bleepingcomputer.com
By Sergiu Gatlan
March 12, 2026
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.
VBR is enterprise data backup and recovery software that helps IT administrators to create copies of critical data for quick restoration following cyberattacks and hardware failures.
Three RCE security flaws patched today (tracked as CVE-2026-21666, CVE-2026-21667, and CVE-2026-21669) allow low-privileged domain users to execute remote code on vulnerable backup servers in low-complexity attacks.
The fourth one (tracked as CVE-2026-21708) allows a Backup Viewer to gain remote code execution as the postgres user.
Veeam also addressed several high-severity security bugs that can be exploited to escalate privileges on Windows-based Veeam Backup & Replication servers, extract saved SSH credentials, and bypass restrictions to manipulate arbitrary files on a Backup Repository.
These vulnerabilities were discovered during internal testing or reported through HackerOne and are resolved in Veeam Backup & Replication versions 12.3.2.4465 and 13.0.1.2067.
Veeam also warned admins to upgrade the software to the latest release as soon as possible, since threat actors often begin developing exploits shortly after patches are released.
"It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software," the company warned. "This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay."
VBR servers targeted in ransomware attacks
VBR is popular among managed service providers and mid-sized to large enterprises, even though ransomware gangs commonly target VBR servers because they can serve as a quick jumping-off point for lateral movement within breached networks, simplify data theft, and make it easy to block restoration efforts by deleting victims' backups.
The financially motivated FIN7 threat group (which previously collaborated with the Conti, REvil, Maze, Egregor, and BlackBasta ransomware groups) and the Cuba ransomware gang have both been linked to past attacks targeting VBR vulnerabilities.
Sophos X-Ops incident responders also revealed in November 2024 that Frag ransomware exploited another VBR RCE bug disclosed two months earlier and also used in Akira and Fog ransomware attacks starting in October 2024.
Veeam says its products are used by more than 550,000 customers worldwide, including 74% of Global 2,000 firms and 82% of Fortune 500 companies.
Gizmodo
By Ece Yildirim
Published March 11, 2026
State-aligned media released a list naming the offices of Microsoft, Palantir, and more as potential targets of military action.
A news agency affiliated with the Iranian regime released a list of American tech companies with links to American and Israeli military operations as new targets for Iran on Wednesday.
According to Al Jazeera, the Tasnim News Agency’s report lists Microsoft, Google, Palantir, IBM, Nvidia, and Oracle’s offices and cloud infrastructure in Israel and some Gulf countries as the new targets.
On top of targeting the tech giants, a spokesperson for a group owned by Iran’s Islamic Revolutionary Guard Corps told Al Jazeera that American and Israeli economic centers and banks in the region are also legitimate targets now, and warned people to “not be within a one-kilometre radius of banks.”
The list comes on the heels of an Israeli attack on a bank in Iran’s capital city of Tehran, according to Tasnim News Agency, which expanded “the scope of the regional war” to an “infrastructure war.”
The United States and Israel began their military campaign against Iran at the end of last month, with Iran responding with retaliatory strikes on Israeli soil and on American military bases in the region from Cyprus and Turkey to the Gulf countries.
As the war entered its 12th day, more than 1,300 civilians in Iran have been killed, including 175 people (most of them children) at an elementary school in southern Iran, reportedly struck by American missiles.
All six of the tech giants named by Iranian media have lucrative partnerships with the Pentagon and/or Israel. Nvidia is building data centers and a research and development campus in Israel, a country that CEO Jensen Huang has recently called “Nvidia’s second home.” Microsoft, Google, Palantir, IBM, and Oracle all have a close history with the Israeli government and military, with some reports claiming that the AI technology provided by these American tech giants is aiding the army in the mass surveillance of Palestinians. Meanwhile, Google, Oracle, IBM, Microsoft, and Palantir also have military AI agreements with the Pentagon.
Though not named by Tasnim, another American tech giant with ties to both American and Israeli military operations is Amazon. One of the company’s operating facilities in Bahrain and two of its data centers in the United Arab Emirates were heavily damaged earlier this month following Iranian drone strikes. The strikes, which Iranian state media later described as targeted, led to power disruptions and degraded AWS applications in the region.
So far, Iran’s military actions have been limited to the region. That could change, according to an ABC News report also from Wednesday, as the FBI has claimed Iran could launch drone strikes on the West Coast of the United States, where the headquarters of tech giants like Google, Nvidia, and Microsoft are located. But the chances of that happening are very slim, as even President Trump himself has said he is not worried, and the Iranian report explicitly threatens damage to the offices and infrastructure that these tech companies have in the Middle East.
