Originally reported by The Hacker News, Microsoft Security, Qualys, SANS ISC, MSRC Security Updates
TL;DR
Security researchers disclosed breakthrough GPU RowHammer attacks enabling full CPU privilege escalation, while threat actors actively exploit a CVSS 10.0 RCE in Flowise AI platforms and China-linked groups deploy Medusa ransomware via zero-day vulnerabilities. Additional campaigns target Microsoft 365 environments across multiple sectors.
Multiple critical vulnerabilities under active exploitation, including a CVSS 10.0 RCE in Flowise with 12,000+ exposed instances and China-linked Storm-1175 using zero-days to deploy ransomware at high velocity.
VulnCheck researchers report active exploitation of CVE-2025-59528, a code injection vulnerability in Flowise AI agent builder platform scoring CVSS 10.0. The flaw enables remote code execution through the CustomMCP node, which allows arbitrary configuration input for connecting to external systems.
Over 12,000 Flowise instances remain exposed across the internet, presenting a significant attack surface. The vulnerability stems from insufficient input validation in configuration settings, allowing attackers to inject malicious code that executes with platform privileges.
Microsoft tracks Storm-1175, a China-based threat actor, exploiting both zero-day and N-day vulnerabilities to deploy Medusa ransomware in "high-velocity" attacks against internet-facing systems. The group demonstrates exceptional operational tempo in identifying and exploiting exposed perimeter assets.
The campaign represents a shift toward rapid weaponization of fresh vulnerabilities, with threat actors maintaining persistence through multiple attack vectors simultaneously. Organizations face compressed response windows as exploit development accelerates.
Academic researchers unveiled GPUBreach, GDDRHammer, and GeForge attacks targeting high-performance GPU memory systems. The research demonstrates the first successful RowHammer attacks against GDDR6 memory that achieve full CPU privilege escalation.
GPUBreach advances beyond previous GPUHammer techniques by exploiting bit-flips in GPU memory to compromise host system security boundaries. The attack leverages shared memory architectures between GPU and CPU systems to escalate from GPU-limited access to full system control.
These findings expand the RowHammer attack surface beyond traditional DDR memory to high-bandwidth GPU memory systems, potentially affecting machine learning workloads and high-performance computing environments.
Check Point identified an Iran-nexus threat actor conducting password-spraying campaigns against Microsoft 365 environments in Israel and UAE. The ongoing campaign executed in three waves on March 3, 13, and 23, 2026, amid regional conflicts.
The attacks primarily target cloud-based email and collaboration platforms, leveraging credential stuffing techniques against weakly protected accounts. The campaign demonstrates sustained focus on regional targets with geopolitical motivations.
Fortinet FortiGuard Labs tracked DPRK-linked threat actors using GitHub repositories as command-and-control infrastructure in attacks against South Korean organizations. The multi-stage campaign begins with obfuscated Windows shortcut files delivering decoy PDF documents.
The technique exploits legitimate platforms to bypass network security controls, demonstrating continued innovation in living-off-the-land tactics by state-sponsored groups.
Microsoft Security documented a new device code phishing campaign incorporating AI-driven automation for real-time authentication code generation. The approach moves beyond traditional phishing by creating live authentication codes on demand, significantly improving success rates.
The campaign demonstrates how threat actors integrate AI capabilities to scale social engineering operations and maintain persistent access to compromised accounts through automated techniques.
Qualys research advocates for Risk Operations Centers (ROC) to complement traditional Security Operations Centers. The framework addresses enterprise security's historical optimization for incident response over risk prevention.
SOCs continue struggling with multi-OS attack campaigns that traverse Windows endpoints, macOS executive devices, Linux infrastructure, and mobile platforms. Current security workflows remain fragmented by platform, creating visibility gaps that attackers exploit.
Microsoft published updates for several CVEs including:
CVE-2026-35386 and CVE-2026-34743 addressing XZ Utils buffer overflow in lzma_index_append()CVE-2026-27447 fixing OpenPrinting CUPS authorization bypass via case-insensitive group lookupsCVE-2026-31410 and CVE-2026-31407 patching Linux kernel vulnerabilities in ksmbd and netfilter conntrackCVE-2026-34591 resolving Poetry wheel path traversal leading to arbitrary file writeCVE-2026-23444 addressing mac80211 WiFi stack memory management issuesOriginally reported by The Hacker News, Microsoft Security, Qualys, SANS ISC, MSRC Security Updates