Originally reported by The Hacker News, Qualys, SANS ISC, MSRC Security Updates
TL;DR
Arctic Wolf reports active exploitation of CVE-2025-32975 (CVSS 10.0) in Quest KACE systems, while Microsoft warns of tax season phishing campaigns affecting 29,000 users and deploying RMM malware. A supply chain attack on Trivy has spread infostealer malware through compromised Docker images.
Active exploitation of a CVSS 10.0 vulnerability in Quest KACE systems, combined with ongoing supply chain attacks affecting Docker Hub and large-scale phishing campaigns, represents multiple critical threat vectors requiring immediate attention.
Arctic Wolf has observed active exploitation of CVE-2025-32975, a maximum-severity vulnerability affecting Quest KACE Systems Management Appliance (SMA). The security firm detected malicious activity starting the week of March 9, 2026, targeting unpatched SMA systems exposed to the internet.
The CVSS 10.0 rating indicates a vulnerability that allows unauthenticated remote code execution with minimal complexity. Organizations running Quest KACE SMA should immediately verify patch status and isolate internet-facing instances where possible.
Microsoft has identified fresh phishing campaigns exploiting the U.S. tax season to harvest credentials and deliver malware. The attacks leverage the time-sensitive nature of tax communications, masquerading as IRS refund notices, payroll forms, filing reminders, and requests from tax professionals.
The campaigns have successfully compromised approximately 29,000 users, with threat actors deploying remote monitoring and management (RMM) tools as persistent access mechanisms. The use of legitimate RMM software allows attackers to maintain long-term access while evading traditional detection methods.
Cybersecurity researchers have uncovered malicious Docker images distributed through Docker Hub following a supply chain compromise of Trivy, the popular vulnerability scanner. The attack affects versions 0.69.4, 0.69.5, and 0.69.6, which have since been removed from the container registry.
The compromised images contained infostealer malware designed to spread through containerized environments, with additional worm capabilities and Kubernetes wiping functionality. The last known clean release remains version 0.69.3. Organizations using Trivy should immediately audit their container deployments and revert to the verified clean version.
Qualys has announced improved integration between its QScanner and Harbor container registry, focusing on continuous assessment capabilities. The enhancement addresses a common DevSecOps challenge where build-time and runtime security decisions rely on different tools and scoring systems.
The integration enables scan-on-push functionality and maintains consistent risk assessment across the container lifecycle, helping development and security teams operate with shared threat intelligence and prioritization logic.
Microsoft has acknowledged CVE-2026-4464, an integer overflow vulnerability in Chromium's ANGLE component. The issue affects Microsoft Edge through its Chromium base and has been addressed in the latest Chrome release.
The vulnerability originated in ANGLE, Chromium's graphics abstraction layer, and could potentially allow memory corruption attacks. Users should ensure their browsers are updated to the latest versions.
The SANS Internet Storm Center has published its regular Monday briefing covering current threat landscape developments and security advisories. The briefing provides additional context on emerging threats and defensive recommendations for security practitioners.
Originally reported by The Hacker News, Qualys, SANS ISC, MSRC Security Updates