Daily Security Briefing #200

March 21, 2026 | Read Online

Critical vulnerabilities exposed, AI training data poisoning, and phishing campaigns…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. Oracle has issued urgent security alerts for critical Remote Code Execution (RCE) flaws in Identity Manager and Web Services Manager. Meanwhile, the Trivy vulnerability scanner was compromised, allowing attackers to inject malicious scripts that steal credentials. Additionally, threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns targeting commercial messaging applications like WhatsApp and Signal.

Top Articles

Oracle Fixes High-Severity RCE Vulnerability Affecting Identity and Web Services Platforms Oracle recently issued an urgent security alert regarding a critical Remote Code Execution (RCE) flaw that impacts both Oracle Identity Manager and Oracle Web Services Manager. Tracked as CVE-2026-21992, this vulnerability allows attackers to compromise systems remotely without requiring any user authentication. GBHackers

Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials A highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month. GBHackers

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value. The Hacker News

Threat Actors Leverage Copyright-Themed Emails to Drop PureLog Stealer Threat actors are deploying a sophisticated multi-stage malware campaign to distribute the PureLog Stealer. Disguised as localized copyright violation notices, this credential theft wave heavily targets critical infrastructure, including healthcare and government. CyberPress

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. The Hacker News

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. Bleeping Computer

Microsoft Azure Monitor alerts abused for callback phishing attacks Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. Bleeping Computer

Critical Quest KACE Vulnerability Potentially Exploited in Attacks The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector. Security Week

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.