EPISODE · Mar 26, 2026 · 4 MIN
Mar 26, 2026 · #7
from Security Brief Daily · host Security Brief Daily
Episode 7 — 26 Mar 2026 1. TP-Link warns users to patch critical router auth bypass flaw Source: Bleeping Computer TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517 , this security flaw affects Archer NX200, NX210, NX500, and... 2. Coruna iOS exploit framework linked to Triangulation attacks Source: Bleeping Computer The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. The software has been expanded to target modern hardware, specifically including Apple's A17 and M3... 3. Citrix urges admins to patch NetScaler flaws as soon as possible Source: Bleeping Computer Citrix has patched two vulnerabilities affecting NetScaler ADC networking appliances and NetScaler Gateway secure remote access solutions, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. The critical... 4. Bubble AI app builder abused to steal Microsoft account credentials Source: Bleeping Computer Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. Because the web app is hosted on a legitimate platform, email security solutions do not flag the... 5. BIND Updates Patch High-Severity Vulnerabilities Source: Security Week Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities 6. Cisco Patches Multiple Vulnerabilities in IOS Software Source: Security Week The high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software 7. WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites Source: The Hacker News Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data... 8. Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website Source: The Hacker News Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if...
What this episode covers
Episode 7 — 26 Mar 2026 1. TP-Link warns users to patch critical router auth bypass flaw Source: Bleeping Computer TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517 , this security flaw affects Archer NX200, NX210, NX500, and... 2. Coruna iOS exploit framework linked to Triangulation attacks Source: Bleeping Computer The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. The software has been expanded to target modern hardware, specifically including Apple's A17 and M3... 3. Citrix urges admins to patch NetScaler flaws as soon as possible Source: Bleeping Computer Citrix has patched two vulnerabilities affecting NetScaler ADC networking appliances and NetScaler Gateway secure remote access solutions, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. The critical... 4. Bubble AI app builder abused to steal Microsoft account credentials Source: Bleeping Computer Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. Because the web app is hosted on a legitimate platform, email security solutions do not flag the... 5. BIND Updates Patch High-Severity Vulnerabilities Source: Security Week Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities 6. Cisco Patches Multiple Vulnerabilities in IOS Software Source: Security Week The high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software 7. WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites Source: The Hacker News Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data... 8. Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website Source: The Hacker News Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if...
NOW PLAYING
Mar 26, 2026 · #7
No transcript for this episode yet