Executive Summary On March 12, 2026, Intuitive Surgical , a leading provider of robotic surgery systems, publicly disclosed a cybersecurity incident involving unauthorized access to its internal administrative network. The breach was initiated through a phishing attack that resulted in the compromise of an employee’s credentials. As a result, an unauthorized third party accessed customer business and contact information, as well as employee and corporate records. There is no

Executive Summary Recent discoveries have revealed critical vulnerabilities in Amazon Bedrock , LangSmith , and SGLang - three prominent AI platforms - enabling data exfiltration and remote code execution (RCE). These flaws affect both cloud-based and self-hosted deployments, with some remaining unpatched as of this report. Attackers can exploit these weaknesses to bypass network isolation, hijack user accounts, and execute arbitrary code on backend servers. The vulnerabilit

Executive Summary A critical, unpatched vulnerability - CVE-2026-32746 - has been identified in the GNU InetUtils telnetd daemon, affecting all versions up to and including 2.7. This flaw enables unauthenticated remote attackers to achieve root-level remote code execution (RCE) by sending a specially crafted Telnet protocol message to port 23, before any authentication occurs. The vulnerability is trivial to exploit, requires no credentials or user interaction, and is curre

Executive Summary On March 16–17, 2026, the Council of the European Union imposed sanctions on three companies— Integrity Technology Group and Anxun Information Technology (both based in China), and Emennet Pasargad (based in Iran)—as well as two individuals, for their roles in cyberattacks targeting EU member states and critical infrastructure. The sanctioned entities are linked to large-scale device compromises, influence operations, and data breaches affecting sectors s

Executive Summary A highly sophisticated supply chain attack, attributed to the GlassWorm threat actor and tracked as the ForceMemo campaign, is actively targeting the Python open-source ecosystem by leveraging stolen GitHub tokens to force-push obfuscated malware into legitimate Python repositories. The attack chain begins with the compromise of developer workstations via malicious VS Code and Cursor extensions, which exfiltrate authentication tokens and credentials. Us

Executive Summary The Warlock ransomware group has emerged as a formidable threat actor, demonstrating a rapid evolution in its post-exploitation arsenal and operational sophistication. Leveraging advanced techniques such as Bring Your Own Vulnerable Driver (BYOVD), exploitation of unpatched Microsoft SharePoint and SmarterMail servers, and highly effective credential theft and lateral movement strategies, Warlock has successfully targeted organizations across government,

Executive Summary The emergence of the LeakNet ransomware campaign marks a significant escalation in the sophistication of ransomware operations targeting enterprise environments. This campaign leverages the ClickFix social engineering technique to gain initial access via compromised legitimate websites, coercing users into executing malicious scripts under the guise of security verifications. The attackers then deploy a custom in-memory loader built on the Deno JavaScript

Executive Summary A recent campaign orchestrated by the North Korean advanced persistent threat group Konni has demonstrated a significant escalation in the use of multi-stage malware delivery and lateral propagation techniques. The operation leverages highly targeted spear-phishing emails to deliver the EndRAT (EndClient Remote Access Trojan) payload, exploiting the KakaoTalk desktop application as a propagation vector. This campaign is notable for its abuse of trusted so

Executive Summary Apple has released urgent security updates to address a critical WebKit vulnerability, CVE-2025-14174 , which enables attackers to bypass the Same-Origin Policy (SOP) on iOS and macOS devices. This vulnerability affects all Apple devices capable of rendering web content, including Safari and all browsers on iOS/iPadOS , due to the mandatory use of WebKit as the rendering engine. The flaw is also present in Google Chrome and Microsoft Edge because of

Executive Summary Starbucks has disclosed a data breach impacting 889 employees after attackers gained unauthorized access to internal HR accounts through credential-harvesting phishing attacks. The breach, detected on February 6, 2026, involved threat actors impersonating the Starbucks Partner Central portal to obtain employee login credentials. The attackers maintained access to affected accounts between January 19 and February 11, 2026, exposing sensitive personal and fin

