Critical Microsoft Patches, Apple iOS Exploits, Aruba and Ubiquiti Vulnerabilities, Trivy Supply Chain Compromise and Iran’s hand in the Striker Compromise

by Garrett Brown | Mar 24, 2026 | Security Alerts | 0 comments

Data Analysis for Business and Finance Concept

March has been an active cybersecurity month, highlighting the risks from zero-day vulnerabilities, network weaknesses, and supply chain compromises. Iranian attacks on the medical device maker Stryker have exposed gaps in administrative controls. Critical patches from Microsoft and Apple, along with vulnerabilities in HP Aruba, UniFi, and the Trivy security tool underscores the importance of proactive monitoring and mitigating supply chain risks.

As always, prompt action and user education remain essential to safeguarding your organization.

Apple iPhone (IOS):

Critical iOS vulnerabilities are being actively exploited, prompting CISA to issue guidance requiring rapid patching. These flaws may allow attackers to execute code, access sensitive data, or compromise devices without user interaction. Additionally, certain security fixes may not be obvious to users, requiring attention to ensure devices are fully updated and protected.

Microsoft Windows:

Microsoft released its March Patch Tuesday updates addressing 79 vulnerabilities, including two zero-day flaws that are actively being exploited. These vulnerabilities include remote code execution and privilege escalation risks that could allow attackers to gain control of affected systems. Failure to apply these updates in a timely manner represents a significant risk to your organization, especially for internet-facing or user-accessible systems.

HP Aruba Switches:

Multiple critical vulnerabilities have been identified in HP Aruba networking equipment. These flaws could allow attackers to bypass authentication, execute arbitrary commands, or gain elevated privileges on affected switches. As network infrastructure devices often operate with high levels of trust and limited monitoring, successful exploitation could provide attackers with persistent access to internal networks.

Ubiquiti UniFi Network Controller:

A vulnerability in the UniFi Network Controller may allow attackers to take over administrative accounts. This could result in unauthorized access to network configurations, user data, and connected systems. Organizations using UniFi systems should treat this as a high-priority issue due to the centralized control these platforms provide over network environments.

Trivy Vulnerability Scanner – Supply Chain Compromise:

Trivy is a popular open-source security scanner designed to find vulnerabilities and security issues in software and used as part of software development. A supply chain attack targeting the Trivy vulnerability scanner resulted in malicious code being distributed via GitHub allowing attackers to deploy info stealing malware. Users of Trivy should assume any private keys and credentials used within the tool are exposed and are encouraging users to rotate those credentials as soon as possible.

Stryker Compromise:

The recent compromise of medical device maker Stryker demonstrates the importance of properly securing mobile device management (MDM) systems and administrative tools. Attackers leveraged poor administrative account segregation and weak proactive monitoring to steal 50 terabytes of data and wipe 80,000 devices, including the personal devices of staff. Due to Striker’s use of personal devices and a BYOD policy, employees and contractors were surprised to lose their personal data including photos and documents because of the attack.

What do I need to do?

Apple: Staff should be advised to look for and update their Apple IOS devices as soon as reasonable. Updates can be manually installed following the directions below:
- Apple IOS: https://support.apple.com/guide/iphone/update-ios-iph3e504502/ios
- Apply additional security patches: https://www.forbes.com/sites/davidphelan/2026/03/21/iphone-alert-why-you-must-check-this-hidden-setting-for-urgent-ios-2631-a-fix/
Microsoft Windows: For our clients who subscribe to our security and management tools, your Windows computers should start receiving updates starting this week. Users should complete the installation of patches when prompted and not delay or defer them. Updates can be manually installed following the directions below:
- Microsoft Windows: https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a
HP Aruba and Unifi Switches: Apply available patches to all impacted switches and controllers as soon as reasonable.
Trivy: Determine if Tivy is in use within your organization by any developers, technical staff or technology partners and ensure that any compromised code is removed and any potentially exposed secrets or passwords are rotated as soon as possible.
Stryker: For our clients subscribing to our security management tools, we apply these controls to your Microsoft 365 and Google Tenants. Organizations should review management tools including Google Workspaces, Microsoft 365, Intune and other device and identity management systems to ensure:
- Regularly review administrative accounts and ensure strong phishing resistant MFA is enforced
- There is a separation of administrative and standard operating accounts using least privilege
- Continuous monitoring is in place looking for suspicious activity and automatic lockouts when certain thresholds are met

QuickTips:

This is the best discussion of internet security and scammers that I’ve ever heard. Share with friends and family. It dispels a lot of myths and makes the subject very easy to understand. https://freakonomics.com/podcast/heres-why-you-are-constantly-fighting-off-scammers/
This is a great writeup on removing images of your home and personal residences from online resources like Google Maps, Zillow, etc. https://ktla.com/morning-news/rich-on-tech/how-to-erase-photos-of-your-home-from-google-maps-zillow-and-more/amp/

Additional Resource and Details: