Ghostwire — Trending Cybersecurity Threats

What the cybersecurity community is reporting right now.

Critical Telnetd Vulnerability Allows Remote Code Execution Attacks

Reported by 7 sources: CyberPress, GBHackers, Zero Day Initiative, Infosecurity Magazine, Exploit-DB
critictelnetdvulnerabilallowremotecodeexecuattack

Critical Bamboo Data Center Vulnerability Enables Remote Code Execution

Reported by 6 sources: CyberPress, GBHackers, Zero Day Initiative, Infosecurity Magazine, Huntress
criticbambodatacentvulnerabilenablremotecode

Navigating Security Tradeoffs of AI Agents

Reported by 5 sources: Unit42, Snyk, Zero Day Initiative, ReversingLabs, Security Break
navigatsecurtradeofagent

Google's Threat Analysis Group (TAG) recently disclosed the discovery of a new type of iOS full-chain attack that exploits multiple zero-day vulnerabilities, allowing complete control over Apple devices.

Reported by 5 sources: Zero Days, Mandiant, CyberPress, Infosecurity Magazine, S2W Talon
googlthreatanalysigrouptagrecentdisclosdiscovery

Authorities disrupt four IoT botnets behind record DDoS attacks

Reported by 5 sources: Help Net Security, The Hacker News, GBHackers, Krebs on Security, 360 Netlab
authordisruptfouriotbotnetbehindrecordddos

CISA Warns of Actively Exploited Zimbra Collaboration Suite Vulnerability

Reported by 5 sources: CyberPress, GBHackers, The Hacker News, CISA Advisories, Infosecurity Magazine
cisawarnactiveexploitzimbracollaborasuitevulnerabil

Aura Confirms Data Breach Impacting 900,000 Customer Records

Reported by 4 sources: CyberPress, GBHackers, Infosecurity Magazine, Huntress
auraconfirmdatabreachimpact90000customrecord

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Reported by 4 sources: The Hacker News, Malwarebytes Labs, Infosecurity Magazine, Mandiant
applewarnoldiphonvulnercorunadarkswordexploit

Rapid7 Releases 2026 Global Threat Landscape Report Highlighting Accelerated Cyber Attack Trends and AI Integration

Reported by 4 sources: Advanced Threats, Infosecurity Magazine, WeLiveSecurity, Huntress
rapid7releas2026globthreatlandscapereporthighlight

GlassWorm ForceMemo Campaign: Supply Chain Attack Targets GitHub Python Repositories with Stolen Tokens and Blockchain-Based Malware

Reported by 4 sources: Advanced Threats, The Hacker News, Infosecurity Magazine, Huntress
glasswormforcememocampaignsupchainattacktargetgithub

CISA Adds One Known Exploited Vulnerability to Catalog

Reported by 4 sources: CISA Advisories, The Hacker News, Infosecurity Magazine, S2W Talon
cisaaddsoneknownexploitvulnerabilcatalog

WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack

Reported by 4 sources: GBHackers, Advanced Threats, Codeby, Huntress
waterplumunleashstoatwafflemalwarevscodesupchainattack

Fake Tools Fuel Vibe-Coded Malware Campaign Targeting Unsuspecting Users

Reported by 4 sources: CyberPress, Infosecurity Magazine, ReversingLabs, WeLiveSecurity
faketoolfuelvibecodmalwarecampaigntargetunsuspect

Robotic surgery firm Intuitive reports data breach after targeted phishing attack

Reported by 4 sources: Security Affairs, Dark Reading, Infosecurity Magazine, Huntress
roboticsurgeryfirmintuitreportdatabreachtarget

Perseus Malware Targets Android Users in Turkey and Italy

Reported by 4 sources: Malware, CyberPress, The Hacker News, WeLiveSecurity
perseumalwaretargetandroiduserturkeyita

U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

Reported by 4 sources: Security Affairs, CISA Advisories, Infosecurity Magazine, S2W Talon
cisaaddsmicrosoftsharepointzimbraflawknownexploit

Interlock Ransomware Targets Cisco Enterprise Firewalls

Reported by 4 sources: Dark Reading, CyberPress, GBHackers, The Hacker News
interlockransomwaretargetciscoenterprisefirewal

Critical UNISOC T612 Modem Flaw Enables RCE via Cellular Calls

Reported by 4 sources: CyberPress, GBHackers, The Hacker News, Infosecurity Magazine
criticunisoct612modemflawenablrcecellular

У нас тут крыса: троян Remcos RAT распространяют через фишинговые письма

Reported by 3 sources: Habr InfoSec, SANS ISC, Infosecurity Magazine
remcorat

Chrome Beta for Desktop Update

Reported by 3 sources: Google Chrome Releases, CyberPress, GBHackers
chromebetadesktopupdate

Crypto platform Bitrefill says North Korean hackers likely behind breach

Reported by 3 sources: North Korea Cyber, SecurityWeek, Infosecurity Magazine
cryptoplatformbitrefilsaysnorthkoreanhackerlike

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

Reported by 3 sources: SecurityWeek, CyberScoop, Mandiant
8216darksword8217iosexploitkitstatesponsorhackerspywarevendor

New Ubuntu Flaw Enables Local Attackers to Gain Root Access

Reported by 3 sources: Infosecurity Magazine, The Hacker News, FreeBuf
ubuntuflawenabllocattackergainrootacces

Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks

Reported by 3 sources: GBHackers, The Hacker News, Infosecurity Magazine
applewebkitsecurflawexposiosmacouser

Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks

Reported by 3 sources: Network Security, The Hacker News, Infosecurity Magazine
interlockransomwareexploitciscofirewalflawweek

Rapid7 2026 Global Threat Landscape Report Shows Exploited High and Critical-Severity Vulnerabilities Surged 105% as Attack Timelines Collapsed

Reported by 3 sources: Cyber Attacks, Infosecurity Magazine, WeLiveSecurity
rapid72026globthreatlandscapereportshowexploit

AI-Generated Slopoly Malware Signals a New Phase in Ransomware Attacks

Reported by 3 sources: Ransomware, Codeby, Infosecurity Magazine
aigeneratslopomalwaresignalphaseransomwareattack

ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)

Reported by 3 sources: SANS ISC, Rapid7, Rapid7 Cybersecurity Blog
iscstormcastfridaymarch20th2026httpsiscsansedupodcastdetail9858fri

The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report

Reported by 3 sources: Rapid7, Rapid7 Cybersecurity Blog , WeLiveSecurity
attackcycleacceleratannouncrapid72026globthreat

New Critical Jenkins Vulnerabilities Put CI/CD Servers at Risk of RCE Exploits

Reported by 3 sources: GBHackers, Unit42, Huntress
criticjenkinvulnerabilputcicdserverriskrce

AI Conundrum: Why MCP Security Can't Be Patched Away

Reported by 3 sources: Dark Reading, ReversingLabs, Risky Business
conundrumwhymcpsecurcantpatchaway

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

Reported by 3 sources: The Hacker News, WeLiveSecurity, Huntress
edrkillerbyovdexploitsignvulnerdriverdis

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Reported by 3 sources: CISA Advisories, Infosecurity Magazine, S2W Talon
cisaaddsfiveknownexploitvulnerabilcatalog

Iran’s Stryker Hack

Reported by 3 sources: Real Clear Defense, CyberScoop, Infosecurity Magazine
iranstrykhack

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

Reported by 3 sources: The Hacker News, GBHackers, Krebs on Security
dojdisruptmilliondeviceiotbotnetbehindrecord314

Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware

Reported by 3 sources: Zero Days, The Hacker News, GBHackers
ciscofirewalzerodayactiveexploitdelivinterlockransomware

Can Zero Trust survive the AI era?

Reported by 3 sources: CyberScoop, Infosecurity Magazine, Huntress
zerotrustsurvera

Ransomware gang exploits Cisco flaw in zero-day attacks since January

Reported by 3 sources: BleepingComputer, The Hacker News, Infosecurity Magazine
ransomwaregangexploitciscoflawzerodayattacksince

Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis

Reported by 3 sources: Help Net Security, Rapid7, Rapid7 Cybersecurity Blog
rapid7enhancexposurecommandruntimevalidadspmrisk

Apple WebKit Vulnerability Allows Malicious Content Bypass on iOS and macOS

Reported by 3 sources: CyberPress, GBHackers, The Hacker News
applewebkitvulnerabilallowmalicicontentbypasios

Ubuntu vulnerability exposes enterprises to root escalation, complete system compromise

Reported by 3 sources: ITPro, Vulnerabilities, CyberPress
ubuntuvulnerabilexposenterprisrootescalacompletesystem

Cyber Insurance Market to Reach USD 118.97 Billion by 2032 Amid Rising Ransomware Risk, Regulatory Pressure, and AI-Driven Underwriting Innovation

Reported by 3 sources: Energy Security, ReversingLabs, Huntress
cybinsurmarketreachusd11897billion2032

LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader

Reported by 3 sources: GBHackers, The Hacker News, BleepingComputer
leaknetboostransomwareclickfixlurstealthydenoload

Claude Code Security and Magecart: Getting the Threat Model Right

Reported by 3 sources: The Hacker News, FreeBuf, ReversingLabs
claudecodesecurmagecartgetthreatmodelright

Hackers Exploit OpenWebUI Servers to Deploy AI-Powered Payloads

Reported by 3 sources: CyberPress, GBHackers, Huntress
hackerexploitopenwebuiserverdeployaipowerpayload

WaterPlum Launches New StoatWaffle Malware via VSCode-Themed Attack

Reported by 3 sources: CyberPress, GBHackers, Codeby
waterplumlaunchstoatwafflemalwarevscodethemattack

EU Sanctions on Chinese and Iranian Firms: Raptor Train Botnet, SMS Service, and Olympic Billboard Cyberattacks Targeting European Critical Infrastructure

Reported by 3 sources: China Cyber, Security Affairs, Infosecurity Magazine
sanctionchineseiranianfirmrapttrainbotnetsms

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack

Reported by 3 sources: TechCrunch Security, Malwarebytes Labs, Infosecurity Magazine
marquisays67200peoplepersonfinancidatastolen

Fake Tools and CDNs Power New “Vibe-Coded” Malware Campaign

Reported by 3 sources: GBHackers, The Hacker News, Infosecurity Magazine
faketoolcdnspowvibecodmalwarecampaign

How Ceros Gives Security Teams Visibility and Control in Claude Code

Reported by 3 sources: The Hacker News, FreeBuf, ReversingLabs
cerogivsecurteamvisibilcontrolclaudecode