This posting is here to collect cyber security news in March 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
133 Comments
Tomi Engdahl says:
Vulnerabilities
BIND Updates Patch High-Severity Vulnerabilities
Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers.
https://www.securityweek.com/bind-updates-patch-high-severity-vulnerabilities-2/
DNS Vulnerabilities
Internet Systems Consortium (ISC) on Wednesday rolled out a fresh round of BIND 9 updates to resolve four vulnerabilities, including two high-severity bugs.
Tracked as CVE-2026-3104, the first high-severity flaw is described as a memory leak issue impacting code preparing DNSSEC proofs of non-existence.
The security defect can be exploited via crafted domains to cause a memory leak in BIND resolvers. Authoritative servers may not be impacted, ISC notes in its advisory.
“If a BIND resolver is asked to query a specially crafted domain, memory will not be recovered by named. This can cause unbounded growth of Resident Set Size (RSS) memory, which may lead to an out-of-memory condition. Additionally, named will exit with an assertion failure if a shutdown or reload is attempted,” ISC explains.
The second high-severity vulnerability patched in the DNS software suite is CVE-2026-1519, which can lead to high CPU consumption when the resolver encounters a maliciously crafted zone during DNSSEC validation. This could lead to a sharp decrease in the number of handled queries.
While not recommended, disabling DNSSEC prevents the exploitation of this vulnerability, ISC notes.
Tomi Engdahl says:
DNS Vulnerabilities
Internet Systems Consortium (ISC) on Wednesday rolled out a fresh round of BIND 9 updates to resolve four vulnerabilities, including two high-severity bugs.
Tracked as CVE-2026-3104, the first high-severity flaw is described as a memory leak issue impacting code preparing DNSSEC proofs of non-existence.
The security defect can be exploited via crafted domains to cause a memory leak in BIND resolvers. Authoritative servers may not be impacted, ISC notes in its advisory.
“If a BIND resolver is asked to query a specially crafted domain, memory will not be recovered by named. This can cause unbounded growth of Resident Set Size (RSS) memory, which may lead to an out-of-memory condition. Additionally, named will exit with an assertion failure if a shutdown or reload is attempted,” ISC explains.
The second high-severity vulnerability patched in the DNS software suite is CVE-2026-1519, which can lead to high CPU consumption when the resolver encounters a maliciously crafted zone during DNSSEC validation. This could lead to a sharp decrease in the number of handled queries.
While not recommended, disabling DNSSEC prevents the exploitation of this vulnerability, ISC notes.
Advertisement. Scroll to continue reading.
Got Proof Your EDR is Working?
Exploitation of both CVE-2026-3104 and CVE-2026-1519 can lead to denial of service (DoS), according to an advisory from Ubuntu, which provides BIND packages to its users.
Tomi Engdahl says:
https://www.securityweek.com/sim-swaps-expose-a-critical-flaw-in-identity-security/
Tomi Engdahl says:
Artificial Intelligence
How to 10x Your Vulnerability Management Program in the Agentic Era
The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation.
https://www.securityweek.com/how-to-10x-your-vulnerability-management-program-in-the-agentic-era/
Tomi Engdahl says:
Artificial Intelligence
OpenAI Launches Bug Bounty Program for Abuse and Safety Risks
Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm.
https://www.securityweek.com/openai-launches-bug-bounty-program-for-abuse-and-safety-risks/
Tomi Engdahl says:
Management & Strategy
The Human IOC: Why Security Professionals Struggle with Social Vetting
Applying SOC-level rigor to the rumors, politics, and ‘human intel’ can make or break a security team.
https://www.securityweek.com/the-human-ioc-why-security-professionals-struggle-with-social-vetting/
Tomi Engdahl says:
Artificial Intelligence
Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw
Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access,
https://www.securityweek.com/why-agentic-ai-systems-need-better-governance-lessons-from-openclaw/
Organizations urgently need governance frameworks built around visibility, access control, and behavioral monitoring to manage the expanded attack surface this creates.
OpenClaw is an open-source platform for autonomous AI agents that you can self-host and run locally on your machine for task automation. Taking this platform to task, AI agents are now interacting with one another via an experimental social network for AI agents called Moltbook. Even an experienced AI security researcher at Meta learned that OpenClaw is not without its wild-west frontier status. An AI agent accidentally deleted her emails.
This news has again put the spotlight on the nature of authority and agency granted to agentic AI systems, as well as the need for better security and governance.
Tomi Engdahl says:
Cybercrime
Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account
The group that it was making available for download emails and other documents from Patel’s account.
https://www.securityweek.com/pro-iranian-hacking-group-claims-credit-for-hack-of-fbi-director-kash-patels-personal-account/
Tomi Engdahl says:
Email Security
FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers
The agency said Iranian hackers targeted the director’s personal email account and noted that the compromised information is old.
https://www.securityweek.com/fbi-confirms-kash-patel-email-hack-as-us-offers-10m-reward-for-hackers/
The FBI has confirmed that threat actors have gained access to an email account belonging to FBI Director Kash Patel, but said no government information has been compromised.
The Iran-linked hacker group Handala on Friday claimed to have hacked Patel’s email account, releasing files allegedly representing photos, emails, and classified documents taken from the FBI director’s inbox.
“The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team,” the hackers wrote.
However, the account does not appear to be hosted on FBI systems; it is a personal Gmail account. In addition, the stolen information does not seem to be recent.
It’s unclear when the account was hacked, but it may have been one of the many targeted by Iranian hackers back in 2024 as part of an operation targeting Donald Trump’s presidential campaign.
Tomi Engdahl says:
Malware & Threats
Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs
The infection chain includes a fake CAPTCHA page, a Bash script, a Nuitka loader, and the Python-based infostealer.
https://www.securityweek.com/cloudflare-themed-clickfix-attack-drops-infiniti-stealer-on-macs/
Tomi Engdahl says:
Vulnerabilities
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild
Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue.
https://www.securityweek.com/f5-big-ip-dos-flaw-upgraded-to-critical-rce-now-exploited-in-the-wild/
Tomi Engdahl says:
Detained in Dubai’s CEO has said that dozens of Brits have been arrested in the UAE under the country’s “draconian” cybercrime laws.
Up to 70 Britons detained in UAE over Iran attack footage, campaign group warns
Ms Stirling warned that more Brits could be detained as the conflict continues
https://www.independent.co.uk/news/world/middle-east/brits-detained-uae-iran-war-footage-b2947910.html?fbclid=IwdGRjcAQ3IytjbGNrBDcjF2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHpTvJDh-I5vtddRlbpNgNDt9VN-L0NbDEee5r1kJPYTokpc31smCD1U-JGrN_aem_YHqwGJErXxsoeOCbAZWLVw&test_group=lighteradlayout
As many as 70 UK citizens have been detained in the United Arab Emirates (UAE) for taking photos or videos of Iran’s attacks, a campaign group has claimed.
Detained in Dubai chief executive Radha Stirling has said she estimates dozens of Brits have been arrested in the UAE under the country’s “draconian” cybercrime laws.
The United Arab Emirates has faced a steady barrage of Iranian missiles and drones since conflict broke out in the Middle East at the end of February. More than 2,300 drones, ballistic missiles and cruise missiles have been fired at the Gulf state by Iran, according to the country’s Ministry of Defence.
Ms Stirling warned in a blogpost that the UAE has implemented “an extensive cybercrime enforcement campaign” since the outbreak of the Iran war in the Gulf, targeting people who filmed, shared or discussed events linked to missile and drone activity in the country.
“More concerning is the increasing classification of these cases under national security frameworks, exposing individuals to severe penalties, prolonged detention, and significantly reduced access to due process,” she wrote.
“The public and media are urged to rely solely on official sources for accurate information and refrain from sharing unverified material. Legal action will be taken against those who publish or republish such content in violation of UAE law,” the statement said.
The Foreign, Commonwealth and Development Office (FCDO) has said they are providing consular assistance to “a small number” of British nationals detained in the UAE.
