CISA warns businesses to secure Microsoft Intune systems after Stryker breach says CISA urged organizations using Microsoft Intune and similar endpoint-management platforms to harden tenant controls after attackers abused legitimate administration tooling, directing defenders to Microsoft guidance on privileged access, device compliance, and logging [AMER]. The alert matters because it turns a high-profile intrusion into a practical response checklist, helping DFIR teams validate whether cloud management paths can be misused for lateral movement, large-scale device actions, or destructive follow-on activity (Source: BleepingComputer, 19-03-2026).

ConnectWise patches new flaw allowing ScreenConnect hijacking says ConnectWise released fixes for ScreenConnect after disclosing CVE-2026-3564, a critical cryptographic-signature verification weakness that could let attackers gain unauthorized access and escalate privileges on vulnerable remote-support deployments [AMER]. For responders, the case is a reminder to inventory externally reachable admin tooling quickly, verify version exposure, and review session, key, and authentication artifacts because support platforms remain prized footholds during both intrusion and remediation phases (Source: BleepingComputer, 18-03-2026).

Russia-linked hackers breached Ukrainian maritime agency via Zimbra flaw says researchers found Russia’s APT28 compromised a Ukrainian maritime agency through a phishing campaign that exploited a Zimbra webmail vulnerability, adding another documented espionage path into government communications infrastructure [EMEA]. The investigation is significant for cyber professionals because it ties email-platform exposure directly to mission-sector targeting, reinforcing the need to preserve webmail logs, trace exploit chains, and watch for stealthy credential capture around collaboration and messaging systems (Source: The Record, 19-03-2026).

Russia-linked hackers used iPhone exploit framework against Ukrainians says Lookout detailed a likely Russia-linked campaign using the DarkSword iPhone exploit framework against Ukrainian users, showing operators could extract sensitive device data with little or no victim interaction before removing traces [EMEA]. This matters because mobile forensics and executive-protection teams increasingly need acquisition, telemetry, and threat-hunting coverage for iOS devices, especially where state-linked actors are blending espionage goals with commercially portable exploitation tooling (Source: The Record, 18-03-2026).

Thousands of Magento sites hit in ongoing defacement campaign says Netcraft found an ongoing campaign had defaced more than 7,500 Magento sites across over 15,000 hostnames, hitting e-commerce brands and public-sector services with attacker calling cards and politically themed messages [GLOBAL]. The scale matters operationally because widespread website compromise can mask follow-on access and supply-chain risk, so defenders should treat defacement as a potential indicator of broader server-side exposure rather than a purely reputational nuisance (Source: SecurityWeek, 20-03-2026).

Navia discloses data breach impacting 2.7 million people says Navia Benefit Solutions disclosed a breach affecting nearly 2.7 million people after determining attackers had accessed its systems between 22-12-2025 and 15-01-2026, exposing personal and benefits-related information [AMER]. The incident matters beyond one victim because third-party administrators hold dense identity and health-plan data, making them attractive extortion and fraud targets that can create long-tail notification, identity-theft, and partner-risk consequences for multiple organizations at once (Source: BleepingComputer, 19-03-2026).

CISA warns of attacks exploiting recent SharePoint vulnerability says CISA confirmed in-the-wild exploitation of SharePoint remote-code-execution flaw CVE-2026-20963 and added it to the Known Exploited Vulnerabilities catalog, elevating urgency around January’s Microsoft patch [AMER]. That development matters because SharePoint remains deeply embedded in enterprise workflows, and KEV status sharply raises the expectation that defenders will validate patching, internet exposure, web-shell hunting, and authentication anomalies without waiting for fuller post-compromise indicators (Source: SecurityWeek, 19-03-2026).

Cisco firewall vulnerability exploited as zero-day in Interlock ransomware attacks says researchers linked Interlock ransomware activity to zero-day exploitation of a maximum-severity vulnerability in Cisco Secure Firewall Management Center software, with evidence of abuse dating back to late January [AMER]. The finding matters because compromise of centralized security-management infrastructure can give adversaries privileged visibility and control, forcing defenders to assess whether tooling meant to protect the environment has instead become a high-value attack path (Source: SecurityWeek, 19-03-2026).

