Daily Security Briefing #197

March 18, 2026 | Read Online

DarkSword iOS exploit chain proliferation, Interlock ransomware exploits Cisco flaw, and UIDAI’s bug bounty program…

Executive Summary

Cybersecurity threats continue to escalate with the emergence of new exploit chains and vulnerabilities. The DarkSword iOS exploit chain has been adopted by multiple threat actors, compromising devices through zero-day vulnerabilities. Meanwhile, the Interlock ransomware gang is exploiting a critical Cisco flaw in zero-day attacks. Additionally, the Unique Identification Authority of India (UIDAI) has launched its first bug bounty program to strengthen Aadhaar security.

Top Articles

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors Google Threat Intelligence Group has identified a new iOS full-chain exploit called DarkSword, leveraging multiple zero-day vulnerabilities. Since November 2025, GTIG has observed commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. Google Cloud Blog

The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report Rapid7 Labs has released its 2026 Global Threat Landscape Report, analyzing how attacker behavior is evolving across vulnerability exploitation, ransomware operations, identity abuse, and AI-driven tradecraft. The data shows a clear pattern: exposure is being identified and weaponized faster than most organizations are set up to defend. Source

UIDAI Introduces Bug Bounty Program to Strengthen Aadhaar Defenses The Unique Identification Authority of India (UIDAI) has launched its first structured bug bounty program to fortify the Aadhaar system. This initiative invites top cybersecurity experts to proactively identify and responsibly disclose potential vulnerabilities within UIDAI’s digital platforms. GBHackers

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime. The Hacker News

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131, allowing unauthenticated remote attackers to gain root access. The Hacker News

UIDAI Launches Bug Bounty Program to Boost Aadhaar Security The Unique Identification Authority of India (UIDAI) has introduced its first structured bug bounty programme as part of ongoing efforts to strengthen the security of the Aadhaar ecosystem. The initiative aims to proactively identify vulnerabilities across critical digital platforms by engaging trusted cybersecurity researchers and ethical hackers. CyberPress

Fake Telegram Site Delivers Multi-Stage Malware Using In-Memory Execution Cybersecurity researchers have identified a malicious campaign that spreads malware through a fake Telegram download website. The site, hosted on the typosquatted domain telegram [.]com, impersonates the official Telegram download portal and tricks users into installing a malicious installer disguised as legitimate software. CyberPress

Marquis: Ransomware gang stole data of 672K people in cyberattack A ransomware gang has stolen the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. The attack targeted Marquis, a Texas-based financial services provider. BleepingComputer

Ransomware gang exploits Cisco flaw in zero-day attacks since January The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.