Weekly security intelligence digest covering the most critical vulnerabilities, threats, and breach news from the past week.
🚨 Critical: CISA Known Exploited Vulnerabilities
These vulnerabilities are being actively exploited in the wild. Immediate action required.
CVE-2017-7921: Hikvision Multiple Products Improper Authentication Vulnerability
Vendor/Product: Hikvision Multiple Products
Description: Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Due Date: 2026-03-26
Reference: CVE-2017-7921 - NVD
CVE-2021-22681: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Vendor/Product: Rockwell Multiple Products
Description: Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Due Date: 2026-03-26
Reference: CVE-2021-22681 - NVD
CVE-2023-43000: Apple Multiple products Use-After-Free Vulnerability
Vendor/Product: Apple Multiple Products
Description: Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Due Date: 2026-03-26
Reference: CVE-2023-43000 - NVD
CVE-2021-30952: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Vendor/Product: Apple Multiple Products
Description: Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Due Date: 2026-03-26
Reference: CVE-2021-30952 - NVD
CVE-2023-41974: Apple iOS and iPadOS Use-After-Free Vulnerability
Vendor/Product: Apple iOS and iPadOS
Description: Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Due Date: 2026-03-26
Reference: CVE-2023-41974 - NVD
đź“° This Week’s Security News
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. […]…
Read more: Termite ransomware breaches linked to ClickFix CastleRAT attacks
Microsoft: Hackers abusing AI at every stage of cyberattacks
Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cy…
Read more: Microsoft: Hackers abusing AI at every stage of cyberattacks
Cognizant TriZetto breach exposes health data of 3.4 million patients
TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive informa…
Read more: Cognizant TriZetto breach exposes health data of 3.4 million patients
âś… What You Should Do This Week
- Immediate: Patch CVE-2017-7921, CVE-2021-22681 (actively exploited)
- Verify: Check your systems against CISA KEV catalog
- Monitor: Review Azure AD sign-in logs for suspicious activity
- Audit: Verify MFA is enforced for all privileged accounts
- Backup: Test your disaster recovery procedures
đź’ˇ Expert Analysis
Let’s cut through the noise and talk about what matters this week.
Old Vulnerabilities, New Problems
Here’s something that should make you uncomfortable: CISA just added vulnerabilities from 2017, 2021, and 2023 to their Known Exploited Vulnerabilities catalog. Not because they’re newly discovered, but because attackers are actively exploiting them right now.
Think about that for a second. CVE-2017-7921 in Hikvision cameras is seven years old. Seven years. And it’s still being exploited in the wild.
What does this tell us?
Organizations aren’t patching. Or they don’t know they have vulnerable devices. Or worse - they know, but they’re waiting for “the right time” to fix it.
There is no right time when attackers are already using these vulnerabilities.
The IoT Camera Problem Nobody Wants to Deal With
The Hikvision vulnerability is particularly frustrating because I keep seeing the same pattern at financial institutions: someone installed security cameras years ago, nobody documented what they installed, and now those cameras are sitting on the network with default credentials and unpatched firmware.
Here’s the uncomfortable truth:
Those cameras aren’t just cameras. They’re networked devices. With access to your internal network. Running outdated software. With known vulnerabilities that attackers can exploit to get a foothold in your environment.
And because they’re “just cameras,” nobody thinks about them during security reviews. Nobody’s checking if they’re patched. Nobody even remembers they exist until someone finds them during a penetration test.
If you have Hikvision cameras (or any IoT devices), ask yourself:
- Do you know where they all are?
- Are they segmented from your main network?
- When was the last time you updated their firmware?
If you can’t answer those questions confidently, you’ve got work to do.
Industrial Control Systems: The Forgotten Attack Vector
The Rockwell vulnerability (CVE-2021-22681) affects industrial control systems - PLCs, HMIs, that sort of thing. Most financial services folks might think “this doesn’t apply to us.”
Wrong.
If you have a data center, you probably have building management systems. HVAC controls. Physical security systems. Power management. All running on industrial control protocols. All potentially vulnerable.
And here’s what makes this scary: these systems were designed assuming they’d never touch the internet. They were designed for reliability, not security. Default credentials everywhere. No authentication. No encryption. The whole “security through obscurity” approach.
