top of page

Cybersecurity Weekly Update: 16-23 March 2026

  • Writer: SOC Team
    SOC Team
  • 2 days ago
  • 3 min read

1. Craft CMS Vulnerability Now Exploited in the Wild


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about an actively exploited Craft CMS code injection flaw (CVE‑2025‑35939), which allows unauthenticated attackers to inject PHP code and achieve remote execution.

Why it matters: Any organisation using Craft CMS can be targeted without authentication, making it critical to patch or limit access immediately.


Action: Update to the latest Craft CMS version and review public‑facing assets for unusual behaviour.


2. Massive Infostealer Distribution via Trivy Docker Images


Trivy hack spreads infostealer via malicious Docker images Security researchers found that malicious Docker images (0.69.4–0.69.6) were published to Docker Hub following the Trivy supply chain compromise, delivering credential‑stealing payloads and worm‑like behaviour across Kubernetes environments. (https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html)


Why it matters: Developer environments are increasingly part of the attack surface; cloud workloads and container pipelines should not be trusted by default.


Action: Restrict automated image pulls, enforce image signing, and scan registries.


3. AstraZeneca Targeted by LAPSUS$‑Associated Data Breach


AstraZeneca breach – LAPSUS$ claims access to internal data The notorious LAPSUS$ collective has resurfaced and claimed to have breached internal systems at AstraZeneca. The full scope remains under investigation. (https://cybersecuritynews.com/astrazeneca-data-breach/)


Why it matters: Healthcare and biotech firms remain attractive targets due to sensitive research and intellectual property.


Action: Heighten monitoring, isolate sensitive data environments, and re‑validate access controls.


4. AI‑Driven Ransomware Is Accelerating Attacks


Ransomware’s new era – moving at AI speed A new trend sees ransomware actors leveraging AI to bypass security detection and rapidly compromise systems using stolen credentials rather than traditional brute force or exploit techniques. (https://www.darkreading.com/endpoint-security/ransomware-new-era-moving-ai-speed)


Why it matters: AI speeds up attack sequencing and evasion — legacy defences fall behind modern adversary tools.


Action: Enhance AI‑aware detection, invest in behavioural analytics, and reduce credential exposure.


5. Major U.S. City Hit by Ongoing Ransomware Incident


Days‑long cyberattack paralyzes Bay Area city services Foster City in California has been contending with an extended ransomware incident that has taken down most municipal services. Officials plan to declare a state of emergency as investigations continue. (https://www.sfgate.com/bayarea/article/bay-area-city-cyberattack-22091765.php)


Why it matters: Even smaller municipalities with limited resources face severe consequences when cyber resilience is insufficient.


Action: Prioritise incident response playbooks, backups, and external recovery support.


6. Signal Targeted in a Broad Russian‑Linked Phishing Campaign


Signal targeted by Russian hackers, FBI says U.S. law enforcement agencies warned that Russian threat actors are deploying large‑scale phishing campaigns targeting messaging app users — notably Signal — to harvest credentials and potentially compromise communications. (https://www.techradar.com/pro/security/signal-is-being-targeted-by-russian-hackers-in-a-huge-new-phishing-campaign-fbi-says)


Why it matters: Messaging platforms are critical in both business and defence communications; phishing remains a top vector.


Action: Reinforce MFA, user‑education campaigns, and phishing simulations.


Key Recommendations


  • Enable Multi-Factor Authentication (MFA): Protect accounts and systems with an extra layer of security beyond passwords.

  • Keep Systems and Software Up to Date: Regularly apply patches and updates to reduce vulnerability exposure.

  • Segment Networks: Separate critical systems from general access to limit potential lateral movement.

  • Audit Access and Permissions: Review who has access to sensitive data and enforce least-privilege principles.

  • Monitor and Log Activity: Implement logging and alerting to detect unusual or suspicious behaviour early.

  • Educate Users: Train staff to recognize phishing, social engineering, and suspicious content.

  • Have a Response Plan: Maintain and regularly test an incident response plan for breaches or ransomware events.

 
 
bottom of page