Originally reported by The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates
TL;DR
Google patched two actively exploited Chrome zero-days affecting Skia and V8, while researchers disclosed nine privilege escalation vulnerabilities in Linux AppArmor. Veeam released fixes for seven critical RCE flaws in Backup & Replication software.
Multiple actively exploited zero-day vulnerabilities in Chrome combined with critical RCE flaws in enterprise backup software require immediate attention from security teams.
Google released emergency security updates for Chrome to address two high-severity vulnerabilities confirmed as exploited in the wild. The actively targeted flaws include CVE-2026-3909 (CVSS 8.8), an out-of-bounds write vulnerability in the Skia 2D graphics library that enables remote attackers to perform memory corruption via crafted HTML pages.
The second vulnerability affects Chrome's V8 JavaScript engine, though Google has withheld technical details pending wider patch deployment. Both zero-days represent immediate risks for organizations running unpatched Chrome installations.
Qualys Threat Research Unit disclosed nine confused deputy vulnerabilities in Linux AppArmor collectively dubbed "CrackArmor." These kernel-level flaws allow unprivileged users to escalate privileges to root and bypass container isolation protections.
The vulnerabilities exploit AppArmor's security model through manipulation of file descriptors and namespace operations. Container environments relying on AppArmor for isolation face particular risk from these privilege escalation paths.
Veeam addressed seven critical vulnerabilities in Backup & Replication software that enable remote code execution. The most severe, CVE-2026-21666 (CVSS 9.9), allows authenticated domain users to execute arbitrary code on backup servers.
CVE-2026-21667 represents another critical RCE vector affecting the same software. Given Veeam's role in enterprise backup infrastructure, these vulnerabilities pose significant risks to business continuity and data protection systems.
Researchers identified a new Rust-based banking trojan targeting 33 Brazilian financial institutions. VENON represents a tactical shift from traditional Delphi-based malware common in Latin American cybercrime operations.
The malware deploys credential-stealing overlays against Windows systems, focusing on Brazilian banking customers. Its Rust implementation suggests threat actors are modernizing their development practices for improved evasion capabilities.
Microsoft's threat intelligence team documented Storm-2561's use of SEO poisoning to distribute malicious VPN clients. The threat actor has operated since 2025, using search engine manipulation to promote fake VPN downloads that install signed trojans for credential theft.
Storm-2561 leverages legitimate code-signing certificates and mimics trusted VPN brands to evade detection. The campaign highlights the ongoing abuse of legitimate infrastructure for malware distribution.
Microsoft published research on prompt injection attacks against AI systems, demonstrating how hidden instructions in content can manipulate AI responses. The research includes detection methodologies and response playbooks for organizations deploying AI tools.
Additionally, Microsoft released email security benchmark data comparing Microsoft Defender's performance against SEG and ICES vendor solutions in mitigating modern email threats.
Microsoft's March security updates included fixes for several vulnerabilities:
CVE-2026-3784: Proxy connection reuse vulnerability with credential implicationsCVE-2026-20841: Windows Notepad App remote code execution flawCVE-2026-26133: M365 Copilot information disclosure vulnerabilityThe Notepad RCE vulnerability received particular attention given the application's ubiquity across Windows installations.
Originally reported by The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates