Daily Security Briefing #199

March 20, 2026 | Read Online

Critical Chrome update, UNISOC modem flaw, and Signal phishing attacks…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The recent Chrome security update addresses 26 vulnerabilities that could enable attackers to execute malicious code remotely. Meanwhile, a severe security vulnerability has been uncovered in UNISOC modem firmware, allowing attackers to execute arbitrary code remotely over cellular networks. Additionally, Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns.

Top Articles

Critical Chrome Update Fixes 26 Vulnerabilities Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely. The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153. GBHackers

UNISOC T612 Modem Flaw Enables Remote Code Execution A severe security vulnerability has been uncovered in UNISOC modem firmware, allowing attackers to execute arbitrary code remotely over cellular networks. UNISOC is a major semiconductor manufacturer providing chipsets for prominent mobile brands such as Motorola, Samsung, Vivo, and Realme. GBHackers

FBI Links Signal Phishing Attacks to Russian Intelligence Services The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns. Thousands of accounts have already been compromised. BleepingComputer

Trivy Security Scanner GitHub Actions Breached Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised to deliver malware that stole sensitive CI/CD secrets. The incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy”. The Hacker News

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices. Krebs on Security

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. The Hacker News

Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian Government Seqrite Labs has uncovered a highly targeted phishing campaign dubbed “Operation GhostMail”. The attack compromised the Ukrainian State Hydrology Agency by exploiting a Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS). CyberPress

Cobra DocGuard Hijacked By Speagle Malware For Sensitive Data Theft Symantec and Carbon Black researchers have discovered a stealthy new infostealer named Speagle. This malware hijacks Cobra DocGuard, a legitimate document security platform developed by the Chinese company EsafeNet, to surreptitiously harvest and exfiltrate sensitive data. CyberPress

Oracle Pushes Emergency Fix for Critical Identity Manager RCE Flaw Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.