Cybersecurity Headlines — March 23, 2026
- U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog — Securityaffairs.com
- Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw — Help Net Security
- RSAC 2026 preview: AI hype meets operating model reality — SiliconANGLE News
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks — Internet
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 — Internet
- Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure — Internet
- CISA orders feds to patch max-severity Cisco flaw by Sunday — BleepingComputer
- Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) — Help Net Security
- DORA is reshaping how Europe’s financial sector thinks about compliance, and most firms still aren’t ready — The Next Web
- MCMC urges iPhone users to update iOS immediately following “Darksword” exploit — SoyaCincau.com
From the Trenches
Two things stand out today. First, the Langflow RCE (CVE-2026-33017) — attacks started within 20 hours of disclosure. That turnaround time is becoming the norm for high-value targets, and it means your patch window is measured in hours, not days. If you’re running any AI pipeline tooling, it deserves the same patching urgency as your perimeter gear.
Second, the FBI warning about Russian hackers targeting Signal and WhatsApp via phishing is a good reminder that end-to-end encryption only protects the transport layer — if someone phishes your credentials or compromises your device, the encryption means nothing.
🔧 Patch Priority: Apple, Craft CMS, and Laravel Livewire — all added to CISA KEV, patching deadline April 3, 2026.
Compiled daily. Stay patched, stay vigilant.