Executive Summary Between February 4 and February 7, 2026, Hims & Hers experienced a data breach that exposed sensitive customer support data, including full names, email addresses, phone numbers, physical mailing addresses, order-related information, and general correspondence contained within support tickets. The breach was discovered on February 5, 2026, and was executed via a social engineering attack that compromised an employee’s Okta Single Sign-On (SSO) credentials,

Executive Summary Nearly 4,000 industrial control devices in the United States, primarily Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) , have been exposed to and targeted by Iranian state-backed cyberattacks since March 2026. These attacks have resulted in operational disruptions, forced manual operation at affected sites, and financial losses. The threat actors, attributed to Iranian advanced persistent threat (APT) groups affiliated with the Islam

Executive Summary Critical vulnerabilities have been identified in Orthanc , the widely adopted open-source DICOM server used for medical imaging workflows across healthcare and research environments. These vulnerabilities, present in all versions up to and including 1.12.10 , enable attackers to crash servers, exhaust system memory, leak sensitive information, and in certain scenarios, achieve remote code execution (RCE). The root causes include unsafe arithmetic operations,

Executive Summary Between April 9 and April 10, 2026, the official website of CPUID , the vendor behind the widely used CPU-Z and HWMonitor utilities, was compromised for approximately six hours. Attackers gained access to a secondary backend API, altering download links on the site to serve a trojanized installer instead of legitimate binaries. The malicious file, masquerading as a legitimate hardware monitoring tool, was designed to steal browser credentials and potential

Executive Summary A critical remote code execution (RCE) vulnerability, CVE-2026-39987 , has been identified in Marimo , an open-source reactive Python notebook platform. This flaw, which carries a CVSS score of 9.3, enables unauthenticated attackers to gain full shell access to affected systems via a misconfigured WebSocket endpoint. Notably, exploitation in the wild was observed less than 10 hours after public disclosure, underscoring the urgency and severity of the threat.

Executive Summary Google Chrome version 147.0.7727.55/56 for Windows and macOS, and 147.0.7727.55 for Linux, was released in April 2026, addressing a total of 60 security vulnerabilities. Among these, two critical flaws in the WebML (Web Machine Learning) component were identified and patched, with a combined bug bounty payout of $86,000. These vulnerabilities, CVE-2026-5858 and CVE-2026-5859 , could allow remote code execution if exploited. As of this report, there is no

Retail is based on three core systems: In physical sites the Point of Sale (POS) systems, in online sites the Order Management Systems (OMS) and in the business back office the Customer Relationship Management (CRM) systems. This is the IT and Operational beating heart of a retail business. Any disruption in these three can make the business stand still, and for big retailers this means a lot of money lost. The problem in terms of security is that all three systems have natur

Executive Summary On March 12, 2026, Intuitive Surgical , a leading provider of robotic surgery systems, publicly disclosed a cybersecurity incident involving unauthorized access to its internal administrative network. The breach was initiated through a phishing attack that resulted in the compromise of an employee’s credentials. As a result, an unauthorized third party accessed customer business and contact information, as well as employee and corporate records. There is no

Executive Summary Recent discoveries have revealed critical vulnerabilities in Amazon Bedrock , LangSmith , and SGLang - three prominent AI platforms - enabling data exfiltration and remote code execution (RCE). These flaws affect both cloud-based and self-hosted deployments, with some remaining unpatched as of this report. Attackers can exploit these weaknesses to bypass network isolation, hijack user accounts, and execute arbitrary code on backend servers. The vulnerabilit

Executive Summary A critical, unpatched vulnerability - CVE-2026-32746 - has been identified in the GNU InetUtils telnetd daemon, affecting all versions up to and including 2.7. This flaw enables unauthenticated remote attackers to achieve root-level remote code execution (RCE) by sending a specially crafted Telnet protocol message to port 23, before any authentication occurs. The vulnerability is trivial to exploit, requires no credentials or user interaction, and is curre

