剣 KENSAI
← Back to archive
KENSAI Security Intelligence

Daily Threat Briefing

Automated security research — last 24 hours

2026-03-21 · Friday March 20 → Saturday March 21

4
Critical CVEs
3
Active Exploits
3
Law Enforcement Ops
5
Funding Rounds
🔴
Critical Vulnerabilities & Active Exploits
Critical missing-authentication + code-injection flaw in Langflow (CVSS 9.3) is being actively exploited. Unauthenticated attackers can achieve remote code execution via POST /api/v1 endpoints. Exploitation began within 20 hours of public disclosure — patch immediately.
CVSS 9.3 ACTIVELY EXPLOITED AI/ML Tool The Hacker News · SecurityWeek
Oracle released an out-of-band security update for a critical unauthenticated RCE vulnerability in Identity Manager and Web Services Manager. This is outside Oracle's regular quarterly patch cycle — indicating severity and potential exploitation risk.
CRITICAL OUT-OF-BAND PATCH Identity Management BleepingComputer
CISA ordered all federal agencies to patch a maximum-severity vulnerability in Cisco Secure Firewall Management Center by Sunday March 22. The urgency of the weekend deadline signals active or imminent exploitation.
CVSS 10.0 CISA DIRECTIVE Network Security BleepingComputer
ConnectWise ScreenConnect patched a critical vulnerability that exposed machine keys, potentially allowing unauthorized access to remote management sessions. Latest version adds encrypted storage and key management.
CRITICAL REMOTE ACCESS SecurityWeek
Sansec discovered a critical flaw in Magento's REST API allowing unauthenticated attackers to upload disguised executables (images hiding malicious code) for RCE and account takeover. Thousands of Magento sites already hit in an ongoing defacement campaign since Feb 27.
CRITICAL MASS EXPLOITATION E-Commerce The Hacker News · SecurityWeek
⛓️
Supply Chain & Software Supply Chain Attacks
Aqua Security's Trivy scanner was compromised for the second time in a month. Attackers hijacked 75 tags across "aquasecurity/trivy-action" and "aquasecurity/setup-trivy" GitHub Actions to steal CI/CD secrets. Any pipeline using these actions may have leaked credentials.
SUPPLY CHAIN CI/CD SECRETS GitHub Actions The Hacker News
New malware "Speagle" hijacks legitimate Cobra DocGuard software, using compromised servers to exfiltrate data while masking traffic as legitimate application communication. A sophisticated supply-chain-adjacent attack.
DATA EXFILTRATION Software Hijack The Hacker News
Analysis reveals 54 EDR killer programs abuse 35 legitimately signed but vulnerable drivers to disable endpoint security before deploying ransomware. BYOVD (Bring Your Own Vulnerable Driver) is now a standard ransomware playbook technique.
RANSOMWARE ENABLER BYOVD EDR Evasion The Hacker News
💾
Data Breaches & Insider Threats
Hackers stole personal and health plan information from Navia's environment between late December 2025 and mid-January 2026. 2.7 million individuals affected. Healthcare data breaches continue to be the most impactful by volume.
2.7M RECORDS Healthcare SecurityWeek
A North Carolina man was found guilty of stealing company data and extorting a D.C.-based technology company (Brightly Software) for $2.5M — while still employed as a contractor. Insider threat remains a top-tier risk.
INSIDER THREAT CONVICTED BleepingComputer
Michael Smith pleaded guilty to using AI bots to generate over $10M in fraudulent streaming royalties across Spotify, Apple Music, Amazon Music, and YouTube Music. AI-enabled fraud at scale.
AI FRAUD GUILTY PLEA BleepingComputer
⚖️
Law Enforcement & Geopolitical
US, Germany, and Canada took down C2 infrastructure for AISURU, KimWolf, JackSkid, and Mossad botnets (3 million IoT devices). These botnets powered record-breaking 31.4 Tbps DDoS attacks. Major private-sector collaboration (Akamai, AWS, Cloudflare, Google, Oracle, and others).
