police Accidentally Post Cryptocurrency Wallet Password [General Security News]
Siemens SICAM SIAPP SDK (6 CVEs) [Vulnerability Disclosures]
Schneider Electric EcoStruxure Data Center Expert (CVE-2025-13957) [Vulnerability Disclosures]
Schneider Electric SCADAPack and RemoteConnect (CVE-2026-0667) [Vulnerability Disclosures]
CODESYS in Festo Automation Suite (CVE-2025-2595, CVE-2010-5250) [Vulnerability Disclosures]
CVEs Referenced
CVE-2010-5250, CVE-2025-13957, CVE-2025-2595, CVE-2025-47813, CVE-2026-0667, CVE-2026-20643, CVE-2026-24061, CVE-2026-25569, CVE-2026-25570, CVE-2026-25571, CVE-2026-25572, CVE-2026-25573, CVE-2026-25605, CVE-2026-25750, CVE-2026-32746, CVE-2026-3888
Indicators of Compromise
IP Addresses:
2.8.0.138, 3.5.16.10, 3.5.21.20
Read the full brief
...more
26min
March 17, 20262026-03-17: CISA adds actively exploited Wing FTP flaw to KEV catalog with March 30 deadline
Show Notes - 2026-03-17
Stories Covered
Today:
Wing FTP Server Path Disclosure (CVE-2025-47813) [Critical Alerts]
Google Chrome Zero-Days (CVE-2026-3909, CVE-2026-3910) [Critical Alerts]
Ransomware Profitability Declining Despite Record Victim Posts [Ransomware & Extortion]
Iranian Threat Actors Shift to Identity Weaponization [Ransomware & Extortion]
Microsoft Teams Vishing Campaign Enables Quick Assist Compromise [Business & Infrastructure Threats]
Infostealer Credential Exposure Accelerating Throughout 2025 [Business & Infrastructure Threats]
Router Botnets Enslaved for Criminal Proxy Services [Business & Infrastructure Threats]
Storm-2561 Distributes Fake VPN Clients via SEO Poisoning [Business & Infrastructure Threats]
Samsung Galaxy Connect App Locks Users Out of C:\ Drive [Windows / AD Security]
Microsoft Exchange Online Outage Blocks Mailbox Access [Windows / AD Security]
Meta Discontinuing Instagram End-to-End Encryption in May 2026 [General Security News]
UNC6426 Leverages nx npm Supply Chain Attack for AWS Admin Access [General Security News]
Commonwealth Bank Builds AI Threat Hunting Agents [General Security News]
Python pip (CVE-2026-1703) [Vulnerability Disclosures]
Libarchive (CVE-2026-4111) [Vulnerability Disclosures]
Systemd (CVE-2026-4105) [Vulnerability Disclosures]
OpenSSL TLS 1.3 (CVE-2026-2673) [Vulnerability Disclosures]
Erlang ssh_sftpd (CVE-2026-23942) [Vulnerability Disclosures]
Erlang SSH (CVE-2026-23943) [Vulnerability Disclosures]
Erlang inets httpd (CVE-2026-23941) [Vulnerability Disclosures]
Vim (CVE-2026-32249) [Vulnerability Disclosures]
Linux Kernel (CVE-2026-23066, CVE-2026-23069) [Vulnerability Disclosures]
CVEs Referenced
CVE-2025-47812, CVE-2025-47813, CVE-2026-1703, CVE-2026-23066, CVE-2026-23069, CVE-2026-23941, CVE-2026-23942, CVE-2026-23943, CVE-2026-2673, CVE-2026-32249, CVE-2026-3909, CVE-2026-3910, CVE-2026-4105, CVE-2026-4111
Read the full brief
...more
21min
March 16, 20262026-03-16: Telus Digital admits to breach with up to a petabyte stolen by ShinyHunters
Show Notes - 2026-03-16
Stories Covered
Today:
Citrix CISO Issues Emergency Patch Warning [Critical Alerts]
Ransomware Negotiator Indicted for Aiding BlackCat Gang [Ransomware & Extortion]
Telus Digital Breach Leaks Up to One Petabyte [Business & Infrastructure Threats]
Starbucks HR Portal Phishing Compromises 889 Employees [Business & Infrastructure Threats]
AI Exploits Moving Faster Than Defenses Can Respond [Business & Infrastructure Threats]
Poland Nuclear Research Center Targeted [Business & Infrastructure Threats]
Swedish E-Government Code Leaked [Business & Infrastructure Threats]
Betterleaks Replaces Gitleaks for Secrets Scanning [General Security News]
Meta Takes Down Mexican Cartel Accounts [General Security News]
Former German Intelligence Official Falls for Signal Phishing [General Security News]
Android 17 Blocks Non-Accessibility Apps from API [General Security News]
Trump Executive Order Labels Cybercrime as Transnational Organized Crime [General Security News]
Read the full brief
...more
11min

FAQs about Cyber Threat Brief:

How many episodes does Cyber Threat Brief have?

The podcast currently has 74 episodes available.