Cyber Threat Weekly – #119
The week of March 2nd through March 8th, about 342 cyber news articles were reviewed. A light amount of cyber threat trends and adversarial behavior news to share. Been thinkin about what 2026 is going to look like from a security perspective.
I’m concerned it’s not going to be pretty. Moving from proof-of-concept indirect prompt injections to the real deal. The lack of governance around AI agents and what that’ll mean for organizations. The velocity and volume of attacks accelerating with AI assistance. From the human standpoint, will AI start to replace people, as the hype suggests? The AI models and tools are getting better, that favors both attackers and defenders.
Let’s start with a good piece from Krebs on AI assistants. Researchers outline how AI is being abused by threat actors. Malvertising leads to InstallFix (ClickFix Variant). Researchers share a proactive hardening guide: 2026 edition.
The 2026 Cloudflare Threat Report. Observed in the wild, AI indirect prompt injection. The Third-Party Breach Report 2026. Attackers are abusing a legitimate OAuth feature. Another AI attack orchestration tool on GitHub.
Broken Record Alert: Don’t get pwned by N-day vulnerabilities!!!
Known exploited software flaws are one of the top 4 initial access vectors and have increased sharply in recent months. We continue to share n-day vulnerabilities being actively exploited. Priority #1, start with the CISA / VulnCheck known exploited vulnerability (KEV) catalogs. If it’s in the catalog, it should be patched.
A close #2 priority is flaws with weaponized proof of concept (PoC) code available. Exploit chances are higher with weaponized PoC code available. If you do nothing else with patching, have an emergency 24-to-48-hour patching process for actively exploited and weaponized PoC code available vulnerabilities.
VPN gateways from all vendors are under constant attack.
You should consider what is exposed to the Internet. Architecture and zero trust network access (ZTNA) can go a long way to minimizing the number of devices and services exposed to the Internet.
CISA Known Exploited Vulnerabilities – March 2nd to March 8th:
CVE-2026-22719 – Broadcom VMware Aria Operations Command Injection Vulnerability:
Allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration.
CVE-2026-21385 – Qualcomm Multiple Chipsets Memory Corruption Vulnerability:
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
CVE-2017-7921 – Hikvision Multiple Products Improper Authentication Vulnerability:
Could allow a malicious user to escalate privileges on the system and gain access to sensitive information.
CVE-2021-22681 – Rockwell Multiple Products Insufficient Protected Credentials Vulnerability:
Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller.
CVE-2023-43000 – Apple Multiple products Use-After-Free Vulnerability:
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
CVE-2021-30952 – Apple Multiple Products Integer Overflow or Wraparound Vulnerability:
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
CVE-2023-41974 – Apple iOS and iPadOS Use-After-Free Vulnerability:
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Security Guardrails and AI Agents
A good read from Krebs. Walks through the pros of giving too much access to AI agents and the downfalls. Some examples of each, and attackers taking advantage too. My favorite, “The Lethal Trifecta”, a description and visual.
https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/
https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
Cyberattacks Powered by AI
Researchers share common observed AI use cases for threat actors. The adversary is using AI increase velocity, volume, and scale while removing the technical barriers for less technical threat actors. Social engineering is getting supercharged with AI.
Malvertising Popular Developer Tools Leads to InstallFix
Cloned Claude Code documentation site leads to InstallFix (ClickFix Variant) via Google Ads malvertising. InstallFix is the use of malicious commands in fake installation guides instructing victims how to install a developer tool, but instead deploys malware.
https://pushsecurity.com/blog/installfix/
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
Google’s Mandiant shares proactive guide to locking down systems from destructive malware. With the attack on Iran, the expectations are more cyber-attacks, many destructive in nature. It’s also a great guide for today’s lateral movement threats.
https://cloud.google.com/blog/topics/threat-intelligence/preparation-hardening-destructive-attacks/
2026 Cloudflare Threat Report
Researchers share insights, many are obvious but valuable none the less. Over-privileged SaaS integrations are increasing the blast radius. Adversaries are using trusted cloud tooling to mask attacks, token theft is neutralizing multi-factor authentication, and several more.
https://www.infosecurity-magazine.com/news/ai-deepfakes-supercharge/
https://blog.cloudflare.com/2026-threat-report/
Indirect Prompt Injection Observed in the Wild
Researchers share observed real-world web based indirect prompt injection, previously mainly proof of concepts were demonstrated. Also, a real-world AI ad review bypass. They share a taxonomy of web-based indirect prompt injection attacks.
https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/
2026 Third-Party Breach Report
This report is sobering to say the least. The stats aren’t great and are a reminder of why third-party risk is an important part of your security program.
https://www.infosecurity-magazine.com/news/shadow-layer-organizations-supply/
https://content.blackkite.com/ebook/2026-third-party-breach-report/
Legit OAuth Redirect Feature Abused by Attackers
Instead of attempting to steal tokens, attackers are using the legit feature to send victims to attacker-controlled web sites. There is no bug, the system is working as designed. The redirect leads to a drive-by download or credential phishing page.
https://thehackernews.com/2026/03/microsoft-warns-oauth-redirect-abuse.html
AI Orchestration Attack Tool – CyberStrikeAI
The platform is built in Go and available on GitHub. It appears to have Chinese roots and tied to the Chinese Ministry of State Security (MSS). The developer boasts 100+ security tools, intelligent orchestration, and more.
https://www.team-cymru.com/post/tracking-cyberstrikeai-usage
https://github.com/Ed1s0nZ/CyberStrikeAI
31337 InfoSec - Cyber Threat Weekly - Derek Krein Newsletter
Join the newsletter to receive the latest updates in your inbox.
Comments
Sign in to join the conversation.
Just enter your email below to receive a login link.
