Originally reported by BleepingComputer, Malwarebytes Labs
TL;DR
The FBI warns of Russian intelligence-linked phishing campaigns targeting Signal and WhatsApp users. CISA has ordered federal agencies to patch critical vulnerabilities in Cisco firewalls and Oracle identity management systems by Sunday.
CISA has added a maximum-severity Cisco vulnerability to the KEV catalog with a federal patching deadline, indicating confirmed active exploitation of critical infrastructure components.
The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are conducting active phishing campaigns against users of encrypted messaging applications including Signal and WhatsApp. According to the bureau, these operations have already compromised thousands of accounts across multiple platforms.
The campaigns represent a strategic shift toward targeting secure communication channels, potentially aiming to intercept encrypted communications or establish footholds within high-value target networks. The FBI has not disclosed specific technical details about the attack vectors or attribution methodology.
The Cybersecurity and Infrastructure Security Agency has added CVE-2026-20131 to its Known Exploited Vulnerabilities catalog, ordering federal agencies to patch the maximum-severity vulnerability in Cisco Secure Firewall Management Center by Sunday, March 22.
The emergency directive indicates CISA has evidence of active exploitation targeting this critical network security infrastructure. The vulnerability affects Cisco FMC deployments and carries a CVSS score of 10.0, suggesting unauthenticated remote code execution capabilities.
Oracle has pushed an out-of-band security update addressing CVE-2026-21992, a critical unauthenticated remote code execution vulnerability in Oracle Identity Manager and Web Services Manager. The emergency patch delivery suggests either active exploitation or imminent threat intelligence regarding this enterprise identity management flaw.
Organizations running Oracle identity infrastructure should prioritize this update given the potential for privilege escalation and lateral movement within enterprise environments.
International law enforcement agencies have concluded Operation Alice, shutting down over 373,000 dark web sites offering fraudulent child sexual abuse material packages. The coordinated action represents one of the largest dark web takedown operations to date.
While these sites contained fake content designed to defraud users rather than distribute actual illegal material, the operation demonstrates the scale of criminal infrastructure operating within anonymous networks and the challenges facing digital forensics teams.
Security leadership must adapt defensive strategies to address the rising threat of nation-state destructive attacks designed to disrupt operations rather than extract ransom payments. These geopolitically-motivated campaigns often deploy wiper malware and target critical infrastructure with the goal of maximum operational impact.
CISOs should focus on network segmentation, rapid containment capabilities, and recovery planning specifically designed for destructive rather than encrypting attacks.
New York City lawmakers are advancing legislation to limit commercial biometric tracking before widespread deployment enables real-time surveillance pricing and customer profiling. The proposed regulations would require explicit consent and disclosure for facial recognition systems used in retail and public spaces.
The legislative push addresses growing concerns about the intersection of biometric surveillance technology and algorithmic pricing systems that could enable discriminatory practices based on demographic profiling.
Originally reported by BleepingComputer, Malwarebytes Labs