Published: 2026-03-04
CISA flags VMware Aria Operations RCE as actively 익스플로잇ed. Microsoft exposes a sophisticated OAuth redirect attack bypassing MFA. LexisNexis confirms hackers stole 2GB of data including government employee records. Plus: Akzo아니오bel hit by Anubis 랜섬웨어 and fake IT support campaigns deploy Havoc C2.
CISA has added a VMware Aria Operations command injection 취약점 to its Known 악용 Vulnerabilities (KEV) catalog. 이 취약점은 allows unauthenticated attackers to execute arbitrary commands, leading to full 원격 코드 실행(RCE).
CVSS 점수: 8.1 (높음) | Deadline: March 24, 2026 for federal agencies
The 취약점 exists in the migration service component of VMware Aria Operations. During support-assisted product migration, an unauthenticated actor can inject commands that run as root via a sudoers misconfiguration in vmware-casa-workflow.sh.
Broadcom released patches on February 24 along with a temporary 임시 해결책 script (aria-ops-rce-임시 해결책.sh) that disables the vulnerable migration components. The company acknowledged reports of active 익스플로잇ation but stated it "cannot independently confirm their validity."
| CVE | Type | 영향 |
|---|---|---|
| CVE-2026-22719 | Command Injection | Unauthenticated RCE |
| CVE-2026-22720 | Stored XSS | Session hijacking |
| CVE-2026-22721 | 권한 상승 | Admin access |
Microsoft Defender researchers have uncovered a sophisticated campaign where 위협 행위자s abuse the legitimate OAuth 2.0 redirect mechanism to bypass email and browser 피싱 protections. The attacks primarily target government and public-sector organizations.
prompt=none, forcing authentication errorsIn some variants, victims are redirected to a /download path that auto-delivers ZIP files containing malicious .LNK files. These launch PowerShell for reconnaissance before DLL side-loading deploys the final 페이로드.
Key takeaway: This attack abuses intended behavior in the OAuth framework. The error handling mechanism works exactly as the standard specifies — attackers simply weaponize the redirect flow.
Legal data giant LexisNexis Legal & Professional has confirmed hackers breached its AWS infrastructure on February 24 by 익스플로잇ing the React2Shell 취약점 in an unpatched React frontend application.
Threat actor "FulcrumSec" leaked 2GB of structured data from the breach, claiming access to:
LexisNexis stated the compromised data was "mostly legacy, deprecated data from prior to 2020" and did not include SSNs, financial information, or active passwords. The company says the intrusion has been contained.
Dutch paint and coatings giant Akzo아니오bel ($12B+ revenue, 35,000 employees, 150+ countries) confirmed a network breach at one of its U.S. sites. The Anubis 랜섬웨어 gang claims to have exfiltrated 170GB of data including:
Anubis, a RaaS operation active since December 2024, offers affiliates 80% of ransom payments and added a destructive data wiper capability in mid-2025.
Huntress researchers identified a campaign across five organizations where attackers masquerade as IT support staff to deploy the Havoc 명령 및 제어(C2) framework. The playbook closely mirrors tactics used by former Black Basta 랜섬웨어 affiliates:
The speed of 횡적 이동 suggests end goals of 데이터 유출 or 랜섬웨어 deployment.
| 기사 | 영향 |
|---|---|
| Iranian strikes on AWS data centers in UAE | Physical infrastructure 취약점 exposed; two facilities directly struck |
| University of Hawaii Cancer Center breach | 1.2M individuals affected; SSNs, health data, voter records stolen |
| Quantum RSA breakthrough | New algorithm suggests RSA decryption feasible sooner than expected |
| Android Qualcomm zero-day patched | Integer overflow in graphics component leads to 메모리 손상 |
| SloppyLemming targets Pakistan & Bangladesh | Dual 악성코드 chains targeting government infrastructure |
| Facebook worldwide outage | Accounts unavailable globally on March 3 |
✅ Real-time CVE 모니터링ing — CVE-2026-22719 indexed and flagged within hours of KEV addition
✅ OAuth Attack Detection — 모니터링 suspicious OAuth app registrations and redirect patterns
✅ Cloud Infrastructure Scanning — Detect React2Shell and similar web app 취약점 before attackers do
✅ Ransomware Readiness — Continuous exposure management against threats like Anubis RaaS
AI-powered 취약점 management with 335,000+ CVEs indexed.
Start Free Trial안전하게. 경계하며.
🗡️ KENSAI 보안팀