CyberNews: 19/03/2026 Edition

Published by Dunateo on 2026-03-19

Today’s roundup

  • DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
  • Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency
  • ConnectWise patches new flaw allowing ScreenConnect hijacking
  • Max severity Ubiquiti UniFi flaw may allow account takeover
  • 'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
  • Russia establishes Vienna as key western spy hub targeting NATO
  • New ‘Perseus’ Android malware checks user notes for secrets
  • C2 Implant 'SnappyClient' Targets Crypto Wallets
  • OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
  • Aura confirms data breach exposing 900,000 marketing contacts

    • Summary

    An advanced iOS exploit kit named DarkSword has been identified, utilizing six flaws, including three zero-days, to achieve full device takeover on Apple iPhones. This sophisticated toolkit has been active since at least November 2025 and is reportedly wielded by multiple threat actors, including commercial surveillance vendors and suspected state-sponsored groups.

    Russian state-backed hacker group APT28 exploited a vulnerability in Zimbra webmail software to breach a Ukrainian government maritime agency. The attack highlights ongoing nation-state cyber warfare targeting critical infrastructure.

    ConnectWise has issued a patch for a new cryptographic signature verification vulnerability in its ScreenConnect remote management software. The flaw could lead to unauthorized access and privilege escalation for affected customers.

    Ubiquiti has addressed a maximum-severity flaw within its UniFi Network Application that could enable attackers to take over user accounts. The company urges users to apply the available patches immediately.

    A new set of vulnerabilities, dubbed 'Claudy Day', has been discovered, impacting users of Anthropic's Claude AI agent. These flaws, including a prompt injection vulnerability, could be chained with other issues to facilitate data theft and potentially extend attacks into enterprise networks.

    Western intelligence reports confirm Vienna has become Russia's largest Western spy hub. Utilizing diplomatic compounds and rooftop satellite clusters, Russia is actively expanding its signals intelligence operations to monitor sensitive communications across NATO, the Middle East, and Africa.

    A new Android malware, dubbed Perseus, is actively scanning user-curated notes on infected devices to steal sensitive information such as passwords, cryptocurrency recovery phrases, and financial data.

    A new C2 implant named 'SnappyClient' has been observed targeting cryptocurrency wallets. The malware supports a wide range of capabilities, including remote access, data theft, and spying functionalities.

    The U.S. Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities involved in a North Korean IT worker scheme. This network defrauds U.S. businesses and generates illicit revenue to fund the DPRK's weapons of mass destruction programs.

    Identity protection company Aura confirmed a data breach affecting nearly 900,000 customer records. The compromised information includes names and email addresses, exposed after an unauthorized party gained access.

    Want to dig deeper?

    Cyber Groups

    APT28 IRON TWILIGHT, SNAKEMACKEREL, Swallowtail, Group 74, Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Threat Group-4127, TG-4127, Forest Blizzard, FROZENLAKE, GruesomeLarch