剣 KENSAI
← Back to archive

🛡️ Daily Security Intelligence

2026-03-16 · Monday · compiled at 04:00 CET

3
Data Breaches
4
Critical CVEs
2
Law Enforcement Ops
3
Tool Releases
5
Threat Campaigns

💥 Data Breaches & Incidents

BREACHHIGH

Loblaw Data Breach Exposes Customer Information

Canadian retail giant Loblaw confirmed a data breach exposing customer names, email addresses, and phone numbers. Attackers accessed personal information through compromised systems. Loblaw is one of Canada's largest retailers, making this a significant consumer data exposure.

Source: SecurityWeek · Mar 15
BREACHHIGH

Starbucks Employee Data Breach via Phishing

Starbucks disclosed a data breach affecting employee information, stemming from phishing attacks targeting an internal employee portal. Hundreds of employees impacted. Demonstrates continued effectiveness of targeted phishing against corporate HR systems.

Source: SecurityWeek · Mar 15
BREACHSUPPLY CHAIN

AppsFlyer Web SDK Hijacked for Crypto Theft

The AppsFlyer Web SDK was temporarily hijacked with malicious JavaScript code designed to steal cryptocurrency — a supply-chain attack targeting downstream websites that embed the SDK. The malicious payload was active before being detected and removed.

Source: BleepingComputer · Mar 14

🔴 Critical Vulnerabilities & Zero-Days

CRITICAL0-DAY

Chrome 146: Two Actively Exploited Zero-Days Patched

Google released Chrome 146 update patching two zero-day vulnerabilities affecting Skia (graphics) and V8 (JavaScript engine) that were actively exploited in the wild. The flaws allow data manipulation, security restriction bypass, and potentially remote code execution. Immediate update required.

Source: SecurityWeek / TheHackerNews · Mar 14–15
CRITICALCVSS 10.0

HPE AOS-CX: Unauthenticated Admin Password Reset

Critical vulnerability in HPE Aruba AOS-CX network switches allows remote, unauthenticated attackers to reset administrator passwords, completely bypassing authentication controls. Any organization running HPE AOS-CX switches should patch immediately.

Source: SecurityWeek · Mar 15
CRITICAL

Windows 11 RRAS RCE — Out-of-Band Hotpatch Released

Microsoft issued an emergency out-of-band update for Windows 11 Enterprise devices using hotpatch updates to fix a Remote Code Execution vulnerability in the Routing and Remote Access Service (RRAS). This bypassed the normal Patch Tuesday cycle due to severity.

Source: BleepingComputer · Mar 14
HIGH

Apple Patches Coruna Exploits in Legacy iOS

Apple released iOS/iPadOS 16.7.15 and 15.8.7 to patch vulnerabilities known as "Coruna exploits" — linked to a US defense contractor. These affect legacy devices still in wide use, particularly in enterprise and government contexts.

Source: SecurityWeek · Mar 15

🎯 Active Threat Campaigns

APTSTATE-SPONSORED

Chinese APT CL-STA-1087 Targets SE Asian Militaries

Palo Alto Unit 42 exposed a Chinese state-backed campaign (CL-STA-1087) targeting Southeast Asian military organizations since 2020 using custom malware families "AppleChris" and "MemFun." The operation focused on stealing classified military documents about Western collaboration and organizational structures — not bulk data theft.

Source: TheHackerNews · Mar 13
APTIRAN

Iran-Linked Hackers Hit Stryker, Disrupt Manufacturing

An Iran-linked threat actor attacked medical device manufacturer Stryker, disrupting manufacturing and shipping operations. Notably, the attackers used existing endpoint management software (not traditional malware) to wipe devices — a sophisticated living-off-the-land technique.

Source: SecurityWeek · Mar 15
APTIRAN

Pro-Iranian Hackers Expanding Targets to US Infrastructure

Iran-linked hackers are broadening their scope from Middle Eastern targets to US critical infrastructure, including defense contractors, power stations, and water treatment plants. The escalation coincides with ongoing regional conflict.

Source: SecurityWeek · Mar 15
CREDENTIAL THEFT

Storm-2561: Trojan VPN Clients via SEO Poisoning

Microsoft disclosed the Storm-2561 campaign distributing trojanized VPN clients through SEO poisoning. Users searching for legitimate enterprise VPN software are redirected to malicious downloads containing digitally signed trojans that steal credentials.

Source: TheHackerNews · Mar 13
SUPPLY CHAIN

GlassWorm: 72 Malicious VS Code Extensions in Open VSX

A new iteration of the GlassWorm campaign abuses extensionPack and extensionDependencies in the Open VSX registry to create transitive infection chains through 72 seemingly legitimate VS Code extensions. Developers are the primary targets — a growing attack vector against the software supply chain.

Source: TheHackerNews · Mar 14

⚖️ Law Enforcement Operations

TAKEDOWN

INTERPOL: 45,000 Malicious IPs Seized, 94 Arrested

INTERPOL coordinated a massive takedown across 72 countries, dismantling 45,000 malicious IP addresses and servers used for phishing, malware, and ransomware. 94 arrests made, 110 more under investigation. Bangladesh alone arrested 40 suspects. 212 devices and servers seized.

Source: TheHackerNews · Mar 13
TAKEDOWN

SocksEscort Proxy Botnet Dismantled — 369K IPs

US and European authorities disrupted SocksEscort, a criminal proxy service that enslaved 369,000 residential routers across 163 countries using the AVrecon botnet since 2020. The service sold access to infected home routers for fraud operations, with ~8,000 actively compromised devices as of February 2026.

Source: TheHackerNews / SecurityWeek · Mar 13

🛠️ Security Tools & Industry

OPEN SOURCE

Betterleaks: New Secrets Scanner to Replace Gitleaks

A new open-source tool called Betterleaks scans directories, files, and git repositories to identify valid secrets using customizable rules. Positioned as a modern replacement for the popular Gitleaks scanner.

Source: BleepingComputer · Mar 15
FUNDING

Bold Security: $40M for AI-Powered Device Protection

Bold Security emerged from stealth with $40M in funding. The startup uses AI to turn devices into active security agents that understand user behavior and provide real-time protection. Signals strong investor appetite for AI-driven endpoint security.

Source: SecurityWeek · Mar 15
FUNDING

Onyx Security: $40M for Autonomous AI Agent Oversight

Onyx Security launched with $40M to build a control plane for overseeing autonomous AI agents in enterprise environments. Two $40M rounds in one week targeting AI security — confirms the market KENSAI is positioning in.

Source: SecurityWeek · Mar 15
INDUSTRY

Google Paid $17M in Bug Bounties in 2025

Google disclosed it paid over $17 million in bug bounty rewards in 2025, including $3.7M for Chrome vulnerabilities and $3.5M for cloud security defects. Demonstrates the scale of vulnerability discovery in major platforms.

Source: SecurityWeek · Mar 15
PRIVACY

Meta Killing Instagram E2E Encrypted Chat — May 2026

Meta announced it will discontinue end-to-end encryption for Instagram DMs after May 8, 2026. Users will need to download their encrypted messages before the cutoff. A significant privacy regression affecting millions of users.

Source: TheHackerNews · Mar 13
📊 KENSAI Market Signal: Two AI security startups each raised $40M this week (Bold Security + Onyx Security) — confirming massive investor appetite for AI-powered security platforms. The GlassWorm supply-chain attack targeting developer tools and Storm-2561's trojanized VPN campaign both highlight the exact attack vectors KENSAI's scanning engine detects. Chrome zero-days and HPE's CVSS 10.0 remote admin reset reinforce demand for continuous vulnerability monitoring — KENSAI's core value prop.