🇸🇦 Saudi Cyber Daily Digest

Synacor Zimbra Collaboration Suite (ZCS) — CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML. Required Action: Apply mi…

<strong>Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS</strong> Apple patched CVE-2026-20643, a WebKit vulnerability affecting iOS, iPadOS, and macOS that allows cross-origin policy bypass through the Navigation API. This flaw could enable a…

<strong>Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit</strong> A high-severity privilege escalation vulnerability (CVE-2026-3888, CVSS 7.8) affects default Ubuntu Desktop installations version 24.04 and later, allowing attackers to gain roo…

<strong>Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels</strong> Mesh CSMA provides security teams with contextual analysis to identify and break attack paths that chain together vulnerabilities, misconfigurations, and exposures leading to crit…

<strong>9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors</strong> Nine critical vulnerabilities discovered in low-cost IP KVM devices from four vendors allow unauthenticated attackers to gain root-level access and extensive control over compromised …

<strong>Claude Code Security and Magecart: Getting the Threat Model Right</strong> Analysis reveals limitations of static code analysis tools like Claude Code Security against sophisticated Magecart attacks that hide malicious payloads in EXIF data of dynamically loaded third-pa…

<strong>Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE</strong> Critical unpatched vulnerability CVE-2026-32746 discovered in GNU InetUtils telnet daemon allows unauthenticated remote attackers to execute arbitrary code with root privileges. Th…

<strong>Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access</strong> Amazon Threat Intelligence warns of active Interlock ransomware campaign exploiting CVE-2026-20131, a critical zero-day vulnerability (CVSS 10.0) in Cisco Secure Firewall Management …

<strong>OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs</strong> The U.S. Treasury's OFAC has sanctioned six individuals and two entities involved in a North Korean IT worker scheme that uses fake remote job positions to defraud U.S. businesse…

<strong>Less Lucrative Ransomware Market Makes Attackers Alter Methods</strong> Ransomware operators are abandoning Cobalt Strike and shifting to native Windows tools as ransom payment rates reach historic lows. This tactical evolution reflects declining profitability in the ran…

<strong>Clear Communication: The Missing Link in Cybersecurity Success</strong> Effective cybersecurity requires bridging the gap between technical expertise and clear communication across teams. Building trust and collaboration through improved communication practices enhances …

<strong>More Attackers Are Logging In, Not Breaking In</strong> Credential theft surged dramatically in late 2025 driven by industrialized infostealer malware operations and AI-powered social engineering attacks. Attackers increasingly use stolen credentials for initial access r…

<strong>SideWinder Espionage Campaign Expands Across Southeast Asia</strong> India-linked APT group SideWinder targets government, telecom, and critical infrastructure across Southeast Asia using spear-phishing and exploiting old vulnerabilities. The group maintains persistent a…

<strong>Researchers: Meta, TikTok Steal Personal &amp;amp; Financial Info When Users Click Ads</strong> Research reveals that Meta and TikTok use tracking pixels to collect sensitive user data including credit card information and geolocation even after users navigate to adverti…

<strong>&#039;Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft</strong> Three vulnerabilities dubbed 'Claudy Day' affecting Claude AI can be exploited through prompt injection combined with other flaws. A simple Google search can trigger a full attack chain threateni…

<strong>Inside a network of 20,000+ fake shops</strong> Security researchers uncovered a massive network of over 20,000 fake e-commerce websites designed to steal payment card details and personal information from unsuspecting shoppers. The fraudulent operation represents a sign…

<strong>Apple patches WebKit bug that could let sites access your data</strong> Apple released a silent security update fixing WebKit vulnerability CVE-2026-20643 that could allow malicious websites to access user data. The patch was deployed as a Background Security Improvement…

<strong>Researchers found font-rendering trick to hide malicious commands</strong> Security researchers discovered a font-rendering technique that can deceive AI assistants into overlooking malicious commands embedded in websites. This social engineering method poses risks to or…

<strong>CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization</strong> CISA issued guidance on hardening endpoint management systems following a March 11, 2026 cyberattack against Stryker Corporation that compromised their Microsoft environmen…

<strong>The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors</strong> Google Threat Intelligence Group discovered DarkSword, a new iOS full-chain exploit leveraging multiple zero-day vulnerabilities to fully compromise devices. Multiple threat acto…