Infosec bits for 2026 week 11

Zoya Vilakazi | March 13, 2026, 11:52 a.m.

Cybersecurity News:

SA cloud providers warn of imminent price hikes [Admire Moyo, ITWeb]

Agentic attack chains advance as infostealers flood criminal markets [Mirko Zorz, Help Net Security]

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials [Ravie Lakshmanan, The Hacker News]

Middle East Conflict Highlights Cloud Resilience Gaps [Robert Lemos, Dark Reading]

Microsoft flips Windows Autopatch to default hotpatch security updates [Sinisa Markovic, Help Net Security]

Vulnerabilities & Patches:

Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover [Guru Baran, Cyber Security News]

Xygeni GitHub Action Compromised Via Tag Poison [Alexander Culafi, Dark Reading]

Microsoft Patch Tuesday March 2026 Fixes 79 Vulnerabilities, Including Two Zero-Days [AnuPriya, Cyber Press]

Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. [Pierluigi Paganini, Security Affairs]

OpenSSH GSSAPI Vulnerability Allow an Attacker to Crash SSH Child Processes [Guru Baran, Cyber Security News]

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites [Bill Toulas, Bleeping Computer]

Apple issues emergency fixes for Coruna flaws in older iOS versions [Pierluigi Paganini, Security Affairs]

Malware & Ransomware:

AI-generated Slopoly malware used in Interlock ransomware attack [Bill Toulas, Bleeping Computer]

Cyber Attacks & Breaches:

Attackers Hijack Microsoft 365 Accounts Through OAuth Device Code Abuse Without Stealing Passwords [Balaji N, Cyber Security News]

Michelin Confirms Data Breach Linked to Oracle EBS Attack [Eduard Kovacs, Security Week]

Starbucks discloses data breach affecting hundreds of employees [Sergiu Gatlan, Bleeping Computer]