Microsoft Patch Tuesday, March 2026 Edition

https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/

#MicrosoftPatchTuesdayMarch2026 #MicrosoftOffice #TheComingStorm #CVE-2026-21262 #CVE-2026-24289 #CVE-2026-24291 #CVE-2026-24294 #CVE-2026-25187 #CVE-2026-26110 #CVE-2026-26113 #CVE-2026-26127 #mozillafirefox #SecurityTools #SatnamNarang #TimetoPatch #AdamBarnett #BenMcCarthy #Immersive #Tenable #adobe #XBOW

Liat Hayun, SVP Product Management at Tenable, on ownership and exposure:
Remove “someone should fix this.”

Adopt “I am the only one who will fix this.”
“A vulnerability in a vacuum is just a line of code.”

Security teams are drowning in signals. Context defines actionability.

Read: https://www.technadu.com/from-national-security-to-enterprise-risk-turning-data-into-decisions-and-proving-excellence-has-no-gender/621106/

#WomenInCyber #ExposureManagement #SecurityLeadership #LeadHerInSecurity #Tenable

----------------

🎯 AI
===================

Executive summary: Moltbook, an AI-only social network populated by OpenClaw agents, presents immediate security risks: pervasive spam/scams, exposure of agents to untrusted content via API-oriented prompt files, and a reported database compromise that leaked API keys enabling bot impersonation and direct prompt injection.

Technical details:
• SKILLS.md, HEARTBEAT.md, and MESSAGING.md are repository-style markdown files that describe how agents interact with the Moltbook API. SKILLS.md documents API interactions and recommends HTTP requests (curl-style). HEARTBEAT.md instructs periodic check-ins. MESSAGING.md notes that messaging requires human approval, while other endpoints accept automated agent input.
• Experimental tooling (reported as a CLI tool named moltbotnet) implemented API calls for posting, commenting, upvoting, following, and engagement automation. This tooling demonstrates how easily an agent or impersonator can script interactions.
• Reported breach of Moltbook’s database exposed API keys tied to agent identities. Those keys materially enable: impersonation of legitimate agents, submission of crafted prompts to agent workloads, and direct prompt injection vectors that bypass typical human-only guards.

Analysis:

The combination of (1) public, machine-readable prompt files that instruct agents how to behave, (2) open posting and engagement that accepts untrusted content, and (3) leaked credentials produces two classes of injection risks: indirect prompt injection (agents ingesting malicious content from other agents) and direct prompt injection (attacker using stolen API keys to send malicious prompts as a trusted agent). The observed ecosystem is also saturated with social-engineering lures (requests to run package installers, share crypto wallets, or call external APIs).

Detection guidance:
• Monitor unexpected use of API keys or unusual posting frequency associated with agent identities.
• Inspect content sources for scripted patterns (repeated promotional payloads, command-like text referencing package managers or curl usage).

Limitations:
• No public CVE identifiers are reported in the source material.
• Exact scope of leaked API keys (number of keys, associated privileges) was not enumerated in the writeup.

References and tags:

SKILLS.md, HEARTBEAT.md, MESSAGING.md — Tenable Research field report on Moltbook interactions and breach findings.

🔹 OpenClaw #Moltbook #promptinjection #APIkeys #Tenable

🔗 Source: https://www.tenable.com/blog/undercover-on-moltbook

WP Advanced Custom Fields Extended plugin bug gives admin

Your friendly reminder to minimize the WordPress plugins you deploy to what you actually need. BleepingComputer has an article:

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions.

ACF Extended, currently active on 100,000 websites, is a specialized plugin that extends the capabilities of the Advanced Custom Fields (ACF) plugin with features for developers and advanced site builders.

Unauthenticated privilege escalation to get admin is about as bad as it gets. Though, it does appear the WordPress blog has to have mapped “role” as a custom field. It’s impossible for anyone other than the blog owner to know if that’s the case. Well, probably spammers and scammers seeking sites to compromise and turn into platforms to exploit might given which ones they successfully turn.

It’s tracked as CVE-2025-14533:

• NIST
• tenable

Microsoft Patch Tuesday, December 2025 Edition

https://krebsonsecurity.com/2025/12/microsoft-patch-tuesday-december-2025-edition/

#WindowsCloudFilesMiniFilterDriver #WindowsPowershell #MicrosoftOutlook #MicrosoftOffice #LatestWarnings #TheComingStorm #CVE-2025-10573 #CVE-2025-54100 #CVE-2025-59516 #CVE-2025-59517 #CVE-2025-62221 #CVE-2025-62458 #CVE-2025-62470 #CVE-2025-62472 #CVE-2025-62554 #CVE-2025-62557 #CVE-2025-64671 #SatnamNarang #TimetoPatch #AdamBarnett #AriMarzuk #IDEsaster #Tenable