Tageszusammenfassung - 11.03.2026

End-of-Day report

Timeframe: Dienstag 10-03-2026 18:00 - Mittwoch 11-03-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

News

Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)

A new vulnerability (CVE-2026-0866) has been published: Zombie Zip. It's a method to create a malformed ZIP file that will bypass detection by most anti-virus engines. The malformed ZIP file can not be opened with a ZIP utility, a custom loader is required. [..] I will show you how to use my tools to analyze such a malformed ZIP file.

https://isc.sans.edu/diary/rss/32786

Claude Tried to Hack 30 Companies. Nobody Asked It To.

We gave AI agents simple research tasks on cloned corporate websites. When the legitimate path was broken, the agents autonomously discovered and exploited SQL injection vulnerabilities to complete the task - with zero hacking instructions in any prompt.

https://trufflesecurity.com/blog/claude-tried-to-hack-30-companies-nobody-asked-it-to

Sextortion -I recorded you- emails reuse passwords found in disposable inboxes

I found that one particular sender using the name Jenny Green and the Gmail address JennyGreen64868@gmail.com sent many of these emails to people that use the FakeMailGenerator service. [..] My guess is that the scammer searched these public inboxes for passwords and then reused those passwords in their sextortion emails.

https://www.malwarebytes.com/blog/news/2026/03/sextortion-i-recorded-you-emails-reuse-passwords-found-in-disposable-inboxes

Bitpanda-Falle: Warnung vor unautorisiertem Wallet-Transfer ist ein Phishing-Versuch!

Seit längerer Zeit nutzen nun bereits Kriminelle den Finanzdienstleister Bitpanda als Deckmantel für eine massive Phishing-Welle. Mithilfe von Meldungen zu angeblich unautorisierten Wallet-Transfers oder Auszahlungsversuchen üben sie Druck auf ihre Opfer aus. Die Ziele sind der Zugriff auf das Bankkonto und die Freigabe von Überweisungen.

https://www.watchlist-internet.at/news/bitpanda-wallet-transfer-phishing/

Sednit reloaded: Back in the trenches

In this blogpost, we have shown that Sednit-s advanced development team is active once again, operating an arsenal centered on two implants - BeardShell and Covenant - deployed in tandem and each leveraging a different cloud provider. This setup enables operators to reestablish access quickly if the infrastructure for one is taken down. We believe that this dual-implant strategy is not new. [..] The Sednit group - also known as APT28, Fancy Bear, Forest Blizzard, or Sofacy - has been operating since at least 2004.

https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/

BlackSanta Malware Targets HR Staff with Fake CV Downloads

It is a classic case of hackers exploiting the one thing recruiters have to do every day: open files from strangers. [..] The threat, dubbed the BlackSanta malware [..] they target the specific workflows of recruiters, sending harmless-looking emails with links to CVs on sites like Dropbox. [..] the attackers are using a technique called steganography. For your information, this involves hiding malicious code inside a normal-looking image.

https://hackread.com/blacksanta-malware-hr-staff-fake-cv-downloads/

RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities

A deep dive into the RondoDox botnet, examining its infrastructure, exploit adoption timeline, and methods used to target internet-exposed systems.

https://www.bitsight.com/blog/rondodox-botnet-infrastructure-analysis

Microsoft releases Windows 10 KB5078885 extended security update

Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down.

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5078885-extended-security-update/

Vulnerabilities

Microsoft Patch Tuesday for March 2026 - Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as -critical.-

https://blog.talosintelligence.com/microsoft-patch-tuesday-march-2026/

HPE warns of critical AOS-CX flaw allowing admin password resets

Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. [..] The most severe security flaw today is a critical authentication bypass vulnerability (tracked as CVE-2026-23813) that attackers without privileges can exploit in low-complexity attacks to reset admin passwords.

https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-aos-cx-flaw-allowing-admin-password-resets/

Adobe-Patchday: Schadcodeschmuggel in Reader, Illustrator und weiteren möglich

Die Patchday-Übersicht von Adobe listet die acht Sicherheitsmitteilungen zu den einzelnen Produkten auf. In Adobe Commerce, Commerce B2B und Magento Open Source schließen die Entwickler 19 Sicherheitslücken.

https://www.heise.de/news/Adobe-Patchday-Schadcodeschmuggel-in-Reader-Illustrator-und-weiteren-moeglich-11206633.html

Passwort-Manager KeePassXC 2.7.12: Was Nutzer beim Update beachten müssen

Der quelloffene Passwort-Manager KeePassXC ist in Version 2.7.12 erschienen. [..] Wie die Entwickler in ihrem Release-Blog mitteilen, enthält die neue Version Mitigationen gegen Exploits über manipulierte OpenSSL-Konfigurationsdateien auf Windows.

https://www.heise.de/news/KeePassXC-2-7-12-DLL-Schutz-Passkey-Aenderungen-und-TOTP-in-Auto-Type-11206934.html

Fortinet schließt Brute-Force- und Befehlsschmuggel-Lücken in FortiWeb & Co.

Fortinet schließt Lücken in FortiWeb oder FortiManager, die etwa Einschleusen von Befehlen erlauben. [..] Unzureichende Prüfung der Interaktionsfrequenz ermöglicht nicht authentifizierten Angreifern, das Authentifizierungs-Rate-Limit von FortiWeb mit manipulierten Anfragen auszuhebeln (CVE-2026-24017, CVSS 7.3, Risiko -hoch-).

https://www.heise.de/news/Fortinet-schliesst-Brute-Force-und-Befehlsschmuggel-Luecken-in-FortiWeb-Co-11207011.html

Drupal: Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

https://www.drupal.org/sa-contrib-2026-029

Drupal: AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

https://www.drupal.org/sa-contrib-2026-028

Cisco: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN

Cisco: Cisco Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh

Cisco: Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W

Cisco: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK

Splunk: Security Advisories 2026-03-11

https://advisory.splunk.com//advisories

WordPress 6.9.4 Release

https://wordpress.org/news/2026/03/wordpress-6-9-4-release/

LWN: Security updates for Wednesday

https://lwn.net/Articles/1062403/

Paloalto: CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS (Severity: MEDIUM)

https://security.paloaltonetworks.com/CVE-2026-0230

Paloalto: CVE-2026-0231 Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability (Severity: MEDIUM)

https://security.paloaltonetworks.com/CVE-2026-0231