March 22, 2026

Insane release: 26 CVEs — 4 V8 bugs by different contributors, 9 by a semi-anonymous individual (hash c6eed09) found across Chromium components (mostly WebRTC), and 4 by Google self.
Let’s see if the trend keeps going… https://t.co/KZGXbcn4RM

— Toan Pham (@__suto) March 21, 2026

https://t.co/S5Z2Pfp1bX pic.twitter.com/ptOw9AhNdM

— John Hultquist (@JohnHultquist) March 20, 2026

all quiet on the frontal lobe

— ۟ (@4NGELWING) March 19, 2026

UAF in XNU's AIO kevent subsystem — kernel panic from app sandbox ..

Silently patched in iOS 26.3. No CVE assigned. Likely found internally by Apple

PoC + full writeup — by [ClaudeCode]https://t.co/yOxwFhgvAQ

—  CrazyMind (@CrazyMind90) March 21, 2026

GitHub - crazymind90/CVE-2026-XNU-AIO-KEVENT-UAF: XNU AIO kevent use-after-free — kernel panic from app sandbox on iOS 26.2 (no entitlements). Patched in iOS 26.3 · GitHub

XNU AIO kevent use-after-free — kernel panic from app sandbox on iOS 26.2 (no entitlements). Patched in iOS 26.3 - crazymind90/CVE-2026-XNU-AIO-KEVENT-UAF

crazymind90/CVE-2026-XNU-AIO-KEVENT-UAF (10 stars, Objective-C) XNU AIO kevent use-after-free — kernel panic from app sandbox on iOS 26.2 (no entitlements). Patched in iOS 26.3

source:  CrazyMind (@CrazyMind90)

Ukraine will stop sending soldiers abroad for training and plans to conduct all military personnel training exclusively on Ukrainian territory.
This decision is attributed to the fact that instructors from Western countries lack modern combat experience. https://t.co/l5iJUKui0o pic.twitter.com/HS4FpcKeR2

— Roy🇨🇦 (@GrandpaRoy2) March 21, 2026

A war to weaken Iran ends up with the US having to dilute sanctions on Iran. A mark of how blundering this whole endeavour has been. https://t.co/QvUcfsqMRo

— Shashank Joshi (@shashj) March 21, 2026

Stumbled upon a Soviet political joke from 1982 (Melnichenko #5850).
Syrian defense minister Tlass requests Marshal Ustinov to upgrade air defense:
— But we supplied Syria with plenty of surface-to-air missiles!
— Well, could you please send some surface-to-plane ones instead?

— Ilya A. (@ain92ru) March 21, 2026

just got invited to peer review a paper I'm one of the authors on pic.twitter.com/SaQFlctWCh

— Henry Shevlin (@dioscuri) March 20, 2026

Thread: How real adversaries are using C2 in 2026 (From building @scythe_io + watching nation-state/red team playbooks) 

Spoiler: It's not just fancy Cobalt Strike beacons anymore. 🦄 1/10

— Bryson 🦄 (@brysonbort) March 20, 2026

The new U.S. military policy on irregular warfare. The document defines IW as conflict conducted through "indirect, non-attributable, or asymmetric activities" (the bureaucratic term for things a government does but doesn't want to be caught doing). The toolkit includes… pic.twitter.com/fmdYsfd84B

— Lukasz Olejnik (@lukOlejnik) March 20, 2026

I agree with folks this who say that this year will be an absolute deluge of CVEs found with AI. But I also worry that it will reveal the limits of the "we'll just fuzz out all the bugs" mindset

— Brendan Dolan-Gavitt (@moyix) March 20, 2026

#ESETresearch is hiring! Passionate about geopolitics, cyberespionage and cyber threat intelligence? We have a new opening for a strategic threat intelligence analyst at our Montréal office. Come join the team!https://t.co/YGp5axfYpL

— ESET Research (@ESETresearch) March 20, 2026

None

Résumé du poste / Summary English version follows ------------------------------------------------------------------------------------------------------------------------------- Nous sommes à la recherche d'un.e Analyste du renseignement stratégique sur les menaces axé sur le cyberespionnage pour rejoindre l'un des centres de R&D suivants: Bratislava, Montréal, Prague – tous faisant partie d’ESET Recherche. Description du poste / Job description ESET Recherche ESET Recherche est une équipe d...

The current US administration is actually living up to its promise of bringing back Spartan military ethos by talking loudly and losing more than winning.

— Eduardo García-Molina (@eduardo_garcmol) March 19, 2026

> Startup accused of fraud
> Check bios of both founders
> Forbes 30 under 30 https://t.co/WEyfLaXiVS pic.twitter.com/u7l9nZJxqQ

— Ana Mostarac (@anammostarac) March 20, 2026

everyone I still know who's inside the country tells me russians are pretty depressed. bad news but historically speaking this is good for literature

— Seva (@SevaUT) March 20, 2026

Loose laps sink ships.

— David (@dpjanes) March 19, 2026

Good overview of tactics being used to compromise Signal accounts.

Government/military officials, or anyone working at the intersection of Russian security issues (private sector, journalists, civil society orgs writ large) should urgently review.https://t.co/G8xDoKu1md pic.twitter.com/Vr34GwIGcz

— Dan Black (@DanWBlack) March 20, 2026

This ProPublica story about the government approving Microsoft cloud products despite reviewers deeming them alarmingly opaque and insecure sure doesn't reflect well on Microsoft, its third-party auditors, its government allies, or D.C.'s revolving door. https://t.co/MHMtaNCb8m pic.twitter.com/mIktTZMO4u

— Eric Geller (@ericgeller) March 18, 2026

Despite Doubts, Federal Cyber Experts Approved Microsoft Cloud Service — ProPublica

A federal program created to protect the government against cyber threats authorized a sprawling Microsoft cloud product, despite the company’s inability to fully explain how it protects sensitive data.

Dance like nobody's watching, run like you're inadvertently broadcasting the position of your carrier strike group

— Shashank Joshi (@shashj) March 20, 2026

My analysis of CVE-2025-43520, the kernel vulnerability exploited by DarkSword (patched in 26.1): https://t.co/zj7HqahKYS

— Muirey03 (@Muirey03) March 20, 2026

CVE-2025-43520.txt · GitHub

GitHub Gist: instantly share code, notes, and snippets.

CVE-2025-43520.txt · GitHub

GitHub Gist: instantly share code, notes, and snippets.

source: Muirey03 (@Muirey03)