Microsoft resolves 79 vulnerabilities in March updates, including two zero days already disclosed publicly
Microsoft’s March 2026 Patch Tuesday addressed 79 vulnerabilities, including two publicly disclosed zero-day flaws. Monthly Microsoft security releases remain operationally important because they affect widely deployed enterprise products and often trigger immediate patching and validation work across managed environments.
Patch Tuesday releases also create a predictable window in which defenders race to deploy fixes while attackers study newly disclosed issues for opportunities against slower-moving organizations. The main risk is not only delayed patching but also limited visibility into potentially exploited endpoints during the period between disclosure and full remediation.
For MSPs and enterprise security teams, this type of update cycle demands rapid triage, testing and rollout coordination across Windows estates and Microsoft software deployments. Gaps in visibility can leave exposed systems active long enough for follow-on compromise, privilege escalation or broader intrusion activity.
Two Chrome zero‑day vulnerabilities exploited in the wild prompt Google to ship out‑of‑band fixes
Google issued an emergency Chrome 146 update for Windows, macOS and Linux to patch CVE-2026-3909 and CVE-2026-3910, noting that exploits for both flaws exist in the wild. The fixes were released out of band, reflecting the urgency of the issue.
CVE-2026-3909 is an out-of-bounds write in Skia, while CVE-2026-3910 is an inappropriate implementation issue in V8, the engine that handles JavaScript and WebAssembly. Because both affect core browser components that process untrusted web content, successful exploitation could lead to memory corruption or code execution from a malicious page.
The operational challenge is that browsers are used constantly across nearly every managed endpoint, so even a short delay in emergency update deployment can leave a broad fleet exposed. Attackers often benefit from this gap because exploitation can blend into normal web activity and reach users through ordinary browsing behavior.
Critical vulnerabilities in Veeam Backup and Replication put backup infrastructure at risk of RCE attacks
Veeam Backup and Replication patched multiple flaws, including critical remote code execution vulnerabilities, and warned customers to update affected versions. Backup infrastructure is especially sensitive because compromise there can weaken or obstruct the very recovery workflows organizations depend on during major incidents.
The patched issues affected Backup and Replication 12.x builds and included several severe flaws that could be abused for code execution or other dangerous follow-on activity. In practice, attackers often prioritize backup systems because they can reveal infrastructure details, enable lateral movement or interfere with restoration paths.
This story matters to MSPs because backup servers are a frequent ransomware target, both before and during encryption operations. If attackers gain control of backup infrastructure, they may try to delete restore points, tamper with job configurations or undermine confidence in recovery options before launching a larger attack.
Telus Digital confirms a breach following claims of a massive data theft linked to ShinyHunters
Telus Digital confirmed a security incident involving unauthorized access to a limited number of systems after threat actors associated with ShinyHunters claimed a large breach. The company said it was investigating the scope of the incident while stating that business operations remained fully operational.
The operational significance goes beyond the raw theft claim because BPO providers often store customer support, billing, contact center and workflow data for multiple clients at once. That concentration makes them valuable aggregation points where one incident can have cascading consequences across several customer organizations and service relationships.
The claimed total size of the stolen data could not be independently confirmed, which is important when evaluating extortion claims and external communications. Even so, confirmed unauthorized access at a provider handling multiclient operational data is material for supply chain and third-party risk assessment.
Attackers hijack the AppsFlyer Web SDK to inject cryptostealing JavaScript into downstream websites
AppsFlyer Web SDK was temporarily hijacked and served malicious JavaScript designed to steal cryptocurrency by replacing wallet addresses entered on affected sites with attacker-controlled addresses. Because the code was delivered through a trusted third-party component, downstream sites could expose users without directly changing their own code.
AppsFlyer stated that the incident involved a domain registrar issue and said the mobile SDK was not affected, but the event still demonstrates how trust in widely used web components can become a security dependency. When attackers compromise that layer, detection often depends on downstream behavioral monitoring rather than code review alone.
The supply chain angle is the key concern: Organizations frequently embed external SDKs, analytics tools, and marketing components across production web properties, and compromise of one upstream provider can silently affect many customers at once. This makes third-party script governance and monitoring especially important for internet-facing services.