DJBSEC's CyberNews 2026-03-20

Insider Attack Targets Washington Tech Company

A Washington-based technology company was impacted by an insider attack carried out by a former employee identified as Cameron Curry. The individual allegedly abused internal access to disrupt systems and potentially compromise sensitive data. Insider threats remain particularly dangerous because attackers already have legitimate access and knowledge of internal systems. The incident highlights the importance of monitoring user behavior and implementing strict access controls. Organizations are encouraged to adopt zero trust principles and enforce rapid offboarding procedures.
Read More

FBI Seizes Infrastructure Linked to Stryker Hackers

The FBI has seized a website associated with the Iran-linked Stryker hacking group as part of an ongoing investigation. This action follows a series of disruptive cyberattacks attributed to the group, including destructive campaigns that wiped thousands of systems. Authorities are working to dismantle the group’s infrastructure and limit further attacks. The seizure represents a broader effort to combat state-sponsored cyber threats. Officials warn that similar groups remain active and continue to pose risks globally.
Read More

PolyShell Flaw Enables Unauthenticated RCE on Magento Stores

A critical vulnerability known as PolyShell has been discovered in Magento e-commerce platforms, allowing unauthenticated remote code execution. Attackers can exploit the flaw without needing valid credentials, making it especially dangerous for exposed systems. Successful exploitation could lead to full control of online stores, including customer data theft and payment fraud. Security researchers warn that unpatched systems are at immediate risk. Organizations are urged to apply patches and monitor for suspicious activity.
Read More

Microsoft Intune Lockdown Recommended After Stryker Attacks

Microsoft is advising organizations to strengthen Intune security configurations following the destructive Stryker attacks. The guidance focuses on restricting device management permissions and enforcing stricter policies to prevent misuse. Attackers have been observed abusing management tools to carry out destructive actions across enterprise environments. This highlights the risks associated with overly permissive configurations in endpoint management platforms. Organizations should review Intune policies and implement least-privilege access controls.
Read More

Ubiquiti Warns of UniFi Vulnerability Allowing Account Takeover

Ubiquiti has issued a warning about a vulnerability in its UniFi platform that could allow attackers to take over user accounts. The flaw may enable unauthorized access if exploited, potentially exposing sensitive network management data. Users running affected versions are at risk until patches are applied. The company has released updates and recommends immediate installation. This vulnerability underscores the importance of securing network management interfaces.
Read More

Claude Vulnerabilities Could Lead to Sensitive Data Exfiltration

Researchers have identified vulnerabilities in Claude AI systems that could allow attackers to exfiltrate sensitive data. The flaws involve how the AI processes inputs and interacts with external systems, potentially exposing confidential information. As AI becomes more integrated into enterprise workflows, these risks are becoming more significant. Attackers could exploit these weaknesses to extract proprietary or personal data. Organizations are urged to implement safeguards and carefully manage AI integrations.
Read More

Backdoored Open VSX Extension Targets Developers

A malicious extension hosted on the Open VSX marketplace has been found to include a backdoor targeting developers. The extension masquerades as a legitimate GitHub downloader tool but secretly executes malicious code. Once installed, it can compromise developer environments and potentially steal credentials or code. This incident highlights ongoing risks in software supply chains and third-party extensions. Developers are advised to verify extensions and use trusted sources only.
Read More

Iran-Linked Botnet Exposed After Open Directory Leak

A botnet linked to Iranian threat actors has been exposed after researchers discovered an open directory containing operational data. The leak revealed details about infected systems, command-and-control infrastructure, and attack methods. This exposure provides valuable insight into the group’s capabilities and targets. It also highlights how operational security failures can impact even advanced threat actors. Security teams can use this information to strengthen defenses and detect related activity.
Read More

Anthropic Ban Signals Growing AI Supply Chain Risks

A recent ban involving Anthropic services has sparked concerns about emerging risks in the AI supply chain. Organizations are increasingly dependent on third-party AI providers, creating new points of failure and exposure. Experts warn that there is currently no clear framework for managing these risks effectively. The situation highlights the need for governance, transparency, and risk management in AI adoption. Companies are encouraged to evaluate dependencies and implement contingency plans.
Read More

CISA Warns of Critical Zimbra and SharePoint Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about critical vulnerabilities affecting Zimbra and Microsoft SharePoint. These flaws are being actively exploited and could allow attackers to gain unauthorized access or execute malicious code. Organizations using these platforms are at heightened risk if patches are not applied promptly. CISA has added the vulnerabilities to its Known Exploited Vulnerabilities catalog. Immediate remediation and monitoring are strongly recommended.
Read More