**Cybersecurity Roundup: Week of March 24, 2026**
A comprehensive review of the latest developments in the world of cybersecurity.
**Top Stories**
* **GitHub Introduces AI-Powered Security Detections**: GitHub has expanded its application security capabilities with AI-powered security detections designed to identify risks earlier in the development process. * **32% of Top-Exploited Vulnerabilities are Over a Decade Old**: Findings from Cisco Talos' 2025 Year in Review show how attackers combined rapid weaponization with long-term exposure, highlighting the need for more effective vulnerability management. * **Russian Initial Access Broker Helped Ransomware Gangs Extort Millions**: Aleksei Volkov was sentenced to 81 months in prison for helping ransomware groups carry out attacks causing over $9 million in actual losses and over $24 million in intended losses.
**Security Tools and Updates**
* **Kali Linux 2026.1 Ships with BackTrack Mode and Kernel Upgrade**: Penetration testers running Kali Linux have a new release to work with, featuring the annual theme refresh, a new BackTrack-inspired mode, eight new tools, and a kernel bump to 6.18. * **Google's TurboQuant Cuts AI Memory Use without Losing Accuracy**: A team at Google Research has developed three compression algorithms designed to compress key-value (KV) caches aggressively without degrading model output quality.
**AI and Machine Learning**
* **Microsoft Hands Entra ID Users New Option for MFA**: External MFA is now generally available in Microsoft Entra ID, expanding support for third-party identity providers. * **Uncle Sam Closes the Door on All New Foreign-Made Routers**: The US Federal Communications Commission (FCC) has imposed a ban on all new routers manufactured overseas being imported into and sold within the United States.
**Industry News**
* **Reddit Declares War on Bad Bot Activity**: Reddit is introducing changes to support interactions between people, including verifying that users are human without requiring disclosure of real-world identity. * **GitHub Jumps on the Bandwagon and Will Use Your Data to Train AI**: GitHub updated how it uses data to improve AI-powered coding assistance, starting April 24.
**Research and Reports**
* **Attackers Are Handing Off Access in 22 Seconds, Mandiant Finds**: Exploits remain the leading entry point for attackers, with attackers speeding up their internal hand-offs, shifting away from email phishing, and targeting backup and virtualization infrastructure with greater precision. * **Your Security Stack Looks Fine from the Dashboard, but That's the Problem**: One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs.
**Other News**
* **Botnet Operator Behind $14 Million in Ransomware Extortion Payments Gets 24 Months Behind Bars**: A Russian national was sentenced to 24 months in prison after admitting he managed a botnet used to launch ransomware attacks against dozens of U.S. companies. * **Google Races to Secure Encryption Before Quantum Threats Arrive**: Google is preparing for the quantum era, with a 2029 timeline for post-quantum cryptography (PQC) migration.
Stay up-to-date with the latest cybersecurity news and trends by following us on social media or signing up for our newsletter.