Storylines
Storylines connect related signals across days and weeks so you can follow a narrative over time.
How to use: Scan → open one item → check evidence.
- Updated CISA exploited flaws list adds SharePoint, Zimbra bugsscworld.com · SC Media
- Unknown attackers exploit yet another critical SharePoint buggo.theregister.com · theregister_security
- CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)helpnetsecurity.com · Help Net Security
Sorted by momentum. Use the chevron to expand a card. Use the action button for the full drawer.
No investment advice. Research signals and sources only. EarlyNarratives provides informational signals derived from public sources. It does not provide financial, legal, or tax advice.
Editorial picks from the weekly briefing.
Oracle patches critical unauthenticated remote code execution vulnerability in Identity Manager
Oracle has released a critical security update addressing CVE-2026-21992, a vulnerability in Oracle Identity Manager and Oracle Web Services Manager that allows remote code execution without authentication. The flaw carries a CVSS score of 9.8, indicating severe risk.
Details
- The vulnerability has a high CVSS score of 9.8, indicating urgent risk.
- Oracle has just released an official fix, making immediate action possible.
- Exploitation could lead to significant security incidents if left unpatched.
- The vulnerability allows remote code execution without authentication, posing a severe risk to affected systems.
- Oracle Identity Manager and Web Services Manager are widely used enterprise products, increasing potential impact.
- Prompt patching is critical to prevent exploitation and potential breaches.
Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)
A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering CJ Moses revealed. “.
Details
CVE-2026-20963 (SharePoint deserialization) hit the CISA KEV yesterday
Coverage centers on: Updated CISA exploited flaws list adds SharePoint, Zimbra bugs.
Details
Latest storylines from the latest runs. Sorted by momentum.
Apple security advisory (AV26-248)
Serial number: AV26-248 Date: March 18, 2026 On March 17, 2026, Apple published a security update to address vulnerabilities in the following products: iOS – versions prior to 26.3.1 iPadOS – versions prior to 26.3.1 macOS – versions prior to 26.3.1 macOS – versions prior to 26.3.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates
Details
Apple Products: CVSS (Max): None
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2026.2560 APPLE-SA-03-17-2026-1 Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 18 March 2026 =========================================================================== AUSCERT Security Bulletin Summary -------------------
Details
US, Canada and Germany take down four large DDoS botnets
Experts warn that the botnet operators will likely regroup and come back stronger, armed with AI.
Details
New “Darksword” iOS exploit used in infostealer attack on iPhones
A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. [...]
Details
Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks
AWS Researchers Find an Interlock Server Laden With Tools Ransomware hackers exploited a flaw with a maximum vulnerability score in Cisco firewall management software weeks before the networking giant disclosed the vulnerability in early March. The group has focused extensively on critical infrastructure sectors in North America and Europe.
Details
Hackers Exploit Critical Langflow Bug in Just 20 Hours
Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day
Details
Marquis Data Breach Affects 672,000 Individuals
It was previously estimated that more than 1.6 million people may be affected by the Marquis data breach. The post Marquis Data Breach Affects 672,000 Individuals appeared first on SecurityWeek .
Details
New ‘Perseus’ Android malware checks user notes for secrets
A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. [...]
Details
USN-8112-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - HFS+ file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Simplified Mand
Details
Unifi Security Advisory Bulletin 062
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0, CVEs: CVE-2026-22557, CVE-2026-22558, Summary: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account. CVSS v3.1 Severity and Metr
Details
FBI links Signal phishing attacks to Russian intelligence services
The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. [...]
Details
Unlock source trails, evidence timestamps, archive access, and workflow tools.