Tomi Engdahl says:
https://hackaday.com/2026/03/27/this-week-in-security-second-verse-worse-than-the-first/
Like the warning two weeks ago, the FBI calls out a handful of consumer routers – but this time they’re devices that may actually still be service in some of our homes (or our less cutting edge friends and family), calling out devices from Netgear, TP-Link, D-Link, and Zyxel:
Netgear DGN2200v4 and AC1900 R700
TP-Link Archer C20, TL-WR840N, TL-WR849N, and WR841N
D-Link DIR-818LW, 850L, and 860L
Zyxel EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K
While many of these devices are over ten years old, they still support modern networking – some of them even supporting 802.11ac (also called Wi-Fi 5). Unfortunately, since support has been ended by the manufacturers, publicly disclosed vulnerabilities have not been patched (and now never will be, officially)
Once infected, the routers are enrolled in the AVRecon malware network, which includes the now-typical suite of behavior of remote control, remote VPN access to the internal and external networks, DNS hijacking, and DDoS (distributed denial of service) attacks. This sort of network malware is used by attackers to exploit internal systems like un-patched Windows or IOT devices on the local network, and as a launching point to hide behavior as coming from a certain country or state by using the public Internet connection as a VPN. It’s also often monetized by unscrupulous apps selling cheap VPN service.
Tomi Engdahl says:
A ‘fifth wave’ of cyber crime is being fuelled by ‘weaponised AI’
Why 2026 is the most dangerous year ever to be on the internet
Record-breaking cyber attacks, undetectable malware and deepfakes that are indistinguishable from loved ones. Anthony Cuthbertson looks at how AI has supercharged scams and hacks in 2026
https://www.independent.co.uk/tech/security/cyber-attacks-record-hacks-b2946344.html?fbclid=IwdGRjcAQ3gMljbGNrBDeAxmV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHpLZyzVGe4s9CpfbPpkPphSuteJjv8eEyREunQE5pZHbbjVPKUXaYsNrrrDk_aem_zz8DqcWLfjjoeHajQWYAGw&test_group=lighteradlayout
Tomi Engdahl says:
Austria is warning it can make children “addicted and ill.” Read more: https://cnews.link/austria-plans-to-ban-social-media-for-under-14s/
Tomi Engdahl says:
https://www.infoworld.com/article/4150170/on-the-pleasures-and-dangers-of-open-source-python.html
Tomi Engdahl says:
https://thenewstack.io/betterleaks-open-source-secret-scanner/
Tomi Engdahl says:
Novee introduces autonomous AI red teaming to hunt LLM vulnerabilities
Novee today introduced AI Red Teaming for LLM Applications for its AI penetration testing platform, designed to uncover security vulnerabilities in LLM-powered applications before attackers can exploit them.
https://www.helpnetsecurity.com/2026/03/24/novee-ai-red-teaming-for-llm-applications/
Tomi Engdahl says:
Make OpenAI’s models misbehave and earn a reward
OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of misuse that could lead to harm.
This program complements the Security Bug Bounty. It accepts reports of abuse and safety risks that do not meet the criteria for a security vulnerability. Submissions are reviewed by teams from both programs based on scope and ownership.
https://www.helpnetsecurity.com/2026/03/27/openai-safety-bug-bounty-program/
Tomi Engdahl says:
Github pyörsi päätöksensä: Koodarien data päätyy sittenkin tekoälylle
Justus Vento26.3.202612:04|päivitetty26.3.202612:04TekoälyOhjelmistokehitys
Tietosuojakäytäntöjen muutos koskee lähes kaikkia tilaustasoja.
https://www.tivi.fi/uutiset/a/24b0422c-8bbd-4a10-bcf0-6281f727621b
Tomi Engdahl says:
Jen Easterly, cybersecurity’s ‘relentless optimist,’ hopes feds come back to RSAC next year
Ex-CISA boss also says no reason to panic about AI and security
https://www.theregister.com/2026/03/25/jen_easterly_interview/
Tomi Engdahl says:
The FCC Router Ban Sends the Wrong Signal: America First, Your Connectivity Second
Updated Mar 26, 2026
Banning foreign-made networking hardware won’t make us safer or keep our data more private; it’ll just cut off our access to cheap, essential, high-quality tech.
https://uk.pcmag.com/wireless-routers/164022/the-fcc-router-ban-sends-the-wrong-signal-america-first-your-connectivity-second
Tomi Engdahl says:
”Maailman turvallisin laite” on viimeinkin hakkeroitu
Maailman turvatuimmaksi laitteeksi sanottu Xbox One on hakkeroitu, jonka ansiosta sillä voi muun muassa pelata piratisoituja pelejä.
https://muropaketti.com/pelit/peliuutiset/xbox-one-on-viimeinkin-hakkeroitu/#google_vignette
Tomi Engdahl says:
https://www.csoonline.com/article/4152117/fortinet-hit-by-another-exploited-cybersecurity-flaw.html?fbclid=IwdGRjcAQ4X1xjbGNrBDhfJGV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHmASKbhq06eS-J81GVm50lO9KK9BubGYJrR5VIiHz40bnj4U1PQpeKWV7SSL_aem_gFXm-E7vvDdCNOTdLQYPsg
Tomi Engdahl says:
Penetraatiotestaaja huolestui
https://www.iltalehti.fi/digiuutiset/a/5fe1f121-fd6a-4e3c-83b5-51f6367612ad
Hakkerit voisivat pahimmassa tapauksessa aiheuttaa jopa suurten alusten kaatumisen.