Executive Summary On March 16–17, 2026, the Council of the European Union imposed sanctions on three companies— Integrity Technology Group and Anxun Information Technology (both based in China), and Emennet Pasargad (based in Iran)—as well as two individuals, for their roles in cyberattacks targeting EU member states and critical infrastructure. The sanctioned entities are linked to large-scale device compromises, influence operations, and data breaches affecting sectors s

Executive Summary A highly sophisticated supply chain attack, attributed to the GlassWorm threat actor and tracked as the ForceMemo campaign, is actively targeting the Python open-source ecosystem by leveraging stolen GitHub tokens to force-push obfuscated malware into legitimate Python repositories. The attack chain begins with the compromise of developer workstations via malicious VS Code and Cursor extensions, which exfiltrate authentication tokens and credentials. Us

Executive Summary The Warlock ransomware group has emerged as a formidable threat actor, demonstrating a rapid evolution in its post-exploitation arsenal and operational sophistication. Leveraging advanced techniques such as Bring Your Own Vulnerable Driver (BYOVD), exploitation of unpatched Microsoft SharePoint and SmarterMail servers, and highly effective credential theft and lateral movement strategies, Warlock has successfully targeted organizations across government,

Executive Summary The emergence of the LeakNet ransomware campaign marks a significant escalation in the sophistication of ransomware operations targeting enterprise environments. This campaign leverages the ClickFix social engineering technique to gain initial access via compromised legitimate websites, coercing users into executing malicious scripts under the guise of security verifications. The attackers then deploy a custom in-memory loader built on the Deno JavaScript

Executive Summary A recent campaign orchestrated by the North Korean advanced persistent threat group Konni has demonstrated a significant escalation in the use of multi-stage malware delivery and lateral propagation techniques. The operation leverages highly targeted spear-phishing emails to deliver the EndRAT (EndClient Remote Access Trojan) payload, exploiting the KakaoTalk desktop application as a propagation vector. This campaign is notable for its abuse of trusted so

Executive Summary Apple has released urgent security updates to address a critical WebKit vulnerability, CVE-2025-14174 , which enables attackers to bypass the Same-Origin Policy (SOP) on iOS and macOS devices. This vulnerability affects all Apple devices capable of rendering web content, including Safari and all browsers on iOS/iPadOS , due to the mandatory use of WebKit as the rendering engine. The flaw is also present in Google Chrome and Microsoft Edge because of

Executive Summary On March 17, 2026, multiple reputable cybersecurity news sources reported that Outpost24 , a cybersecurity firm, was targeted in a sophisticated phishing campaign. The attack was directed at a C-suite executive and utilized a multi-stage approach, leveraging trusted brands and domains to increase the credibility of the phishing attempt. The primary objective was to obtain credentials through social engineering. There is no evidence from any primary source th

Executive Summary On March 10, 2026, Loblaw Companies Limited , Canada’s largest food and pharmacy retailer, publicly disclosed a data breach involving unauthorized access to customer information. The breach, confirmed by multiple independent sources, resulted in the exposure of basic personally identifiable information (PII) including names, phone numbers, and email addresses. No sensitive data such as passwords, health records, or financial information was compromised. The

Executive Summary Starbucks has disclosed a data breach impacting 889 employees after attackers gained unauthorized access to internal HR accounts through credential-harvesting phishing attacks. The breach, detected on February 6, 2026, involved threat actors impersonating the Starbucks Partner Central portal to obtain employee login credentials. The attackers maintained access to affected accounts between January 19 and February 11, 2026, exposing sensitive personal and fin

Executive Summary A critical authentication bypass vulnerability, identified as CVE-2026-23813 , has been discovered in HPE Aruba Networking AOS-CX , the network operating system that powers the Aruba CX-series campus and data center switches. This vulnerability allows unauthenticated remote attackers to reset administrator passwords through the web-based management interface, potentially granting full administrative control over affected devices. While there is currently no