Skip to content
TorrinPass

Security News Digest

Stay informed about the latest cybersecurity threats, vulnerabilities, and data breaches. All news is sourced from trusted, verified security publications.

Last Updated: March 17, 2026

🔴 This Week’s Critical Updates

Section titled “🔴 This Week’s Critical Updates”

Microsoft March 2026 Patch Tuesday: 8 Critical Bulletins

Section titled “Microsoft March 2026 Patch Tuesday: 8 Critical Bulletins”

Source: CrowdStrike, Krebs on Security, Qualys

Microsoft released security updates on March 10, 2026 for 82–93 vulnerabilities (varying by source), including eight critical and two publicly disclosed flaws:

  • CVE-2026-26110 & CVE-2026-26113 — Critical remote code execution in Microsoft Office (CVSS 8.4)
  • Vulnerabilities span Windows, Office, SQL Server, Azure, and .NET
  • Two zero-day vulnerabilities publicly disclosed before patches shipped

Action Required: Update Windows and Microsoft Office immediately via Settings → Windows Update.

Google Patches Two Chrome Zero-Days Under Active Attack

Section titled “Google Patches Two Chrome Zero-Days Under Active Attack”

Source: The Hacker News, Malwarebytes, Security Affairs

Google released urgent security updates on March 13, 2026 to fix two high-severity zero-day vulnerabilities actively exploited in the wild:

  • CVE-2026-3909 — Actively exploited in targeted attacks
  • Both vulnerabilities discovered by Google on March 10, 2026
  • CISA added both flaws to its Known Exploited Vulnerabilities catalog on March 13

Action Required: Update Chrome immediately via Settings → About Chrome. Verify you are on the latest version.

CISA Adds New Vulnerabilities to KEV Catalog (March 2026)

Section titled “CISA Adds New Vulnerabilities to KEV Catalog (March 2026)”

Source: CISA (Mar 3), CISA (Mar 11)

CISA added two vulnerabilities on March 3 and one more on March 11, 2026, plus the two Chrome zero-days on March 13:

  • Multiple enterprise and browser vulnerabilities under active exploitation
  • Organizations should reference the KEV Catalog for the full list

Why It Matters: These vulnerabilities are being actively exploited by threat actors. Patch all KEV-listed flaws as a priority.

Apple iOS 26.3.1 and Security Backports for Older Devices

Section titled “Apple iOS 26.3.1 and Security Backports for Older Devices”

Source: Apple Support, The Hacker News, TidBITS

Apple released iOS 26.3.1 and iPadOS 26.3.1 on March 10, 2026. On March 12, Apple also backported critical security fixes to older iOS and iPadOS versions for the “Coruna” WebKit exploits:

  • Fixes for WebKit vulnerabilities actively exploited in the wild
  • Backports address devices that cannot update to the latest iOS version
  • Additional security fixes across multiple components

Action Required: Update all Apple devices via Settings → General → Software Update — including older devices on previous iOS versions.

📊 Recent Data Breaches & Threats

Section titled “📊 Recent Data Breaches & Threats”

Conduent Data Breach: Up to 25 Million Affected

Section titled “Conduent Data Breach: Up to 25 Million Affected”

Source: Mashable, HIPAA Journal, Malwarebytes

The Conduent Business Services data breach has grown into one of the largest in U.S. history, with up to 25 million individuals affected. The Texas Attorney General is investigating, with approximately 4 million Texans impacted. BCBS is among the entities affected.

TorrinPass Protection: TorrinPass’s breach detection alerts you when your credentials appear in known breaches, helping you act fast.

Fake Claude Code Install Pages Spreading Infostealers

Section titled “Fake Claude Code Install Pages Spreading Infostealers”

Source: Malwarebytes

Attackers are creating fake installation pages for Claude Code (Anthropic’s AI coding tool) to distribute infostealer malware on both Windows and macOS. Fake Homebrew install pages and malicious npm packages were also discovered.

Why It Matters: Always download software from official sources. Verify URLs carefully before installing developer tools.

Glassworm Supply Chain Attack: 150+ GitHub Repositories Compromised

Section titled “Glassworm Supply Chain Attack: 150+ GitHub Repositories Compromised”

Source: Aikido

The Glassworm supply chain attack resurfaced in March 2026, with invisible Unicode malware injected into over 150 GitHub repositories. The attack also targeted npm packages and VS Code extensions.

Why It Matters: Developers should audit dependencies carefully and use supply chain security tools. This highlights the growing risk of software supply chain attacks.

🛡️ Security Best Practices

Section titled “🛡️ Security Best Practices”

Based on this week’s threats, we recommend:

  1. Update immediately — Apply Microsoft’s March 2026 patches, update Chrome (two actively exploited zero-days), and update all Apple devices
  2. Verify software downloads — Only download from official sources (fake Claude Code pages are spreading malware)
  3. Enable 2FA everywhere — Use TorrinPass’s built-in authenticator
  4. Audit your dependencies — Developers should check for Glassworm and other supply chain compromises
  5. Check for breaches — Use TorrinPass’s breach detection, especially if you are a Conduent/BCBS customer

📰 Trusted Security Sources

Section titled “📰 Trusted Security Sources”

We curate news from these verified, reputable sources:

SourceTypeLink
CISAGovernmentcisa.gov
Krebs on SecurityIndependentkrebsonsecurity.com
SecurityWeekIndustrysecurityweek.com
BleepingComputerNewsbleepingcomputer.com
The Hacker NewsNewsthehackernews.com
Zero Day InitiativeResearchthezdi.com
CrowdStrikeVendorcrowdstrike.com

📅 Archive

Section titled “📅 Archive”

💡 Stay Protected with TorrinPass

Section titled “💡 Stay Protected with TorrinPass”

TorrinPass helps protect you against these threats with:

  • Zero-knowledge encryption — Your data stays private
  • Breach detection — Check if your passwords are compromised
  • Strong password generator — Create unique, secure passwords
  • Built-in 2FA — Extra security layer for all accounts

Download TorrinPass