Welcome to the ONSEC Cyber Daily for March 10th, where today's headlines weave a tale of vulnerabilities and urgent alerts. Google has sounded the alarm on a potential data breach targeting Apple iPhones, highlighting the "Coruna" vulnerabilities that could open the door to cyberattacks. Meanwhile, Armis has been recognized as a leader in CPS protection, underscoring the persistent challenges of vulnerability management and alert fatigue. As the Cybersecurity and Infrastructure Security Agency (CISA) issues warnings about actively exploited vulnerabilities in macOS and iOS, Hikvision products face critical flaws that could grant hackers full access. The global cybersecurity landscape is further shaken by advanced ransomware attacks targeting major companies, while India's cyber agency flags high-severity vulnerabilities in Google Chrome. As the digital world braces for these threats, the call to patch and protect has never been more urgent. Stay informed and secure with today's comprehensive coverage.

Exploits Alert

1. Google Warns About Data Breach on Apple iPhones: Google has issued a warning about a potential cyberattack targeting iPhone users through a set of vulnerabilities known as "Coruna." These vulnerabilities could lead to unauthorized data access, emphasizing the need for users to update their devices promptly. Source: Cybersecurity Insiders.
2. Critical Vulnerability Found in Multiple Hikvision Products: A critical vulnerability in Hikvision products has been identified, allowing hackers to gain full access to affected systems. This vulnerability is actively being exploited, prompting urgent action from users to secure their devices. Source: The420.in.
3. Global Cybersecurity Alert as New Ransomware Attacks Target Major Companies: A new wave of ransomware attacks is targeting major companies, characterized by advanced and organized tactics. These attacks are financially motivated, urging organizations to bolster their cybersecurity defenses. Source: Newspress.co.in.
4. India's Cyber Security Agency Issues Alert for Google Chrome Browser: CERT-In has issued a high-severity warning for Google Chrome users due to vulnerabilities that could allow remote code execution. Users are advised to update their browsers to mitigate potential threats. Source: Moneycontrol.
5. CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks: CISA has added three Apple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning that they are actively exploited and require immediate patching. Users are urged to update their devices to protect against potential attacks. Source: Cyber Security News.

Vulnerabilities & Patches

1. Help! SolarWinds Web Help Desk is being exploited in the wild again: SolarWinds Web Help Desk is facing exploitation due to a patch bypass of CVE-2024-28988, which itself was a bypass of a previous patch. This ongoing issue highlights the importance of continuous monitoring and patch management to prevent exploitation. Source
2. Patch now! Exploitation of Nginx UI vulnerability “imminent,” warns threat analyst: The Nginx UI vulnerability, CVE-2026-27944, allows attackers to download and decrypt server backups. With exploitation deemed imminent, administrators are urged to update to version 2.3.3 to secure their systems. Source
3. Hackers are selling a Windows exploit for $220,000 on the dark web: A Windows vulnerability, CVE-2026-21533, is being sold on the dark web for $220,000. This exploit, patched in February's update, underscores the critical need for timely patch application to prevent unauthorized access. Source
4. VMware patches high-severity command injection flaw in Aria Operations: VMware has addressed CVE-2026-22719, a command injection vulnerability in its Aria Operations platform. This flaw could allow attackers to execute arbitrary commands, emphasizing the necessity for immediate patching. Source
5. Vaultwarden Vulnerabilities Enable Privilege Escalation and Data Exposure: Two vulnerabilities, CVE-2026-27803 and CVE-2026-27802, in Vaultwarden could lead to privilege escalation and data exposure. Administrators are advised to apply the latest patches to mitigate these network-based threats. Source

Podcasts

1. Cybersecurity Trends 2026 - IBM: This podcast delves into the anticipated cybersecurity trends for 2026, offering insights for builders, defenders, business leaders, and anyone interested in staying secure. It provides a comprehensive overview of emerging threats and strategies to counter them, making it a must-listen for cybersecurity professionals. Source: IBM
2. Users flee ChatGPT, CommBank reports $1bn fraud, and Iran conflict: This episode explores the recent decline in ChatGPT users, a significant fraud incident involving CommBank, and the implications of the Iran conflict on cybersecurity. The discussion is led by ThreatLocker's Danny Jenkins, providing expert analysis on these pressing issues. Source: Cyber Daily
3. Cybercrime Magazine Podcast: This podcast features daily episodes highlighting stories from victims, law enforcement, vendors, and cybersecurity experts. It offers a diverse range of perspectives on cybercrime, making it an essential resource for those interested in understanding the multifaceted nature of cybersecurity threats. Source: Cybersecurity Ventures
4. Cyber Uncut: Hosted by Liam Garman and Daniel Croft, this podcast provides a weekly roundup of the latest in cybersecurity. The hosts unpack significant events and trends, offering listeners a concise yet informative overview of the week's cyber news. Source: Cyber Daily
5. Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict?: This podcast examines the potential of cybersecurity as a lucrative investment opportunity amidst geopolitical tensions, specifically the Iran conflict. It provides insights into how venture investors are navigating the cybersecurity landscape during these uncertain times. Source: Cybersecurity Ventures

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From Google's warning about the "Coruna" vulnerabilities targeting iPhone users to the persistent threats facing Hikvision products, the need for vigilance and proactive measures is more critical than ever. The cybersecurity realm is a constantly evolving battlefield, with new exploits and vulnerabilities emerging at every turn. In this interconnected world, sharing knowledge is our strongest defense. If you found today's insights valuable, don't keep them to yourself. Share this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to tackle the challenges of tomorrow. Stay safe, stay informed, and remember, in cybersecurity, we're all in this together. Until next time, keep your systems patched and your data secure!