剣 KENSAI
← Back to archive

🛡️ KENSAI Security Intelligence

Friday, March 14, 2026
📡 5 Sources Monitored 🔍 14 Stories Analyzed ⏱️ Generated 04:00 CET
3
Data Breaches
3
Zero-Days / CVEs
1
Ransomware Attack
3
Law Enforcement Ops
🔴

Critical Vulnerabilities & Zero-Days

CRITICAL — 0-DAY

Google Patches Two Actively Exploited Chrome Zero-Days

Google released emergency updates to fix two high-severity Chrome zero-days being exploited in the wild. CVE-2026-3909 is an out-of-bounds write in the Skia graphics library that can lead to code execution. CVE-2026-3910 is an inappropriate implementation in the V8 JavaScript engine. Patches are available in Chrome 146.0.7680.75 (Windows/Linux) and 146.0.7680.76 (macOS). These are the 2nd and 3rd Chrome zero-days patched in 2026.

ChromeCVE-2026-3909CVE-2026-3910V8Skia
Source: BleepingComputer, SecurityWeek — Mar 13, 2026
HIGH — CVE

Microsoft Patch Tuesday: 77 Vulnerabilities Including SQL Server Privilege Escalation

Microsoft's March 2026 Patch Tuesday addresses 77 vulnerabilities. Notable: CVE-2026-21262 allows an authorized attacker to escalate to sysadmin privileges on SQL Server 2016+ over a network (CVSS 8.8). No zero-days this month, but two bugs were publicly disclosed prior to the patch.

MicrosoftPatch TuesdayCVE-2026-21262SQL Server
Source: KrebsOnSecurity — Mar 13, 2026
HIGH — VULNERABILITY

Apple Patches Coruna Exploits in Legacy iOS Versions

Apple has released iOS/iPadOS 16.7.15 and 15.8.7 to patch vulnerabilities known as "Coruna exploits." SecurityWeek reports a US defense contractor is behind the exploit chain. Users on older devices should update immediately.

AppleiOSCorunaMobile
Source: SecurityWeek — Mar 13, 2026
HIGH — VULNERABILITY

WordPress Plugin Flaw Exposes 200,000+ Sites to SQL Injection

A vulnerability in the Ally WordPress plugin allows attackers to inject SQL queries and extract sensitive database information. Over 200,000 websites are affected. Site admins should update or remove the plugin immediately.

WordPressSQLiWeb Security
Source: SecurityWeek — Mar 13, 2026
MEDIUM — N8N

N8n Workflow Automation Flaw Exploited in the Wild

A vulnerability in the popular n8n workflow automation platform is being actively exploited. Details are limited, but organizations running n8n should audit their deployments and apply patches.

n8nAutomationExploited
Source: SecurityWeek — Mar 13, 2026
🔓

Data Breaches

CRITICAL — WIPER ATTACK

Iran-Backed Handala Group Claims Massive Wiper Attack on Stryker

Iran-linked hacktivist group Handala claims to have wiped data from 200,000+ systems at medical technology giant Stryker (NYSE: SYK, $25B annual revenue). Over 5,000 workers in Ireland were sent home. Offices across 79 countries reportedly shut down. Devices were wiped, login pages defaced with Handala's logo, and staff resorted to WhatsApp communication. The group is linked to Iran's MOIS through the Void Manticore threat actor. The attack was claimed as retaliation for a February missile strike.

IranHandalaWiperStrykerHealthcareMOIS
Source: KrebsOnSecurity — Mar 13, 2026
HIGH — BREACH

Starbucks Data Breach Affects Hundreds of Employees

Starbucks disclosed a data breach after threat actors gained access to Starbucks Partner Central employee accounts via phishing attacks. Hundreds of employees were impacted. The company is investigating the scope of exposed data.

StarbucksPhishingEmployee Data
Source: BleepingComputer, SecurityWeek — Mar 13, 2026
HIGH — BREACH

Canadian Retail Giant Loblaw Notifies Customers of Data Breach

Loblaw, Canada's largest retailer, has auto-logged out all customers and forced password resets after discovering a breach. The full scope of customer data compromised is still under investigation.

LoblawRetailCustomer DataCanada
Source: BleepingComputer — Mar 12, 2026
MEDIUM — BREACH

Telus Digital Data Breach Reported

Canadian tech company Telus Digital has suffered a data breach. Details remain limited as the investigation continues.

TelusCanadaTelecom
Source: SecurityWeek — Mar 13, 2026
💀

Ransomware

HIGH — RANSOMWARE

England Hockey Hit by AiLock Ransomware — 129GB Stolen

The AiLock ransomware gang claims to have stolen 129GB of data from England Hockey, which governs field hockey across 800+ clubs and 150,000 registered players. AiLock is a relatively new group that uses privacy law violations as leverage in negotiations. The organization is working with law enforcement and external specialists.

AiLockRansomwareSportsDouble Extortion
Source: BleepingComputer — Mar 12, 2026
🎯

Active Threat Campaigns

CRITICAL — ESPIONAGE

Chinese APT Targets SE Asian Militaries with Custom Malware

Palo Alto Unit 42 uncovered a China-linked espionage campaign (CL-STA-1087) targeting Southeast Asian military organizations since 2020. Attackers used custom malware families AppleChris and MemFun to collect military capability documents, organizational structures, and intelligence about Western military collaborations. The campaign shows "strategic operational patience" and highly targeted collection.

