CVE

• CISA Says CVE-2026-22719 Is Being Exploited. Broadcom Says It Can't Confirm That. March 27, 2026

  CISA added a high-severity unauthenticated command injection flaw in VMware Aria Operations to its Known Exploited Vulnerabilities catalog on March 3. The federal patching deadline has passed. Broadcom acknowledges reports of exploitation but says it cannot independently confirm them.

• Security: Vulnerabilities, Supply Chain, and the Defence Landscape March 27, 2026

  A living signal tracking infosec: CVEs worth knowing, supply chain attacks, cloud security incidents, AI/agentic security risks, and practical mitigations for engineering teams. This week: Citrix NetScaler CVE-2026-3055 (CVSS 9.3) allows unauthenticated session token extraction from SAML appliances; BeyondTrust CVE-2026-1731 now confirmed in active ransomware campaigns; AnythingLLM ships a textbook SQL injection; LAPSUS$ claims a 3GB AstraZeneca breach.

• LangChain and LangGraph CVEs Expose Files, Secrets, and Conversation History Across 84 Million Weekly Downloads March 27, 2026

  Three CVEs in LangChain and LangGraph - path traversal, serialization injection, and SQL injection - expose files, environment secrets, and conversation history in frameworks downloaded 84 million times per week.

• TP-Link Patches Critical Auth Bypass in Archer NX Routers March 26, 2026

  CVE-2025-15517 lets attackers upload arbitrary firmware to Archer NX200/NX210/NX500/NX600 without credentials. Patch is available -- given TP-Link's botnet exploitation history, treat this as urgent.

• Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager March 24, 2026

  Oracle issued an out-of-band emergency patch on March 19 for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE affecting Oracle Identity Manager and Web Services Manager. If your org runs either product on versions 12.2.1.4.0 or 14.1.2.1.0, patching cannot wait for the next quarterly cycle.

• When the Management Plane Falls: CVE-2025-32975 and the Quest KACE SMA Problem March 24, 2026

  CVE-2025-32975 is a CVSS 10.0 authentication bypass in Quest KACE SMA, actively exploited since the week of March 9, 2026. Arctic Wolf has documented the full attack chain: initial access via the auth bypass, Mimikatz credential harvesting, and lateral movement to domain controllers and backup infrastructure.

• March 2026 Patch Tuesday: 78 Vulnerabilities Including Zero-Day Under Active Exploitation March 23, 2026

  Microsoft's March 2026 Patch Tuesday addressed 78 CVEs including two publicly disclosed zero-days and three Critical-rated flaws. One zero-day in SQL Server has been flagged by multiple sources as actively exploited -- and with patch diffing tools compressing exploitation windows to under 48 hours, the margin for slow patch cycles is gone.

• March 2026 Patch Tuesday: 78 CVEs Including Active Zero-Day March 23, 2026

  March 2026 Patch Tuesday addressed 78 vulnerabilities including at least one zero-day under active exploitation. The gap between patch release and patch applied is where breaches happen.

• CVE-2026-3888: Snap LPE -- Patch It Now March 18, 2026

  CVE-2026-3888 is a local privilege escalation in Ubuntu's Snap package manager (CVSS 7.8). An unprivileged attacker waits for systemd-tmpfiles to delete /tmp/.snap -- 10-30 days depending on Ubuntu version -- then recreates it with malicious payloads. snap-confine bind-mounts them as root on next sandbox init. Patch is available now.

• OpenClaw's Security Inflection Point: CVE-2026-25253, ClawHavoc, and What AWS Just Multiplied March 15, 2026

  CVE-2026-25253, the ClawHavoc malicious skills campaign, and AWS's managed OpenClaw launch arrived in the same six-week window. Taken together, they mark a security inflection point for AI agent tooling that engineers running these systems need to understand.