Mar 21, 2026 · #2 episode artwork

EPISODE · Mar 21, 2026 · 5 MIN

Mar 21, 2026 · #2

from Security Brief Daily · host Security Brief Daily

Episode 2 — 21 Mar 2026 1. Oracle pushes emergency fix for critical Identity Manager RCE flaw Source: Bleeping Computer Update: Added that Oracle declined to comment on whether the vulnerability has been exploited. Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as... 2. CISA orders feds to patch max-severity Cisco flaw by Sunday Source: Bleeping Computer The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. Cisco published a security bulletin about the flaw on... 3. Police take down 373,000 fake CSAM sites in Operation Alice Source: Bleeping Computer An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. The investigation, led by Germany and supported by Europol, began in mid-2021 and focused on a platform called “Alice with Violence CP,”... 4. CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The... 5. FBI links Signal phishing attacks to Russian intelligence services Source: Bleeping Computer The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. The FBI's... 6. Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages Source: The Hacker News The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.... 7. Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover Source: The Hacker News Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the... 8. US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites Source: Security Week The US has seized several domains used by Handala in cyber-enabled psychological operations. The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites

Episode 2 — 21 Mar 2026 1. Oracle pushes emergency fix for critical Identity Manager RCE flaw Source: Bleeping Computer Update: Added that Oracle declined to comment on whether the vulnerability has been exploited. Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as... 2. CISA orders feds to patch max-severity Cisco flaw by Sunday Source: Bleeping Computer The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. Cisco published a security bulletin about the flaw on... 3. Police take down 373,000 fake CSAM sites in Operation Alice Source: Bleeping Computer An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. The investigation, led by Germany and supported by Europol, began in mid-2021 and focused on a platform called “Alice with Violence CP,”... 4. CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The... 5. FBI links Signal phishing attacks to Russian intelligence services Source: Bleeping Computer The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. The FBI's... 6. Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages Source: The Hacker News The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.... 7. Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover Source: The Hacker News Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the... 8. US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites Source: Security Week The US has seized several domains used by Handala in cyber-enabled psychological operations. The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites

NOW PLAYING

Mar 21, 2026 · #2

0:00 5:09

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Security Brief Daily?

This episode is 5 minutes long.

When was this Security Brief Daily episode published?

This episode was published on March 21, 2026.

What is this episode about?

Episode 2 — 21 Mar 2026 1. Oracle pushes emergency fix for critical Identity Manager RCE flaw Source: Bleeping Computer Update: Added that Oracle declined to comment on whether the vulnerability has been exploited. Oracle has released an...

Can I download this Security Brief Daily episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!