# Tech-Radar Briefing – Samstag, 21. March 2026 ## 🔴 SECURITY ALERTS (20) - **Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager** [The Hacker News](https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html) - **Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure** [The Hacker News](https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html) - **Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover** [The Hacker News](https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html) - **Oracle pushes emergency fix for critical Identity Manager RCE flaw** [BleepingComputer](https://www.bleepingcomputer.com/news/security/oracle-pushes-emergency-fix-for-critical-identity-manager-rce-flaw/) - **Feds disrupt monster IoT botnets behind record-breaking DDoS attacks** [The Register](https://go.theregister.com/feed/www.theregister.com/2026/03/20/botnet_disruption/) - **Diverse Attacken auf Dell Secure Connect Gateway Policy Manager möglich** [Heise Security](https://www.heise.de/news/Diverse-Attacken-auf-Dell-Secure-Connect-Gateway-Policy-Manager-moeglich-11219110.html) - **US Takes Down Botnets Used in Record-Breaking Cyberattacks** [Wired](https://www.wired.com/story/us-takes-down-botnets-used-in-record-breaking-cyberattacks/) - **ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More** [The Hacker News](https://thehackernews.com/2026/03/threatsday-bulletin-fortigate-raas.html) - **DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover** [The Hacker News](https://thehackernews.com/2026/03/darksword-ios-exploit-kit-uses-6-flaws.html) - **Webmailer Roundcube: Kritische Lücken erlauben Dateimanipulation und mehr** [Heise Security News](https://www.heise.de/news/Webmailer-Roundcube-Kritische-Luecken-erlauben-Dateimanipulation-und-mehr-11217824.html) - **CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks** [The Hacker News](https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html) - **Critical Microsoft SharePoint flaw now exploited in attacks** [BleepingComputer](https://www.bleepingcomputer.com/news/microsoft/critical-microsoft-sharepoint-flaw-now-exploited-in-attacks/) - **Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access** [The Hacker News](https://thehackernews.com/2026/03/interlock-ransomware-exploits-cisco-fmc.html) - **DarkSword: Zweite mächtige iPhone-Spyware in freier Wildbahn gesichtet** [Heise Online Newsticker](https://www.heise.de/news/DarkSword-Zweite-maechtige-iPhone-Spyware-in-freier-Wildbahn-gesichtet-11216618.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag) - **Amazon security boss says crims abused max-security Cisco firewall flaw weeks before disclosure** [The Register](https://go.theregister.com/feed/www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/) - **9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors** [The Hacker News](https://thehackernews.com/2026/03/9-critical-ip-kvm-flaws-enable.html) - **DarkSword: Zweite mächtige iPhone-Spyware in freier Wildbahn gesichtet** [Heise Security News](https://www.heise.de/news/DarkSword-Zweite-maechtige-iPhone-Spyware-in-freier-Wildbahn-gesichtet-11216618.html) - **CISA orders feds to patch Zimbra XSS flaw exploited in attacks** [BleepingComputer](https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/) - **Ransomware gang exploits Cisco flaw in zero-day attacks since January** [BleepingComputer](https://www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/) - **Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23** [The Hacker News](https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html) ## 🔥 TOP STORIES (5) - [Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager](https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html) *The Hacker News* - [CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026](https://thehackernews.com/2026/03/cisa-flags-apple-craft-cms-laravel-bugs.html) *The Hacker News* - [Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages](https://thehackernews.com/2026/03/trivy-supply-chain-attack-triggers-self.html) *The Hacker News* - [USA: Autofahrer mit Alkohol-Testsystemen ausgesperrt](https://www.golem.de/news/usa-autofahrer-mit-alkohol-testsystemen-ausgesperrt-2603-206772.html) *Golem.de* - [heise-Angebot: Product Owner Days 2026: Drei Workshops und mehr als 20 Talks](https://www.heise.de/news/Product-Owner-Days-2026-Drei-Workshops-und-mehr-als-20-Talks-11214108.html?wt_mc=rss.red.ho.ho.rdf.beitrag.beitrag) *Heise Online Newsticker* ## 📊 Dein Tag in Zahlen - Neue Artikel: 266 | Security: 3 | AI: 0 - Heißester Tag: "ai" (181x)