Summary
During the week of March 16–23, 2026, there were 17 vulnerability advisories and 14 data breach/incident events. Social engineering, phishing, and unauthorized access are the leading causes impacting nearly 9 million individuals across government, healthcare, and tech sectors. Key threats included actively exploited zero-days in Chrome, SharePoint, and iPhones, a major supply chain attack on Aqua Security's Trivy scanner. Major incidents are the 5-million-record Companies House data leak and a paralyzing ransomware attack on Foster City.
Take Action:
If you use Trivy, trivy-action, or setup-trivy in your pipelines, this is urgent and important! Treat all secrets that ran through affected pipelines as compromised: rotate them now and investigate logs for all systems where those secrets may have given access. Then immediately pin to the known safe versions GitHub Actions to full commit SHA hashes instead of version tags, since tags can be silently rewritten to point to malicious code.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)