13 Mar Security Report – 13 Mar 2026
In the past, IT leaders and their teams focused on protecting their organisations through prevention — building stronger perimeters, deploying more tools and blocking more threats. However, this traditional approach is no longer sufficient for today’s challenges. Modern threats, digital advances, hybrid IT infrastructure, stricter regulations and rising customer expectations are forcing IT leaders to rethink their cyber resilience strategies and solutions, marking a new era for backup and business continuity. Data now lives everywhere — across on-prem infrastructure, multiple cloud environments, SaaS platforms, endpoints and edge devices. Meanwhile, threat actors are more dangerous than ever before, leveraging automation, AI and “as-a-service” cybercrime models.
Recent Breaches
United States – Wikimedia Foundation – Nonprofit & Social Impact
Exploit: Ransomware & Malware
Risk to Business: Moderate: The Wikimedia Foundation, the non-profit organisation that hosts Wikipedia, experienced a significant security incident on March 5 involving a self-propagating JavaScript worm. The issue came to light after users noticed a surge of automated edits that inserted hidden scripts and vandalised random pages. The worm modified user scripts and defaced Meta-Wiki pages. According to Wikimedia’s Phabricator issue tracker, the attack appears to have begun when a malicious script hosted on Russian Wikipedia was executed, altering a global JavaScript script on Wikipedia with malicious code. The malicious script, first uploaded in March 2024, is reportedly linked to scripts used in previous attacks targeting wiki projects.
United States – Cisco – Technology
Exploit: Zero-day vulnerability
Risk to Business: Moderate: Cisco has warned users about two vulnerabilities in Catalyst SD-WAN Manager (formerly known as SD-WAN vManage) that are currently under active exploitation in the wild. The vulnerabilities disclosed are: CVE-2026-20122 (CVSS score: 7.1) – An arbitrary file overwrite vulnerability that could allow an authenticated remote attacker to overwrite arbitrary files on the local file system. Successful exploitation requires valid read-only credentials with API access on the affected system. CVE-2026-20128 (CVSS score: 5.5) – An information disclosure vulnerability that could allow an authenticated local attacker to gain Data Collection Agent (DCA) user privileges on the affected system. Successful exploitation requires valid vManage credentials. The company did not provide details about the scale of the attacks or the threat actors involved. The disclosure comes a week after Cisco reported that a critical vulnerability in Cisco Catalyst SD-WAN Controller and Catalyst SD-WAN Manager, tracked as CVE-2026-20127 with a CVSS score of 10.0, was exploited by a sophisticated threat actor known as UAT-8616 to establish persistent access to high-value organisations.
Talk to a TCT team member today about implementing IT strategy plan for your business.
Robert Brown
13/3/2026
Related Articles:
How AI Is Changing Cybercrime
Stable Connection Is Essential for Your Business