← 返回博客
Security Briefing 10分钟阅读 2026年3月19日

DarkSword iOS漏洞利用工具针对iPhone,Cisco FMC零日漏洞遭勒索软件攻击,Aura数据泄露影响90万用户,Ubuntu根权限提升

一个国家支持的iOS漏洞利用工具链接六个漏洞实现完全设备接管。Interlock勒索软件团伙自一月以来利用Cisco Secure防火墙管理中心的关键零日漏洞。Aura确认90万条记录被泄露。Ubuntu权限提升漏洞允许通过systemd时序获取根访问权限。此外:ConnectWise ScreenConnect劫持、9个关键IP KVM漏洞、XBOW为自主攻击安全融资1.2亿美元。


1. DarkSword — iOS Exploit Kit

⚠️ CRITICAL

国家支持的DarkSword漏洞利用工具链接六个iOS漏洞实现完全控制iPhone。Interlock勒索软件自一月以来利用Cisco FMC零日漏洞。Aura数据泄露暴露90万条记录。Ubuntu CVE-2026-3888允许通过systemd时序漏洞进行根权限提升。.

一个国家支持的iOS漏洞利用工具链接六个漏洞实现完全设备接管。Interlock勒索软件团伙自一月以来利用Cisco Secure防火墙管理中心的关键零日漏洞。Aura确认90万条记录被泄露。Ubuntu权限提升漏洞允许通过systemd时序获取根访问权限。此外:ConnectWise ScreenConnect劫持、9个关键IP KVM漏洞、XBOW为自主攻击安全融资1.

2亿美元。.


2. Cisco FMC Zero-Day — Interlock Ransomware

⚠️ CRITICAL

Interlock ransomware exploits Cisco Secure FMC zero-day since January 2026.

Interlock ransomware — Cisco Secure Firewall Management Center (FMC) RCE zero-day. CVSS: Critical. Active since January 2026.


3. Aura — 900,000 Records Breached

🔶 HIGH

Aura identity protection: 900,000 marketing contact records (names + emails) exposed.


4. Ubuntu CVE-2026-3888 — Root Escalation

🔶 HIGH — CVSS 7.8

Ubuntu Desktop 24.04+ — snap-confine + systemd-tmpfiles timing exploit → root access.


5. ConnectWise ScreenConnect — Session Hijacking

ConnectWise ScreenConnect cryptographic signature verification vulnerability enables unauthorized access and privilege escalation.


6. IP KVM — 9 Critical Vulnerabilities

GL-iNet, Angeet/Yeeso, Sipeed, JetKVM — unauthenticated root access via missing firmware validation, broken access controls, exposed debug interfaces.


7. Industry Roundup


Is Your Organization Exposed?

Run a free KENSAI security scan to identify vulnerabilities before attackers find them.

Start Free Security Scan →

KENSAI Security Research Team · 2026年3月19日

📚 Related Articles

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →