Krebs on Security: Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday. Two of the bugs Microsoft patched today were publicly disclosed previously. READ MORE...
238,000 Impacted by Bell Ambulance Data Breach
Ambulance services provider Bell Ambulance is notifying nearly 238,000 individuals that their personal, financial account, medical, and health insurance information was compromised in a February 2025 data breach. The Milwaukee, Wisconsin-based healthcare organization detected the network intrusion on February 13, 2025, and disclosed the incident on April 14, roughly a month after the Medusa ransomware gang claimed responsibility for it. READ MORE...
Michelin Confirms Data Breach Linked to Oracle EBS Attack
Tire giant Michelin has confirmed a data breach stemming from the massive cybercrime campaign that targeted organizations using Oracle's E-Business Suite (EBS) solution. The Cl0p ransomware and extortion group has taken credit for the EBS hacking campaign, which involved the exploitation of zero-day vulnerabilities to gain access to data stored by the targeted organizations in Oracle's enterprise management software. READ MORE...
Crooks compromise WordPress sites to push infostealers via fake CAPTCHA prompts
Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpads for a global infostealer operation. Researchers at Rapid7 say the scheme works by injecting malicious code into compromised sites, which then serve visitors a convincing fake Cloudflare CAPTCHA page. Instead of simply proving you're not a robot, the prompt instructs users to copy and run a command on their machine. READ MORE...
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric
Industrial giants Siemens, Schneider Electric, Mitsubishi Electric, and Moxa have published new Patch Tuesday advisories for vulnerabilities found recently in their ICS products. Siemens and Schneider Electric have each published six new advisories. Each of Schneider's new advisories addresses one vulnerability. Siemens has addressed a critical stored XSS vulnerability in Simatic S7-1500 devices. The cybersecurity agency CISA has also published ICS advisories this Patch Tuesday. READ MORE...
How to see your Google Search history (and delete it)
Your Google Search history provides one of the most detailed windows into your private life, and I know this because when I looked at my own search history last year, I was overwhelmed by the information buried within. Across just 18 months, Google tracked the 8,079 searches I made and the 3,050 websites I visited because of those searches. Google tracked my every question, concern, and flight of fancy-almost literally. READ MORE...
HPE warns of critical AOS-CX flaw allowing admin password resets
Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. AOS-CX is a cloud-native network operating system (NOS) developed by HPE subsidiary Aruba Networks for the company's CX-series campus and data center switch devices. The most severe security flaw today is a critical authentication bypass vulnerability. READ MORE...
Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack
After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn't exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we're sure is a welcome change to sysadmins. Another eight of the 83 Microsoft CVEs are considered critical, and one of these - to quote Zero Day Initiative chief bug hunter Dustin Childs - is "fascinating." READ MORE...
Quantum computing meets the Möbius molecule
Last week, IBM trumpeted its contributions to a rather unusual paper: the production of a molecule with a half-Möbius topology, assisted by an algorithm run in part on a quantum computer. There was, to put it mildly, a lot going on in this paper, and it took a little while to digest. But it's interesting in what it says about the sorts of chemistry that we can construct with tools developed over the past several decades, as well as how quantum computation is inching toward utility. READ MORE...
- ...in 1818, author Mary Wollstonecraft Shelley publishes "Frankenstein; Or, The Modern Prometheus", widely considered to be the first work of science fiction.
- ...in 1985, Mikhail Gorbachev is elected as General Secretary of the Soviet Union, becoming the USSR's final head of state.
- ...in 1997, former Beatle Paul McCartney is officially knighted by Queen Elizabeth II.
- ...in 2020, the World Health Organization officially declares the COVID-19 outbreak as a pandemic.
