Cybersecurity Headlines — March 26, 2026
- TP-Link warns users to patch critical router auth bypass flaw — BleepingComputer
- Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw — Malwarebytes.com
- Presentation: Panel: Security Against Modern Threats — InfoQ.com
- FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns — Internet
- The agentic workforce is here: Why Cisco just put a ‘Claw’ on AI security — SiliconANGLE News
- 2026 Worldwide Threats Hearing — Smallwarsjournal.com
- PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug — BleepingComputer
- RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards — Infosecurity Magazine
- The Weakest Link in Fraud Is Still Human, and It’s Still Being Exploited — pymnts.com
- Is Your Signal Account Safe? FBI Warns About Russian Phishing Campaign — Android Headlines
From the Trenches
The TP-Link auth bypass and the FCC’s ban on foreign-made routers landed the same week, and that’s not a coincidence — it’s a pattern. Consumer and SOHO routers have been a soft underbelly for years, and regulators are finally catching up to what practitioners have known for a long time: supply chain risk starts at the edge. If you have TP-Link gear in your environment, patch it now and start thinking about your replacement timeline.
The FBI warning about Russian phishing campaigns targeting Signal accounts is worth paying attention to even if you’re not a government target. Signal’s security model is solid, but it doesn’t protect against social engineering at the account level. If your org uses Signal for sensitive comms, make sure registration lock is enabled and your team knows what a legitimate Signal verification request looks like versus a phishing attempt.
🔧 Patch Priority: TP-Link routers — the auth bypass flaw is critical and actively being flagged by both the vendor and regulators; exposure on this one is unacceptable.
Compiled daily. Stay patched, stay vigilant.