1. Critical Android Zero‑Day Actively Exploited — Patch Now

Google’s March 2026 Android security update fixes a critical vulnerability in Qualcomm chipsets (CVE‑2026‑21385) that is actively exploited in the wild. The flaw allows attackers to execute arbitrary code remotely, potentially gaining full control of devices without user interaction. Because many enterprise environments rely on Android devices for secure access to corporate services, this vulnerability presents a direct threat to both mobility frameworks and remote workforce security. Deploying timely patches is essential to prevent attackers from leveraging this flaw to harvest credentials or install persistent malware. (cybernewscentre.com)

Why it matters:Active exploitation increases the urgency for organisations to prioritise this fix; mobile endpoints are a common corporate access point and a frequent vector for lateral attacks.

Action:Apply security updates immediately across all corporate Android devices and enforce compliance via your MDM platform.

2. WordPress Membership Plugin Critical Vulnerability (Remote Admin Creation)

A critical vulnerability (CVE‑2026‑1492) in a widely used WordPress membership plugin allows attackers to create administrative accounts without authentication. This flaw affects thousands of WordPress sites, including portals used by universities, professional services, and public services. If exploited, an attacker gains persistent administrative control, making it trivial to deploy malware, alter content, or use the site as a launchpad for further attacks on connected networks. (cyberpress.org)

Why it matters:Unauthenticated administrative access could lead to full site compromise, data theft, and use of the affected website as a staging area for phishing or malware distribution.

Action:Apply the vendor patch immediately and audit administrator accounts for unexpected additions.

3. 3.4M Patient Records Exposed in Healthcare Breach

TriZetto Provider Solutions has confirmed a data breach exposing 3,433,965 patient records, including identifying and health information. Healthcare organisations are frequent targets due to the sensitivity and value of the protected data they hold. Exposure of such data increases the risk of identity theft, insurance fraud, and secondary phishing or extortion schemes. Regulatory requirements in jurisdictions like the EU (GDPR) and South Africa (POPIA) further increase the urgency to address such breaches swiftly. (cybersecuritynews.com)

Why it matters:Healthcare data breaches have broad implications for patient privacy, organisational compliance, and cyber insurance, placing an operational and legal burden on affected organisations.

Action:Notify regulators and affected individuals, enforce multi‑factor authentication, and review access controls to sensitive healthcare systems.

4. LexisNexis Data Compromise — 2GB of Data Claimed Stolen

A threat actor has claimed responsibility for stealing more than 2 GB of data from LexisNexis, a widely used legal and business research provider. Exposure of research data, legal briefs, and business intelligence can have serious implications for law firms, corporate legal departments, and defence contractors. In some cases, such leaked data may include information used for litigation, compliance, or sensitive negotiations. (cybersecuritynews.com)

Why it matters:Compromise of legal research repositories can undermine confidentiality, erode client trust, and expose sensitive business information to competitors or threat actors.

Action:Conduct a thorough risk assessment, rotate credentials, and monitor dark web forums for evidence of leaked data.

5. Malicious Go Crypto Module Deploys Rekoobe Backdoor and Steals Credentials

Security researchers have uncovered a malicious Go (Golang) module masquerading as a trusted cryptography library in the Go ecosystem. The rogue package, designed to appear identical to the legitimate golang.org/x/crypto module, is engineered to silently capture entered passwords and deploy the Rekoobe Linux backdoor. This backdoor has been linked historically to sophisticated threat activity and can establish persistent remote access on compromised Linux systems.

(cyberpress.org)

Why it matters:This attack exploits trust in open‑source supply chains. Even hardened enterprise environments can be compromised at the build or developer stage if malicious dependencies are introduced. Credential theft + backdoor installation enables widespread compromise far beyond the initial target.

Action:Review and lock down software dependencies, implement dependency integrity checks (e.g., go.sum validation), and use code‑signing and trusted proxies for package retrieval.

Key Recommendations

• Urgent patching: Prioritise updates for impacted endpoints and CMS platforms immediately.

• Supply‑chain diligence: Enforce dependency integrity checks and restrict unverified packages.

• Monitoring & detection: Ensure EDR and IPS systems monitor for unusual backdoor activity.

• Incident readiness: Validate and rehearse incident response plans for large‑scale breaches.