Microsoft patched a dangerous vulnerability on March 10, 2026, that affects Office across Windows, Mac, and Android devices. The flaw, CVE-2026-26110, scores 8.4 out of 10 for severity and lets attackers execute malicious code without any user clicks or elevated permissions.

The scariest part? Simply viewing a malicious file in Windows Preview Pane triggers the attack. Users don't need to open anything – just highlighting the file is enough for hackers to gain system control.

Fortunately, no active attacks have been detected yet, and Microsoft calls future exploitation "less likely." Still, the vulnerability affects millions of Office installations from 2016 through 2024 versions, plus Office 365 and mobile apps. IT teams should patch immediately or disable Preview Pane as a temporary fix.

Source: Cybersecurity News

Michigan-based medical equipment company Stryker confirmed Wednesday it's dealing with a cyberattack causing "global network disruption." The Kalamazoo-area company, which makes artificial joints and hospital beds, says there's no sign of ransomware or malware and believes the incident is contained.

The Wall Street Journal reports that Handala, a group linked to Iran, left their logo on Stryker's login pages. With $25 billion in annual revenue and 56,000 employees worldwide, Stryker says it has business continuity measures in place to keep supporting customers while teams work to assess the attack's full impact.

Source: CBS News Detroit

Salesforce issued a security alert Saturday warning of ongoing attacks targeting customers' Experience Cloud sites. The threat group ShinyHunters claims to have breached about 100 companies by exploiting misconfigured guest user settings that allow unauthorized access to customer data.

Attackers are using a modified version of Mandiant's AuraInspector tool to scan public-facing sites and steal data from instances with overly permissive guest profiles. These settings are meant to give unauthenticated users access to public information, but excessive permissions let attackers view additional data without logging in.

This marks the third widespread attack spree against Salesforce customers since August, following incidents involving Gainsight and Salesloft Drift integrations.

Source: CyberScoop

Microsoft has issued an emergency security update for a newly discovered .NET Framework vulnerability (CVE-2026-26127) that allows remote attackers to crash applications without authentication. The flaw, scored 7.5 on the CVSS scale, affects .NET 9.0 and 10.0 across Windows, macOS, and Linux systems.

The vulnerability stems from an out-of-bounds read error that can be triggered by specially crafted network requests, causing applications to crash and denying service to users. While Microsoft rates exploitation as "unlikely," an anonymous researcher has publicly disclosed the technical details, raising concerns about potential attacks.

Administrators must immediately update .NET 9.0 to version 9.0.14 and .NET 10.0 to version 10.0.4. Organizations using Microsoft.Bcl.Memory packages should also apply the corresponding patches to prevent service disruptions.

Source: Cyber Security News

Signal has issued a scam warning after Dutch intelligence revealed a Russia-backed campaign targeting high-profile users including government officials, military staff, and journalists. The hackers posed as Signal support staff to steal account details and hijack devices through sophisticated phishing attacks.

Dutch agencies MIVD and AIVD identified this "large-scale global cyber campaign" targeting people of interest to Russia. The attackers tried to trick users into sharing SMS codes and Signal PINs to gain account access.

Signal emphasized its systems remain secure but stressed that "user vigilance" is crucial. Experts warn that convenient features like QR code logins have become primary attack vectors for criminals targeting encrypted messaging apps.

Source: BBC

Ericsson's US subsidiary disclosed a data breach affecting roughly 15,000 people after unauthorized access occurred at a third-party service provider between April 17-22, 2025. The breach wasn't discovered until April 2025, with the investigation only wrapping up in February 2026.

The telecommunications giant shares both employee and customer data with third-party providers but hasn't specified which group was impacted. While Ericsson claims there's "no evidence of misuse," security experts note this is standard language companies use even when stolen data surfaces publicly. The delayed discovery and lengthy investigation timeline raise questions about monitoring practices at third-party vendors handling sensitive information.

Source: Security Week

Cybercriminals are targeting developers with fake Claude Code installation sites that spread through Google-sponsored search results. Push Security researchers discovered the "InstallFix" campaign, where attackers create near-perfect clones of Anthropic's legitimate installation pages.

When users copy installation commands from these fake sites, they unknowingly deploy Amatera Stealer malware that can steal credentials and access enterprise development environments. The attack exploits developers' common practice of copy-pasting terminal commands directly from websites.

The malicious ads appear above legitimate search results for terms like "Claude Code install," making them easy to mistake for official pages. Attackers use trusted hosting services like Cloudflare Pages to make their fake domains appear legitimate.

Source: Dark Reading

Over 3.4 million patients had their personal and health insurance information compromised in a cyberattack on TriZetto Provider Solutions, a healthcare IT firm owned by Cognizant Technology Solutions. The company discovered suspicious activity in its web portal on October 2, 2025.

While no financial data was stolen, hackers accessed names, addresses, Social Security numbers, dates of birth, health insurance member numbers, and other medical information. TPS provides billing and claims management software to hospitals, physician practices, and insurers.

The company has implemented additional security measures and is offering credit monitoring to affected patients. Parent company Cognizant has faced previous major breaches, including a 2020 ransomware attack costing $50-70 million.

Source: Infosecurity Magazine

A cybercriminal named Kamirmassabi is selling a zero-day exploit for Windows Remote Desktop Services vulnerability CVE-2026-21533 for $220,000 on a dark web forum. The exploit targets improper privilege management, allowing attackers to gain full administrative control from standard user accounts.

The vulnerability affects Windows 10, Windows 11, and Windows Server editions from 2012 to 2025. With a CVSSv3 score of 7.8, it's classified as high severity and added to CISA's Known Exploited Vulnerabilities catalog.

The steep price suggests the exploit is highly reliable and works across multiple Windows systems. Organizations must immediately apply Microsoft's security patches and consider disabling Remote Desktop Services if not essential.

Source: Cybersecurity News

Security researcher Arkmarta discovered a critical zero-click vulnerability (CVE-2026-29058) in AVideo, a popular open-source video streaming platform. The flaw affects version 6.0 and allows attackers to execute arbitrary commands without authentication through the objects/getImage.php component.

The vulnerability occurs when AVideo processes base64Url parameters in network requests. While the platform attempts basic URL validation, it fails to neutralize dangerous shell characters before executing ffmpeg commands. This oversight lets attackers inject malicious code, steal credentials, and hijack live streams.

Administrators should immediately upgrade to version 7.0, which fixes the issue with proper shell argument escaping. Those unable to upgrade can restrict access to the vulnerable endpoint or deploy WAF rules blocking suspicious Base64 patterns.

Source: Cybersecurity News