ChinaAPTMilitaryEspionageUnit 42
Source: The Hacker News — Mar 13, 2026
HIGH — CREDENTIAL THEFT

Storm-2561: Fake Enterprise VPN Sites Stealing Corporate Credentials

Microsoft tracks threat actor Storm-2561 distributing fake VPN clients impersonating Ivanti, Cisco, Fortinet, Sophos, SonicWall, Check Point, and WatchGuard. Uses SEO poisoning to rank fake download sites, installs the Hyrax infostealer alongside a convincing fake VPN login screen. After stealing credentials, redirects victims to the real vendor site — making compromise nearly invisible. Signed with a revoked legitimate certificate.

Storm-2561VPNSEO PoisoningCredential TheftHyrax
Source: BleepingComputer, Microsoft — Mar 13, 2026
HIGH — MALWARE

Rust-Based VENON Banking Malware Targets 33 Brazilian Banks

A new Rust-based banking trojan called VENON targets Brazilian users with credential-stealing overlays for 33 banks. It represents a shift from traditional Delphi-based Latin American banking malware. Uses LNK hijacking, active window monitoring, and banking overlay logic similar to Grandoreiro and Mekotio families.

VENONRustBanking TrojanBrazil
Source: The Hacker News — Mar 12, 2026
HIGH — MALWARE

FBI Investigates Malware Distributed via Steam Games

The FBI is seeking victims of eight malicious Steam games that were used to spread malware. The agency is collecting information as part of an ongoing investigation. Gamers who installed the affected titles should scan their systems.

FBISteamGamingMalware
Source: BleepingComputer — Mar 13, 2026
HIGH — IRAN

Iran-Linked Hackers Expanding Targets to US Infrastructure

Pro-Iranian hacker groups are targeting sites in the Middle East and beginning to probe US targets including defense contractors, power stations, and water plants. The escalation tracks with ongoing geopolitical tensions and raises the risk of attacks on critical infrastructure.

IranCritical InfrastructureUSOT/ICS
Source: SecurityWeek — Mar 13, 2026
MEDIUM — ATTACK

Poland's National Centre for Nuclear Research Targeted

Poland's NCBJ (National Centre for Nuclear Research) detected and blocked a cyberattack against its IT infrastructure before any impact. The attack underlines continued targeting of nuclear and energy sector organizations in Europe.

PolandNuclearCritical Infrastructure
Source: BleepingComputer — Mar 13, 2026
⚖️

Law Enforcement Actions

INFO — TAKEDOWN

Operation Synergia III: INTERPOL Sinkholes 45,000 IPs, Arrests 94

INTERPOL's "Operation Synergia III" — spanning 72 countries from July 2025 to January 2026 — sinkholed 45,000 malicious IPs, seized 212 devices/servers, arrested 94 suspects, with 110 more under investigation. In Macau, investigators identified 33,000+ phishing sites impersonating banks and casinos. Major arrests in Bangladesh (40) and Togo (10).

INTERPOLOperation Synergia IIITakedownGlobal
Source: BleepingComputer, The Hacker News — Mar 13, 2026
INFO — TAKEDOWN

SocksEscort Proxy Botnet Dismantled — 369,000 IPs Across 163 Countries

US and European law enforcement dismantled SocksEscort, a criminal proxy service that enslaved residential routers into a botnet since 2020. The service offered access to ~369,000 IP addresses in 163 countries, with nearly 8,000 infected routers active as of February 2026. The service advertised "static residential IPs with unlimited bandwidth" for bypassing spam blocklists.

SocksEscortBotnetProxyDoJ
Source: The Hacker News, SecurityWeek — Mar 13, 2026
INFO — PLATFORM

Meta Disables 150,000+ Accounts Powering Asian Scam Centers

Meta has launched new protection tools and disabled more than 150,000 accounts that were powering scam centers across Asia. The effort aims to disrupt organized fraud operations at scale.

MetaScam CentersAsia
Source: SecurityWeek — Mar 13, 2026
📊

Industry & Tools

INFO — FUNDING

Bold Security and Onyx Security Each Emerge With $40M Funding

Bold Security uses AI to turn devices into active protection agents that understand user actions in real time. Onyx Security is building a control pane to help organizations oversee autonomous AI agents and rapidly adopt them. Both emerged from stealth with $40M each — signaling strong investor appetite for AI-native security platforms.

FundingAI SecurityStartups
Source: SecurityWeek — Mar 13, 2026
INFO — BOUNTY

Google Paid $17M in Bug Bounties in 2025

Google's Vulnerability Reward Program paid out $17 million to 747 security researchers in 2025. Chrome vulnerabilities earned researchers $3.7M, while cloud security defects netted $3.5M.

GoogleBug BountyVRP
Source: SecurityWeek — Mar 13, 2026

🔮 KENSAI Analysis — What This Means For You

  • Patch Chrome NOW: Two actively exploited zero-days (CVE-2026-3909, CVE-2026-3910) — update to 146.0.7680.75+ immediately across all endpoints.
  • Iran threat escalation is real: The Stryker wiper attack (200K+ devices) is the largest Iran-linked destructive operation to date. Combined with probes against US infrastructure, organizations with geopolitical exposure need updated incident response plans.
  • VPN credential theft via SEO poisoning: Storm-2561 is impersonating every major VPN vendor. Enforce MFA on all VPN access and educate employees to only download clients from verified internal sources — never from search results.
  • WordPress admins: The Ally plugin SQLi flaw affects 200K+ sites. Audit your WordPress plugins and patch or remove Ally immediately.
  • NIS2 relevance: The targeting of Poland's nuclear center and Iranian attacks on critical infrastructure reinforce NIS2's mandate for incident reporting and supply chain security across EU essential services.
  • AI-native security funding wave: $80M across two stealth launches signals the market is shifting toward AI agent oversight — directly relevant to KENSAI's positioning in autonomous security assessment.
← Back to Security Research Index