Then someone connected them to the network for “remote monitoring.” And now they’re exposed.
The real risk:
An attacker gets into your network through a phishing email. They pivot to your building management system. They can’t steal data directly from an HVAC controller, but they can:
- Shut down cooling in your data center
- Trigger fire suppression systems
- Unlock doors
- Create chaos while they exfiltrate data from your actual systems
It’s not theoretical. I’ve seen it happen.
Apple Vulnerabilities: Update Your Devices
The three Apple CVEs are use-after-free and integer overflow bugs - classic memory corruption issues that can lead to arbitrary code execution.
Translation: someone visits a malicious website on their iPhone, and boom - attackers can run code on their device.
Here’s what frustrates me:
Apple releases patches. Users ignore them. Months later, CISA adds the vulnerabilities to the KEV catalog because they’re being actively exploited. And people act surprised.
If you’re managing corporate iOS/macOS devices and you’re not enforcing automatic updates, you’re making a choice. You’re choosing to leave your users vulnerable because you don’t want to deal with the occasional broken workflow after an update.
I get it. Updates can break things. But you know what breaks things worse? A compromised device exfiltrating your entire email archive.
Simple advice: Enable automatic updates for Apple devices. Yes, even on corporate-managed devices. The risk of a broken app is way lower than the risk of exploitation.
The Healthcare Breach: TriZetto and the Supply Chain
3.4 million patients affected in the TriZetto breach. That’s massive. But here’s what should really concern you:
TriZetto doesn’t treat patients. They provide software to healthcare providers and insurers. This is a supply chain attack - get into one vendor, affect millions of downstream users.
Financial services parallel:
How many third-party vendors do you use? How many of them have access to your customer data? When was the last time you actually audited their security controls, not just read their SOC 2 report?
Because reading a SOC 2 report isn’t an audit. It’s checking a box. And checking boxes doesn’t stop breaches.
What I’d be doing if I were still managing vendor risk:
- Quarterly security questionnaires (minimum)
- Annual penetration test reports (required)
- Incident notification within 24 hours (contractual requirement)
- Data minimization - vendors only get the minimum data they actually need
Don’t just trust that your vendors are secure. Verify it. Regularly.
AI in Cyberattacks: Not Hype, Reality
Microsoft’s report on attackers using AI is worth paying attention to. Not because AI makes attacks magically unstoppable, but because it lowers the skill floor.
Here’s what that means:
Tasks that used to require skilled attackers - writing convincing phishing emails, analyzing network traffic, finding vulnerabilities - can now be accelerated with AI. A mediocre attacker can be more productive. A skilled attacker can move faster.
The defense side gets AI too, but here’s the problem:
Your security tools might use AI. But your users don’t. And when AI helps attackers craft perfect phishing emails in perfect English with perfect context, your users are going to click.
My take on this:
Stop relying on user awareness training as your primary defense. Users will always click sometimes. Instead:
- Implement strong email filtering with AI-powered detection
- Use browser isolation for links from external sources
- Enforce MFA everywhere (not just for VPN)
- Assume phishing will succeed and build defense in depth
The Bottom Line
This week’s vulnerabilities aren’t sexy. No zero-days. No nation-state attacks. Just old bugs that organizations haven’t bothered to patch, and predictable supply chain risks.
But that’s exactly the point.
Most breaches don’t happen because of sophisticated attacks. They happen because organizations don’t do the basics:
- Patch known vulnerabilities
- Inventory their assets
- Segment their networks
- Audit their vendors
- Update their devices
The attackers are using seven-year-old exploits and they’re still succeeding. That should tell you everything you need to know about the state of security in most organizations.
Do the basics. Patch your stuff. Know what’s on your network. Don’t trust your vendors blindly.
It’s not exciting. But it works.
Want to talk about your security challenges? I do free 30-minute calls with financial services organizations. Let’s chat.
📬 Stay Updated
Subscribe to receive weekly security digests directly in your inbox.
Questions or feedback? Contact us
GRC Vitrix provides cloud security and compliance intelligence for financial services professionals. This digest is curated from publicly available sources including CISA, Microsoft MSRC, and industry news.