Cisco has patched multiple critical and high-severity vulnerabilities affecting enterprise networking and security products, covering authentication bypass, remote code execution, information disclosure, and privilege escalation. These flaws expose widely deployed Cisco infrastructure to unauthenticated remote exploitation and full device compromise. Administrators should apply patches immediately and restrict management plane access to trusted networks.

REF1695 is a financially motivated campaign tracked by Elastic Security Labs that has deployed RATs and cryptocurrency miners via fake software installers since November 2023. The operation monetizes infections through both passive cryptomining and CPA fraud, redirecting victims to content locker pages disguised as software registration flows. Windows endpoints are the confirmed target, and Elastic has released EQL detection rules to support identification and response.

The submitted source material is a truncated excerpt from a vendor report on open source consumption trends and does not contain a CVE ID, affected product, vulnerability class, CVSS data, or remediation guidance. A factual vulnerability advisory cannot be produced without these elements. Resubmit with a complete vulnerability disclosure containing a CVE assignment, affected product versions, and patch details.

Google Threat Intelligence identified Coruna, a sophisticated iOS exploit kit leveraging 23 vulnerabilities across five complete exploit chains to silently install malware via drive-by web delivery. Former L3Harris Trenchant employees confirmed the toolkit originated within the US defense contractor's offensive cyber division before being sold to Russian intelligence, which has deployed it against targets in Ukraine. Organizations should enforce iOS Lockdown Mode on high-risk devices, deploy mobile threat defense tooling, and immediately ingest Google's published IOCs.

CVE-2026-3502 is a CWE-494 vulnerability in TrueConf Client where the update mechanism downloads and executes code without verifying integrity or authenticity. An attacker who can intercept or redirect update traffic via MITM, DNS hijacking, or a compromised update server can inject a malicious payload and achieve arbitrary code execution on affected endpoints. CISA has added this vulnerability to the KEV catalog with a federal agency patch deadline of April 16, 2026.

A zero-day vulnerability in TrueConf Server is under active exploitation, allowing attackers to execute arbitrary files on the server and propagate malicious payloads to all connected client endpoints. The flaw is remotely exploitable and does not require valid server credentials, placing all unpatched TrueConf Server deployments at critical risk. Organizations should patch immediately, isolate the server from untrusted networks, and conduct forensic triage on all endpoints with active sessions.

A recent study reveals Latin America's potential as a cybersecurity talent source due to its youthful, technically skilled workforce. Organizations must address regional infrastructure, language, and compliance challenges to effectively recruit and onboard talent from this region.

NoVoice is a newly discovered Android malware exploiting known privilege escalation vulnerabilities to gain root access. Distributed through over 50 malicious apps on Google Play with 2.3 million downloads, it collects user data and communicates with encrypted C2 servers. Detection requires monitoring root-level activity and network anomalies, while removal demands a factory reset and patching affected devices.

The White House's 2026 Cyber Strategy for America contains language suggesting the administration may authorize private companies to conduct offensive operations against adversary networks. No implementing guidance or statutory change has followed, meaning the Computer Fraud and Abuse Act remains the operative legal constraint. Security teams should not treat the strategy document as legal authorization and should review their active defense practices against current law.

A new cybercrime service automates persistent social engineering attacks aimed at stealing sensitive information. Targeting primarily Windows and mobile platforms, the service uses phishing techniques combined with encrypted exfiltration and adaptive persistence. Detection relies on monitoring phishing indicators and network anomalies, while removal requires credential resets and endpoint remediation.

CVE-2023-46805 (CVSS 8.2) and CVE-2024-21887 (CVSS 9.1) in Ivanti Connect Secure are being chained to achieve unauthenticated remote code execution on internet-exposed VPN gateways. China-nexus threat group UNC5221 exploited the pair as a zero-day beginning December 2023, deploying custom implants and harvesting credentials from compromised appliances. Organizations must apply Ivanti's patches, perform factory resets on suspected devices, and rotate all credentials that transited affected gateways.

TeamPCP, a threat actor group weaponizing security scanning tooling in supply chain attacks, has expanded its campaign through April 1, 2026, with confirmed victims including Databricks and AstraZeneca across dual ransomware and data exfiltration operations. This fifth intelligence update extends coverage from Update 004 and consolidates two days of new developments. Affected organizations should audit CI/CD and scanner tooling, hunt for lateral movement from build infrastructure, and verify backup isolation immediately.