Executive Summary A critical authentication bypass vulnerability, identified as CVE-2026-23813 , has been discovered in HPE Aruba Networking AOS-CX , the network operating system that powers the Aruba CX-series campus and data center switches. This vulnerability allows unauthenticated remote attackers to reset administrator passwords through the web-based management interface, potentially granting full administrative control over affected devices. While there is currently no

Executive Summary On March 12-13, 2026, Poland’s National Centre for Nuclear Research ( NCBJ ) was the target of a cyberattack aimed at its IT infrastructure. The attack was detected and blocked by internal security systems before any operational impact or data compromise occurred. All safety and research systems, including the MARIA research reactor, continued to function normally throughout the incident. The event triggered a coordinated response involving national cyberse

Executive Summary The GlassWorm supply-chain attack represents a critical escalation in the threat landscape targeting developer ecosystems. Since late January 2026, threat actors have abused at least 72 Open VSX extensions, leveraging transitive dependencies and extension packs to propagate sophisticated malware. This campaign is characterized by its technical complexity, stealthy delivery mechanisms, and broad impact, with over 9 million installs of malicious extensions r

Executive Summary A newly identified banking malware, VENON , written in the Rust programming language, is actively targeting 33 Brazilian banks and digital asset platforms. This malware represents a significant technical leap from the traditional Delphi-based Latin American banking trojans, leveraging advanced evasion techniques, credential-stealing overlays, and shortcut hijacking to compromise victims and exfiltrate sensitive banking credentials. The campaign is notable fo

Executive Summary Iran-linked Advanced Persistent Threat (APT) groups, most notably those affiliated with the Islamic Revolutionary Guard Corps (IRGC) and operating under the CyberAv3ngers persona, have intensified cyber operations targeting the United States and allied nations amid ongoing geopolitical tensions and regional conflict. These campaigns have focused on critical infrastructure sectors, particularly water and wastewater systems, energy, transportation, and healt

Executive Summary Veeam has released critical security patches addressing seven severe vulnerabilities in its flagship Veeam Backup & Replication platform. These flaws, several rated at the highest criticality with CVSS scores of 9.9, enable remote code execution (RCE), privilege escalation, and credential theft by authenticated users. The vulnerabilities impact both Windows-based and Veeam Software Appliance deployments. Given the history of ransomware groups such as FIN7

Executive Summary A highly sophisticated cyber espionage campaign, attributed to a China-based threat cluster, has been actively targeting Southeast Asian military organizations since at least 2020. This campaign leverages two advanced custom malware families, AppleChris and MemFun , alongside a credential harvesting tool known as Getpass (a customized variant of Mimikatz ). The attackers exhibit advanced operational security, strategic patience, and a clear focus on exfilt

Executive Summary Between March 9 and March 11, 2026, the AppsFlyer Web SDK was compromised in a sophisticated supply-chain attack, resulting in the injection of crypto-stealing JavaScript code into thousands of websites and web applications globally. The malicious code, delivered via the trusted AppsFlyer content delivery network, was engineered to intercept and replace cryptocurrency wallet addresses entered by end users, redirecting funds to attacker-controlled wallets.

Executive Summary The University of Mississippi Medical Center ( UMMC ) experienced a significant ransomware attack in late February 2026, resulting in the closure of its clinics statewide for nine days. The attack forced the academic medical center to take its Epic electronic health record ( EHR ) system offline and restricted access to phone and email communications. While hospitals and emergency departments remained operational using manual downtime procedures, outpatient

Executive Summary On March 4, 2026, a Europol-led coalition of law enforcement and private sector partners dismantled the Tycoon 2FA phishing-as-a-service ( PhaaS ) platform, which had enabled over 64,000 large-scale phishing attacks globally since its emergence in 2023. Tycoon 2FA specialized in adversary-in-the-middle ( AiTM ) phishing, allowing threat actors to bypass multifactor authentication ( MFA ) and compromise accounts across sectors including education, healthcar