Merenkulussa on suuria tietoteknisiä haavoittuvaisuuksia, uutisoi norjalainen TU Digi.
– Olen törmännyt aluksiin, jotka on rakennettu vuonna 2024 ja joissa on Windows XP asennettuna. Ei ole epätavallista, että täysin uusissa aluksissa voi olla sekä Windows XP että Windows 7, John-André Bjørkhaug kertoo TU Digille.
Hän on Netsecurity-yhtiön penetraatiotestaaja eli tekee tietomurtoja testausmielessä.
Esimerkkinä Bjørkhaug kertoo, että hän sai ylläpitäjäoikeudet viidessä minuutissa käyttämällä salasanaa ”administrator”, jonka hän oli löytänyt tekstitiedostosta. Admin-oikeuksilla hän pystyi hallitsemaan lng-aluksen painolastitankkeja.
– Tankit säätelevät laivan asentoa vedessä. Äärimmäisessä tapauksessa luulen, että laivan olisi voinut kallistaa.
Painolastitankkien hakkerointi ei onnistunut suoraan Windows XP:n takia vaan pikemminkin riittämättömän verkon segmentoinnin ja huonojen rutiinien takia.
Microsoft julkaisi Windows XP:n vuonna 2001.
Käyttöjärjestelmän tuki lopetettiin vuonna 2014. Se tarkoittaa, että Microsoft ei tarjoa minkäänlaista teknistä tukea tai tietoturvapäivityksiä tälle vanhalle käyttöjärjestelmälle.
Siitä huolimatta haavoittuvainen XP-käyttöjärjestelmä asennetaan upouusiin aluksiin.
XP:n käyttäminen on erityisen riskialtista, koska järjestelmä on altis tunnetuille hyökkäyksille. Esimerkkinä mainittakoon Eternal Blue -haavoittuvaisuus.
Lähettämällä verkkopaketteja hyökkääjä voi saada Windows-järjestelmän suorittamaan haitallista koodia ilman, että käyttäjän tarvitsee kirjautua sisään tai avata sovellusta.
Viime aikoina laivat ovat alkaneet käyttää myös 5g- ja Starlink-teknologiaa.
Bjørkhaugin mukaan parantuneet yhteydet tekevät etähyökkäyksistä helpompia.
Hän on pystynyt estämään gps-signaalit niin, että komentosillan kaikki näytöt pimenivät.
Laivojen sijaintitietoja eli ais-signaaleja voidaan myös väärentää. Näin voidaan tehdä aluksista näkymättömiä, luoda uusia ”haamualuksia” tai lähettää väärennettyjä hätäviestejä. Väärentämistä on harjoittanut muun muassa Venäjä Itämerellä.
Laivojen sijaintitietoja eli ais-signaaleja voidaan myös väärentää. Näin voidaan tehdä aluksista näkymättömiä, luoda uusia ”haamualuksia” tai lähettää väärennettyjä hätäviestejä. Väärentämistä on harjoittanut muun muassa Venäjä Itämerellä.
– Silloin kuka vain laivalla oleva voi muuttaa tai poistaa kriittisiä tietoja.
Bjørkhaugin mukaan monet alalla uskovat yhä, että laivat ovat kuin eristettyjä saaria, jotka eivät ole yhteydessä internetiin. Todellisuudessa kaikki on yhteydessä ja ihmisten rutiinit ovat usein heikoin lenkki.
Norjalaismedian jutussa ei tarkenneta, mitä laivoja esimerkit koskevat. Siinä mainitaan kuitenkin, että kyseessä on myös norjalaisia aluksia.
