CyberNews: 18/03/2026 Edition

Today’s roundup

Summary

Cybersecurity researchers have uncovered a critical unpatched flaw, CVE-2026-32746 (CVSS 9.8), in the GNU InetUtils telnet daemon (telnetd). This out-of-bounds write vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privileges, posing a severe risk to affected systems.

Nine critical vulnerabilities were found in low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices from vendors including GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. These flaws could grant unauthenticated remote attackers extensive control, including root access, over compromised hosts.

Four distinct vulnerabilities (CVE-2025-71257 to CVE-2025-71260) were discovered and chained in BMC FootPrints versions 20.20.02 to 20.24.01.001. This chain enables pre-authenticated remote code execution (RCE) via an authentication bypass, server-side request forgery (SSRF), and deserialization of untrusted data, affecting critical IT Service Management solutions.

A high-severity local privilege escalation (LPE) flaw, CVE-2026-3888 (CVSS 7.8), impacts default installations of Ubuntu Desktop 24.04 and later. Qualys researchers found that an unprivileged local attacker can exploit a systemd cleanup timing issue, specifically involving snap-confine and systemd-tmpfiles, to gain full root access within a 10-30 day window. Patches are available in snapd versions 2.73+.

Researchers revealed a new method for data exfiltration from AI code execution environments using DNS queries, demonstrating flaws in Amazon Bedrock AgentCore Code Interpreter, LangSmith, and SGLang. These vulnerabilities could allow attackers to enable interactive shells and achieve remote code execution (RCE) by exploiting outbound DNS query permissions within sandbox modes.

The European Union Council imposed sanctions on three entities and two individuals from China and Iran for cyberattacks against EU member states and partners' critical infrastructure. Sanctioned entities include China's Integrity Technology Group (linked to Flax Typhoon APT), Anxun Information Technology (i-Soon), and Iran's Emennet Pasargad, which engaged in data breaches and disinformation campaigns.

The RondoDox botnet has significantly expanded its activities, now targeting 174 vulnerabilities with up to 15,000 daily exploitation attempts. Researchers noted a shift towards focusing on fewer, more critical vulnerabilities, with rapid adoption of newly disclosed flaws like CVE-2025-55182 (React2Shell), indicating active monitoring of vulnerability research.

Crypto e-commerce platform Bitrefill reported a data breach attributed to North Korea's Lazarus group, resulting in the theft of approximately 18,500 purchase records. Compromised information includes customer email addresses, cryptocurrency payment addresses, and metadata such as IP addresses.

The Medusa ransomware operation has claimed responsibility for cyberattacks impacting a major Mississippi hospital, disrupting its systems for nine days, and also targeting a New Jersey county government. These incidents highlight the ongoing threat posed by ransomware to critical public and healthcare services.

Apple released its first Background Security Improvements update to address CVE-2026-20643, a WebKit vulnerability affecting iOS, iPadOS, and macOS. The flaw is a cross-origin issue in WebKit's Navigation API that could allow bypassing the same-origin policy when processing maliciously crafted web content.

Want to dig deeper?

Vulnerabilities

Cyber Groups

Malware Families

IP Address Details