Cybersecurity With Sandra
Posts
Cyber News Bytes: The Most In-Demand Cyber Jobs, Microsoft Patches, & Apple iOS Exploits

Cyber News Bytes: The Most In-Demand Cyber Jobs, Microsoft Patches, & Apple iOS Exploits

This week's latest cybersecurity news and industry updates

Sandra L
March 17, 2026

This week, the cybersecurity world reminds us that staying ahead isn’t optional; it’s survival. From exploits that reach back into older devices to hackers stretching across borders, the threats are growing more complex and, frankly, more personal.

We’re seeing patterns emerge: nation-state activity, aggressive exploit kits, and the ongoing need to patch, monitor, and think like an attacker. Understanding these stories together isn’t just about curiosity; it’s about strategy.

If you’re a professional in this space, these developments matter because they tell us where attackers are focusing, what weaknesses are still in play, and how the stakes keep climbing.

Let’s dive into the top stories this week.

1. Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

What happened:
Apple rolled out fixes for older iPhones and iPads after a WebKit vulnerability was exploited via the Coruna exploit kit. These updates patch serious flaws that could let attackers run malicious code just by having a user visit a crafted website.

Why it matters:
The Coruna exploit kit highlights how attackers don’t just target the latest devices; they go after anything still in use. Older versions of iOS and iPadOS remain in circulation, and gaps here can put users and organizations at risk.

How to use it:
Make sure your devices, even legacy ones, are updated. If you manage endpoints, consider prioritizing older device updates and tracking exploit kits like Coruna to anticipate where attackers might strike next.

2. Iran-Linked Hackers Expand Cyberattacks Toward US Targets

What happened:
Pro-Iranian hacking groups are targeting U.S. and Middle Eastern organizations, including defense contractors, industrial systems, and medical device companies. Their goal is disruption, espionage, and increasing the cost and complexity of American cyber operations.

Why it matters:
This isn’t theoretical cyberwar is already here. It shows the rising risk of international conflicts spilling into the digital realm and how geopolitical tensions translate directly into real-world cybersecurity threats.

How to use it:
Keep an eye on threat intelligence reports from state-affiliated actors, review access controls, and strengthen monitoring for unusual activity across critical infrastructure and partner networks. Understanding the geopolitical context helps you anticipate where attacks might hit next.

Read more on Security Week

3. Microsoft Just Patched 78 Vulnerabilities This Month, Including One Actively Exploited Zero-Day

What Happened: Microsoft released its March 2026 Patch Tuesday update on March 10, fixing 78 vulnerabilities across Windows, Office, Azure, SQL Server, and .NET. The most urgent fix is an actively exploited zero-day, and on top of that, there are critical remote code execution flaws in SharePoint and Office, meaning attackers could run malicious code just by getting someone to open a document.

Why It Matters: Patch Tuesday happens every month, and every month organizations scramble to figure out which patches to deploy first. When a zero-day is in the mix, the answer is pretty straightforward. But in large enterprise environments, patching 78 vulnerabilities quickly is easier said than done, and attackers know it. The window between "patch released" and "patch applied everywhere" is exactly when exploitation spikes.

How to Use It: Understanding Patch Tuesday is a core skill for anyone going into a SOC, IT, or vulnerability management role. Being able to explain what a zero-day is, why patch prioritization matters, and how CVSS scores help teams triage is the kind of practical knowledge that lands jobs. Bookmark this one and use it as a real-world example the next time patch management comes up in an interview or certification exam.

4. A Critical Cisco Flaw Scored a Perfect 10 and Has Been Actively Exploited for Years

What Happened: A newly disclosed maximum-severity flaw in Cisco Catalyst SD-WAN Controller and SD-WAN Manager (CVE-2026-20127, CVSS 10.0) allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges by sending a crafted request. The exploitation has been ongoing since at least 2023, carried out by a sophisticated threat actor tracked as UAT-8616. CISA added it to its Known Exploited Vulnerabilities catalog and issued an Emergency Directive requiring federal agencies to patch within 24 hours.

Why It Matters: SD-WAN is the technology that connects branch offices, remote workers, and cloud services for large organizations. A CVSS score of 10.0 is the highest possible, meaning an attacker can get in without a username or password and do serious damage. The fact that this was exploited for years before being widely flagged is a reminder that threats don't always announce themselves, and that visibility into your network is just as important as locking the front door.

How to Use It: This story is perfect for understanding why network security and vulnerability management roles exist. When you see a CVSS score of 10.0 paired with a CISA Emergency Directive, that's about as serious as it gets. If you're studying for your CompTIA Security+ or CySA+, bookmark this as a real-world example of what it looks like when a critical vulnerability meets active exploitation. It checks every box.