Tomi Engdahl says:
Upseeri käytti juoksusovellusta – Paljasti kokonaisen lentotukialusosaston paikan
Sovellusten tietoturva tulee ottaa vakavasti. Nyt sen oppi kantapään kautta Ranskan laivaston upseeri.
https://www.tekniikkatalous.fi/uutiset/a/3b1204b4-47f4-4828-84c7-2beae4c8c116
Tomi Engdahl says:
Intel’s Heracles chip computes fully-encrypted data without decrypting it — chip is 1,074 to 5,547 times faster than a 24-core Intel Xeon in FHE math operations
News
By Anton Shilov published March 11, 2026
No decryption occurs inside the processor, eliminating entire classes of attacks.
https://www.tomshardware.com/tech-industry/cyber-security/intels-heracles-chip-computes-fully-encrypted-data-without-decrypting-it-chip-is-1-074-to-5-547-times-faster-than-a-24-core-intel-xeon-in-fhe-math-operations
Tomi Engdahl says:
Intro NIS2-direktiiviin, Kyberturvallisuuslakiin sekä Digiturvamalli-työkaluun
Esittelemme NIS2-direktiivin perusteet (esim. toimialat, muutokset alkuperäisestä NIS:stä ja suositellut toimenpiteet) sekä Digiturvamalli-työkalu perusteet, jonka avulla vaatimustenmukaisuuden perusteet luova oma tietoturvan hallintajärjestelmä voidaan rakentaa.
https://www.digiturvamalli.fi/koulutus/nis2-osa-1-2-intro-nis2-direktiiviin-seka-digiturvamalli-tyokaluun?utm_term=&utm_campaign=FI_PMAx_NIS2_Webinar_7/2025&utm_source=adwords&utm_medium=ppc&hsa_acc=7610695024&hsa_cam=22833506392&hsa_grp=&hsa_ad=&hsa_src=&hsa_tgt=&hsa_kw=&hsa_mt=&hsa_net=adwords&hsa_ver=3&gad_source=1&gad_campaignid=22823977872&gbraid=0AAAAADnQLxM7wvFyiRCVdijlXssVw-v25&gclid=Cj0KCQiA2bTNBhDjARIsAK89wlFZHs5h4-fd0CuhvUVEiXlbM4UTKVKyIRd58-2pcM_D0xmTb4ms-w0aAqg9EALw_wcB
Tomi Engdahl says:
https://gdprscanner.eu/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/18729-yksi-prompt-riitti-chatgpt-saattoi-vuotaa-dataa-ilman-varoituksia
Tomi Engdahl says:
Connectivity Standards Alliancen julkaisema Aliro 1.0 -standardi merkitsee, että uusi turvallisen ja yhteentoimivan kulunvalvonnan teollisuusstandardi on valmis tarjoamaan kätevän vaihtoehdon suljetuille, valmistajakohtaisille ratkaisuille.
Teollisuudessa on jo pitkään visioitu aidosti verkottunutta maailmaa, jossa mobiililaitteemme toimivat yleismaailmallisena digitaalisena avaimena ja mahdollistavat sujuvan liikkumisen kodin, työpaikan ja julkisten tilojen välillä. Yleinen mobiililompakko, jossa on voimassa olevat tunnistetiedot, antaisi käyttäjille mahdollisuuden maksaa ostoksia, käyttää avoimia joukkoliikennejärjestelmiä ja avata ovia asuinrakennuksissa, toimistoissa tai esimerkiksi hotelleissa.
Tämän vision toteuttaminen edellyttää yhtenäistä kulunvalvonnan standardia, joka takaa laitteiden yhteentoimivuuden ja täyttää korkeat tietoturvavaatimukset. Näitä tarvitaan erityisesti käyttökohteissa, joissa käyttäjien vaihtuvuus on suurta ja järjestelmä integroidaan monimutkaisiin ekosysteemeihin. Helmikuussa 2026 julkaistu Aliro 1.0 on tärkeä virstanpylväs laitevalmistajille, jotka ovat luvanneet asiakkailleen yhteentoimivia kulunvalvontaratkaisuja ja voivat nyt toimittaa täysin standardoidun toteutuksen.
https://etn.fi/index.php/98-in-focus/18668-uusi-standardi-tuo-digitaaliset-avaimet-jokaisen-taskuun
Tomi Engdahl says:
https://www.cclab.com/news/is-your-radio-device-a-high-risk-ai-system-navigating-the-red-and-ai-act-overlap
Tomi Engdahl says:
https://wapice.com/insights/eu-cybersecurity-what-cra-and-red-mean/