Welcome to the ONSEC Cyber Daily for March 16th, where we unravel a tale of digital resilience and rapid response. Today, we dive into the world of vulnerabilities and patches, starting with a reassuring guide on how to quickly check if your Linux PC is affected by the latest exploits. Meanwhile, Microsoft has been quietly patching three critical RCE flaws in Windows 11, underscoring the importance of staying updated. As Google rushes emergency updates for Chrome amid active attacks, the urgency of patching becomes a central theme. Finally, we explore the strategic role of HR in AI deployment decisions, highlighting the human element in technological evolution. Stay informed and secure with today's insights.

Exploits Alert

1. FortiGate Exploit Allows Unauthorized Access: Attackers are exploiting vulnerabilities in FortiGate devices, allowing unauthorized access to sensitive network information. Fortinet has released patches to mitigate these risks, urging users to update their systems immediately to protect against potential breaches. Source: FortiGate Exploit Details
2. HPE AOS-CX Flaw Enables Admin Password Resets: A critical vulnerability in HPE's AOS-CX has been identified, which could allow attackers to reset admin passwords. This flaw poses a significant security risk, and HPE advises users to apply the necessary patches without delay. Source: HPE AOS-CX Vulnerability
3. Microsoft March Update Fixes 83 CVEs: Microsoft's March update addresses 83 CVEs, including a critical vulnerability (CVE-2026-26132) that could allow remote code execution or privilege escalation. Users are strongly encouraged to update their systems to safeguard against these threats. Source: Microsoft March Update
4. SQL Server Privilege Escalation Vulnerability: A vulnerability (CVE-2026-21262) in SQL Server allows for privilege escalation, highlighting the need for timely patching. Microsoft has released updates to address this issue, emphasizing the importance of maintaining up-to-date security measures. Source: SQL Server Vulnerability
5. Excel Information Disclosure Vulnerability: A vulnerability (CVE-2026-26144) in Excel could lead to unauthorized data access. Microsoft has issued patches to rectify this flaw, underscoring the necessity for immediate application to prevent data breaches. Source: Excel Vulnerability

Vulnerabilities & Patches

1. Microsoft Quietly Patches Three RCE Flaws in Windows 11: Microsoft has addressed three critical remote code execution vulnerabilities in Windows 11, identified as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. These vulnerabilities were initially overlooked during the regular Patch Tuesday updates, prompting an urgent out-of-band patch release. Users are advised to apply these patches immediately to protect their systems from potential exploitation. Source: Cyber Kendra
2. Google Rushes Emergency Chrome Updates Amid Active Attacks: Google has issued emergency updates for Chrome to address a critical vulnerability, CVE-2026-3909, in the Skia graphics library. This flaw allows remote code execution through malicious web pages. The initial patch was insufficient, necessitating a rapid response to safeguard users from ongoing attacks. Users should update their Chrome browsers immediately. Source: Evrim Ağacı
3. Windows 11 KB5084597 Out-of-Band Security Fix: Microsoft released an out-of-band security update, KB5084597, for managed Windows 11 devices. This update addresses the same vulnerabilities as the emergency hotpatch, focusing on CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111. The targeted release underscores the critical nature of these flaws and the need for immediate patching. Source: Notebook Check
4. Microsoft Releases Emergency Windows 11 Hotpatch: In response to critical vulnerabilities in Windows 11's RRAS, Microsoft has issued an emergency hotpatch. The vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could lead to remote code execution or denial-of-service attacks. Users are urged to apply this hotpatch to mitigate the risks. Source: gHacks
5. Microsoft Issues Urgent Hotpatch For Windows 11 RRAS Flaw: Microsoft has released an urgent hotpatch for a critical RRAS vulnerability in Windows 11, identified as CVE-2026-25173. This flaw poses significant security risks, including potential remote code execution. The patch is part of a broader effort to address multiple vulnerabilities that were not fully covered in the initial Patch Tuesday updates. Source: Evrim Ağacı

Podcasts

1. Cybersecurity Unplugged: This podcast delves into the latest trends and challenges in the cybersecurity landscape, featuring insights from industry experts and thought leaders. Each episode provides listeners with actionable advice on how to protect their digital assets and stay ahead of emerging threats. Source: Cybersecurity Unplugged
2. The CyberWire Daily Briefing: Offering a concise overview of the day's most pressing cybersecurity news, this podcast is perfect for professionals looking to stay informed without the fluff. It covers everything from data breaches to policy changes, ensuring listeners are always up-to-date. Source: The CyberWire Daily Briefing
3. Darknet Diaries: This podcast explores the darker side of the internet, sharing real-life stories of hackers, breaches, and cybercrime. Each episode is a thrilling narrative that sheds light on the complexities and dangers of the digital world. Source: Darknet Diaries
4. Smashing Security: Known for its light-hearted take on serious cybersecurity issues, this podcast combines humor with expert analysis. Hosts discuss the latest security news and trends, making it an engaging listen for both professionals and enthusiasts. Source: Smashing Security
5. CISO Series Podcast: Tailored for Chief Information Security Officers, this podcast provides insights into the challenges and responsibilities of the role. It features interviews with CISOs from various industries, offering a unique perspective on leadership in cybersecurity. Source: CISO Series Podcast

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, remember that staying informed is your first line of defense against cyber threats. Whether it's checking your Linux PC for vulnerabilities in under five minutes or keeping your Windows 11 system patched against the latest RCE flaws, knowledge is power. Don't let the headlines cause panic—take action with the resources and updates available to you. RHEL's security advisories and Microsoft's out-of-band patches are just a couple of examples of how vendors are working to keep your systems secure. And let's not forget Google's swift response to Chrome's Skia graphics library flaw. These updates are crucial in maintaining a robust security posture. If you found today's insights helpful, why not share this newsletter with your friends and colleagues? Together, we can build a community that's well-equipped to tackle the ever-evolving landscape of cybersecurity threats. Stay safe, stay informed, and we'll see you in the next issue!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)