Global cybercrime crackdown shuts down over 373,000 dark-web sites says Europol reported that authorities from 23 countries shut down more than 373,000 dark-web sites during Operation Alice, expanding what began as an action against a single platform operator into a wider international cybercrime crackdown [EMEA]. For investigators and threat teams, the action underscores how marketplace disruptions can quickly shift criminal infrastructure, usernames, escrow patterns, and evidence availability, making timely collection and actor-tracking crucial after major takedowns (Source: Europol, 20-03-2026).

Justice Department disrupts Iranian cyber-enabled psychological operations says the U.S. Justice Department announced a court-authorized seizure of four domains allegedly used to support Iranian Ministry of Intelligence and Security hacking efforts tied to psychological operations and transnational repression [AMER]. The move matters because it blends cyber disruption with attribution and influence-response tooling, giving defenders additional context on how state-linked operators may pair network intrusion, harassment, and information operations against diaspora, dissident, and government targets (Source: U.S. Department of Justice, 19-03-2026).

EDPB and EDPS support strengthening EU cybersecurity while easing compliance says the EDPB and EDPS backed the European Commission’s Cybersecurity Act 2 and related NIS2 amendments while urging that stronger cyber resilience measures be implemented without weakening personal-data protections [EMEA]. This matters because DFIR, legal, and governance teams increasingly have to map incident response, reporting, certification, and supply-chain duties across overlapping EU cyber and privacy regimes rather than handling them as separate compliance tracks (Source: EDPB/EDPS, 19-03-2026).

DOE updates cyber, energy security, and emergency response strategy priorities says the U.S. Department of Energy’s CESER office published a strategic update emphasizing energy-sector security, infrastructure hardening, and resilience priorities as cyber risk remains central to grid protection [AMER]. The policy signal matters because critical-infrastructure owners often align investment and program timing to federal strategy documents, which can shape everything from procurement priorities to exercise planning and expectations for public-private threat-sharing over the next several years (Source: U.S. Department of Energy, 18-03-2026).

NIST publishes Secure Domain Name System Deployment Guide SP 800-81 Rev. 3 says NIST published SP 800-81 Rev. 3, a final Secure Domain Name System Deployment Guide, refreshing authoritative guidance for securing DNS architecture and operations in modern enterprise environments [AMER]. The release matters because DNS remains both a foundational dependency and a frequent abuse surface, so updated deployment guidance gives security and compliance teams a current benchmark for hardening, monitoring, and audit conversations around name-resolution infrastructure (Source: NIST, 19-03-2026).

NIST finalizes 5G Network Security Design Principles says NIST finalized CSWP 36E on 5G Network Security Design Principles, outlining infrastructure-design approaches that isolate traffic types and strengthen cybersecurity and privacy in commercial and private 5G deployments [AMER]. That matters for compliance and architecture teams because 5G rollouts increasingly intersect with OT, IoT, and regulated environments, where security design choices made early can determine later auditability, segmentation strength, and incident-containment options (Source: NIST, 19-03-2026).

Aura confirms data breach exposing 900,000 marketing contacts says online safety provider Aura confirmed that a voice-phishing attack against an employee exposed roughly 900,000 records, including names and email addresses tied to marketing contacts and some current and former customers [AMER]. The case matters because it shows how consumer-facing trust brands can still lose data through classic vishing and SaaS-adjacent workflow abuse, reinforcing the need for customer-notification planning and stronger verification around internal support requests (Source: BleepingComputer, 18-03-2026).

Marquis data breach affects 672,000 individuals says Marquis, a marketing and compliance services provider for banks and credit unions, said a breach first disclosed last year affected about 672,000 people after updated impact analysis narrowed the scope [AMER]. Even though the intrusion predates this cycle, the revised disclosure matters now because downstream consumer-harm calculations, notification decisions, and third-party risk reviews often change materially when victim counts are recalculated months after initial reporting (Source: SecurityWeek, 20-03-2026).