Welcome to today's edition of ONSEC Cyber Daily, where the digital battlefield is as dynamic as ever. As tensions rise amid the Iran conflict, federal agencies and US cities brace for potential cyber retaliation. Jake Cho, a cybersecurity expert, warns of lurking vulnerabilities that could be exploited. Meanwhile, Google races against time, patching 129 Android vulnerabilities, including a critical zero-day flaw. The threat landscape expands with the discovery of the 'AirSnitch' Wi-Fi vulnerability and the exploitation of MSHTML by Russian APT28. As cyber threats loom large, staying informed is your best defense. Dive into today's stories to understand the evolving cyber threats and the global response.

Exploits Alert

1. Federal agencies, US cities on alert for potential retaliatory attacks amid Iran war: With rising tensions due to the Iran conflict, federal agencies and US cities are on high alert for potential cyber retaliations. Experts warn that vulnerabilities in software could be exploited, emphasizing the need for heightened vigilance. Source: ABC7 Chicago
2. Iran War Puts Companies, Infrastructure on Cyber Threat Alert: As geopolitical tensions escalate, companies and critical infrastructure are bracing for cyberattacks from Iran. The focus is on potential disruptions targeting the US, Israel, and Gulf Cooperation Council countries. Source: Bloomberg Law News
3. Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities: Google has released a security update addressing a critical zero-day vulnerability in Qualcomm chips, which was actively exploited. This update is part of a larger patch covering 129 vulnerabilities in Android devices. Source: CyberScoop
4. Wi-Fi Client Isolation vulnerability 'AirSnitch' exposes networks to new attacks: A newly discovered vulnerability, dubbed 'AirSnitch', affects Wi-Fi client isolation, potentially allowing attackers to perform cyberattacks like cookie stealing and DNS poisoning. This highlights the need for robust network security measures. Source: SC Media
5. CERT-In warns Indian users of serious security flaws in Trend Micro Apex One: The Indian Computer Emergency Response Team (CERT-In) has issued a warning about critical vulnerabilities in Trend Micro Apex One. These flaws could enable remote attacks, urging users to apply patches promptly. Source: India TV News

Vulnerabilities & Patches

1. Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited: Google has released a March 2026 Android update addressing 129 vulnerabilities, including the actively exploited Qualcomm flaw CVE-2026-21385. This high-severity zero-day vulnerability has been a focal point due to its potential impact on Android devices. The update also covers critical remote code execution vulnerabilities like CVE-2026-0006. Source: The Hacker News.
2. MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update: APT28, a Russian-linked group, exploited a zero-day vulnerability in the MSHTML framework, identified as CVE-2026-21513, before Microsoft's February 2026 Patch Tuesday. This high-severity flaw, with a CVSS score of 8.8, allowed attackers to bypass security controls and execute arbitrary code. Microsoft has since released updates to address this vulnerability. Source: Security Affairs.
3. Langflow CSV Agent Flaw Could Let Attackers Execute Arbitrary Code: A critical vulnerability in Langflow, a tool for building applications with large language models, has been discovered. This flaw could allow attackers to execute arbitrary code, posing significant risks to applications built using this tool. Users are advised to apply patches promptly to mitigate potential exploitation. Source: GBHackers.
4. Proof-of-Concept Released for Windows ALPC Privilege Escalation via Error Reporting: A critical local privilege escalation vulnerability, CVE-2026-20817, has been publicly documented, affecting Windows' ALPC. This flaw allows attackers to escalate privileges through error reporting, potentially compromising system security. A proof-of-concept has been released, highlighting the urgency for users to apply available patches. Source: GBHackers.
5. OneUptime Command Injection Vulnerability Poses Major Risk of Full System Takeover: A critical command injection vulnerability, CVE-2026-27728, has been identified in OneUptime, risking complete system compromise for organizations using versions before 10.0.7. This flaw allows attackers to execute arbitrary commands, leading to potential full server takeover. Users are urged to update to the latest version to secure their systems. Source: GBHackers.

Podcasts

1. Dr. Lisa McKee on Security in New ISACA Podcast: This podcast sets the tone for future discussions by breaking down complex cybersecurity issues and spotlighting the human side of privacy. Dr. Lisa McKee brings real-world insights into security and privacy, making it accessible for both professionals and enthusiasts. Source.
2. Operation Winter SHIELD: FBI Philadelphia on Protecting the Transportation and Logistics Sector: This podcast focuses on the cybersecurity measures necessary to protect the transportation and logistics sector. It highlights the importance of safeguarding the systems that communities rely on, featuring insights from FBI experts. Source.
3. Claude Code Security: The AI Shockwave Hitting Cybersecurity: This episode explores the impact of AI on cybersecurity, discussing how new technologies are reshaping the landscape. It provides a deep dive into the challenges and opportunities AI presents for security professionals. Source.
4. Ahead of the Threat Podcast: Season Two, Episode Zero: Brett Leatherman leads a discussion on emerging threats and the proactive measures needed to counter them. This podcast is a must-listen for those interested in staying ahead of cybersecurity challenges. Source.
5. Gottumukkala Ousted, Wyden Blocks Rudd, Hackers Weaponize Claude: The CISO Series Podcast delves into recent cybersecurity news, including high-profile oustings and the weaponization of AI technologies. It offers a comprehensive overview of current events affecting the cybersecurity landscape. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is as dynamic as ever. From federal agencies and US cities on high alert for potential cyber retaliation amid the Iran conflict, to the relentless pursuit of vulnerabilities by cyber adversaries, the need for vigilance is paramount. Jake Cho's insights remind us that any software vulnerability can be a gateway for attacks, underscoring the importance of robust cybersecurity measures. In this interconnected world, sharing knowledge is our strongest defense. If you found today's insights valuable, please consider sharing this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to face the challenges of tomorrow. Stay safe, stay informed, and see you in the next edition!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn