Security Report – 27 Mar 2026

Exploit: Phishing

Risk to Business: Moderate: Microsoft’s Detection and Response Team revealed a Microsoft Teams voice phishing (vishing) campaign that targets Microsoft users. In this campaign, threat actors impersonate IT support and trick users into granting remote access via Microsoft’s Quick Assist, enabling initial device compromise. Once access is established, attackers shift from social engineering to hands-on keyboard compromise. They then direct users to malicious websites that prompt them to enter corporate credentials into spoofed forms, triggering the download of multiple malicious payloads. This incident highlights a growing class of attacks that exploit user trust, collaboration platforms and legitimate built-in tools to gain access and move laterally within environments.

United States – Cisco – Technology

Exploit: Zero-day vulnerability

Risk to Business: Moderate: A vulnerability patched earlier this month by Cisco in its firewalls has been exploited as a zero-day since at least late January, according to Amazon’s threat intelligence team. The flaw, tracked as CVE-2026-20131, is a remotely exploitable deserialization vulnerability in Cisco Secure Firewall Management Center (FMC) software and carries a maximum CVSS score of 10. While Cisco released a patch on March 4, a report indicates that the Interlock cybercrime group had been exploiting it as a zero-day since at least January 26, pointing to a critical patching gap. Cisco updated its advisory on March 18 to inform customers about this in-the-wild exploitation.

Talk to a TCT team member today about implementing IT strategy plan for your business.