CVE-2026-3910 is an out-of-bounds memory buffer vulnerability in Google's Chromium V8 JavaScript engine that allows a remote attacker to execute arbitrary code within the V8 sandbox via a crafted HTML page. The flaw affects all Chromium-based browsers including Google Chrome, Microsoft Edge, and Opera. CISA requires federal agencies to patch by March 27, 2026, and all organizations should deploy updates within 24 to 48 hours of vendor release.

The Iranian-linked hacktivist group Handala launched a global data-wiping attack on medical device maker Stryker using Microsoft Intune's remote wipe capabilities. The attack disrupted operations in 79 countries, wiping over 200,000 devices and impacting healthcare supply chains. Detection involves monitoring unusual Intune activity, and remediation includes revoking credentials and restoring from backups.

Microsoft’s March 2026 Patch Tuesday addresses 77 vulnerabilities including critical privilege escalations in SQL Server and remote code execution flaws in Microsoft Office. Notably, a severe RCE vulnerability discovered by an AI agent was patched without requiring user action. Enterprise administrators should prioritize these updates to mitigate high-risk attack vectors.

CVE-2025-68613 is a remote code execution vulnerability in n8n's workflow expression evaluation engine, caused by improper control of dynamically managed code resources. Attackers with workflow creation access — including unauthenticated users on exposed instances — can execute arbitrary commands with n8n process privileges, potentially compromising credentials and all connected systems. CISA has mandated federal agency remediation by March 25, 2026; all organizations should patch immediately, restrict workflow permissions, and block external access to n8n interfaces.

CVE-2021-22054 is an unauthenticated server-side request forgery vulnerability in Omnissa Workspace ONE UEM that allows network-adjacent attackers to forge requests through the UEM server and access sensitive internal resources without credentials. CISA has added this CVE to its Known Exploited Vulnerabilities catalog with a federal patch deadline of March 23, 2026. Organizations should apply Omnissa patches immediately, restrict network access to UEM management interfaces, and hunt for signs of prior exploitation in UEM and network logs.

CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager (EPM) that allows remote, unauthenticated attackers to access stored credential data including domain accounts, API keys, and service account passwords. Exploitation enables lateral movement and privilege escalation across all endpoints managed by the affected EPM instance. CISA has mandated federal agency remediation by March 23, 2026, and all organizations running Ivanti EPM should apply patches immediately and rotate affected credentials.

CVE-2025-26399 is an unauthenticated remote code execution vulnerability in the AjaxProxy component of SolarWinds Web Help Desk, caused by deserialization of untrusted data without validation. An attacker with network access to the application can execute arbitrary commands on the host server. CISA has added this CVE to the Known Exploited Vulnerabilities catalog, mandating federal agency remediation by March 12, 2026.

OpenClaw, an autonomous AI assistant, suffers from a critical vulnerability where its web administration interface is often exposed online, allowing attackers to steal credentials and control the system remotely. This flaw enables impersonation, data exfiltration, and supply chain attacks, emphasizing the need for strict access controls and prompt security patching.

CVE-2017-7921 is an improper authentication vulnerability in multiple Hikvision DVRs, NVRs, and IP cameras that allows unauthenticated attackers to escalate privileges and access sensitive data over the network without valid credentials. CISA has mandated federal agency remediation by March 26, 2026, confirming active exploitation in the wild. Organizations should apply Hikvision firmware patches immediately, isolate management interfaces behind VPN, and audit all Hikvision devices for default credentials.

CVE-2021-22681 affects Rockwell Automation's Studio 5000 Logix Designer, which stores a controller verification key without adequate protection. An attacker with network access can extract the key and use it to connect unauthorized applications directly to Logix PLCs, enabling ladder logic modification, configuration theft, or process disruption. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog with a federal patching deadline of March 26, 2026.

CVE-2026-21385 is a memory corruption vulnerability affecting multiple Qualcomm chipsets, triggered by improper alignment handling during memory allocation. Successful local exploitation can lead to privilege escalation or denial of service on Android smartphones, tablets, and IoT devices using Qualcomm silicon. CISA mandates federal agency remediation by 2026-03-24; enterprises should immediately inventory affected devices and apply OEM-issued patches.

The Kimwolf botnet exploited vulnerabilities in residential proxy services to infect internal network devices, causing widespread DDoS and harassment attacks. The operator, known as Dort, identified as Jacob Butler from Canada, leveraged multiple aliases and cybercrime tools to facilitate account takeovers and retaliatory attacks against researchers. Patching proxy systems and enforcing strict network controls are critical to mitigating this threat.