JOINT OPERATION 31.4 Tbps DDoS DoJ · The Hacker News · BleepingComputer
International law enforcement shut down 373,000 dark web sites in "Operation Alice." One of the largest coordinated takedowns of illicit infrastructure to date.
OPERATION ALICE 373K Sites BleepingComputer · SecurityWeek
FBI issued a PSA warning that Russian intelligence-linked actors are actively running phishing campaigns against Signal and WhatsApp users. Thousands of encrypted messaging accounts already compromised. Targets include journalists, activists, and government officials.
STATE-SPONSORED PHISHING Encrypted Messaging BleepingComputer
The US confirmed that Handala hacker group is linked to the Iranian government and seized several domains used in cyber-enabled psychological operations.
STATE-SPONSORED DOMAIN SEIZURE SecurityWeek
Three individuals charged with violating US export control laws by conspiring to divert high-performance AI servers assembled in the US to China. Part of the escalating tech cold war.
EXPORT CONTROLS AI Hardware SecurityWeek
📡
Emerging Threats & Trends
Cybercriminals using AI to generate personalized phishing, deepfakes, and malware that evades traditional detection by impersonating normal user activity. Behavioral analytics emerging as the necessary counter — signature-based detection increasingly insufficient.
AI THREATS Detection Gap The Hacker News
Apple urges iOS updates against web-based exploit kits (Coruna, DarkSword) targeting outdated devices. These kits trigger infection chains through malicious web content leading to data theft.
EXPLOIT KIT Mobile The Hacker News
Google introduced mandatory 24-hour cooling period for sideloading apps from unverified developers on Android. Part of the developer verification mandate announced last year. Balances openness with scam/malware reduction.
ANDROID PLATFORM SECURITY The Hacker News
The Gentlemen — New RaaS Operation Emerges
Group-IB detailed "The Gentlemen," a new Ransomware-as-a-Service operation with ~20 members exploiting FortiGate vulnerabilities. Emerging RaaS groups continue to lower the barrier to entry for ransomware attacks.
RANSOMWARE FORTIGATE The Hacker News · SecurityWeek
💰
Security Industry & Funding
Massive round focused on identity and access management for AI agents. Investing in R&D, AI framework expansion, and go-to-market. Signal: the market sees AI agent security as a critical emerging category.
$120M ROUNDSecurityWeek
Privacy-focused MVNO for consumers, enterprises, and governments. Addresses cellular-level surveillance and interception threats.
$100M ROUNDSecurityWeek
Expanding platform capabilities for firmware and hardware supply chain integrity.
$25M ROUNDSecurityWeek
Monitors behavior and verifies user intent to stop attacks in real time. Emerged from stealth.
$20M STEALTHSecurityWeek
Scaling digital brand protection against phishing, impersonation, and brand abuse.
$17M ROUNDSecurityWeek
🎯
KENSAI Relevance & Takeaways

For KENSAI's positioning:

  • Langflow CVE-2026-33017 — exploited in 20 hours. This is KENSAI's core value prop: continuous scanning catches these before attackers do. Content opportunity for a "20-hour window" blog post.
  • Magento PolyShell — thousands of e-commerce sites hit. NIS2-regulated EU companies running Magento are perfect KENSAI targets for DAST scanning.
  • 54 EDR Killers using BYOVD — endpoint security alone isn't enough. KENSAI's multi-layer approach (DAST + SAST + secrets + infrastructure) is the answer.
  • $282M in security funding this week — market is hot. Oasis raising $120M for "agentic access management" validates the AI security category KENSAI occupies.
  • Trivy supply chain compromise — CI/CD pipeline security is an underserved area. Potential future KENSAI module.
  • Russian state phishing on Signal — NIS2 compliance requires secure communications. Content angle for DACH market.