Executive Summary On March 17, 2026, multiple reputable cybersecurity news sources reported that Outpost24 , a cybersecurity firm, was targeted in a sophisticated phishing campaign. The attack was directed at a C-suite executive and utilized a multi-stage approach, leveraging trusted brands and domains to increase the credibility of the phishing attempt. The primary objective was to obtain credentials through social engineering. There is no evidence from any primary source th

Executive Summary On March 10, 2026, Loblaw Companies Limited , Canada’s largest food and pharmacy retailer, publicly disclosed a data breach involving unauthorized access to customer information. The breach, confirmed by multiple independent sources, resulted in the exposure of basic personally identifiable information (PII) including names, phone numbers, and email addresses. No sensitive data such as passwords, health records, or financial information was compromised. The

Executive Summary Recent intelligence has revealed that sophisticated threat actors are actively exploiting authentication bypass vulnerabilities in FortiGate Next-Generation Firewall appliances to gain unauthorized access to enterprise networks and exfiltrate sensitive service account credentials. These attacks leverage flaws in the FortiCloud SSO implementation, specifically targeting vulnerabilities such as CVE-2025-59718 and CVE-2025-59719 , which allow adversaries to

Executive Summary The March 2026 Security Patch Day from SAP has brought to light two critical vulnerabilities affecting SAP FS-QUO (Quotation Management Insurance) and SAP NetWeaver Enterprise Portal Administration . These vulnerabilities, identified as CVE-2019-17571 and CVE-2026-27685 , enable unauthenticated remote code execution and insecure deserialization, respectively. The exploitation of these flaws could result in full system compromise, including the loss of con

Executive Summary The Russian state-sponsored threat actor APT28 (also known as Fancy Bear , Sednit , Forest Blizzard , Unit 26165 , and TA422 ) has intensified its cyber-espionage operations against the Ukrainian military by deploying two advanced malware strains: BEARDSHELL and a customized variant of COVENANT . These campaigns, active since at least April 2024, leverage cloud-based command-and-control (C2) infrastructure and sophisticated obfuscation techniques to mainta

Executive Summary A highly sophisticated supply chain attack has been identified involving a malicious Go module, github.com/xinfeisoft/crypto , which masquerades as the legitimate golang.org/x/crypto library. This module is engineered to covertly exfiltrate sensitive credentials entered via terminal prompts, establish persistent SSH access, and deploy the advanced Rekoobe Linux backdoor. The campaign leverages namespace confusion, GitHub-hosted staging, and multi-stage pay

Executive Summary A significant and ongoing cyberattack campaign has resulted in the compromise of over 900 instances of Sangoma FreePBX , a widely deployed open-source VoIP PBX platform. Attackers are exploiting a critical post-authentication command injection vulnerability, CVE-2025-64328 , to deploy persistent PHP-based web shells, most notably EncystPHP , on vulnerable systems. This campaign, tracked by organizations such as Shadowserver and Fortinet , is global in scope

Executive Summary The North Korean state-sponsored threat actor ScarCruft (also known as APT37 ) has recently executed a highly sophisticated cyber-espionage campaign that leverages both cloud-based and removable media vectors to compromise even the most isolated, air-gapped networks. This campaign, tracked as Ruby Jumper , is notable for its abuse of Zoho WorkDrive as a command-and-control (C2) channel and the deployment of advanced USB malware to bridge the gap between in

Executive Summary A critical vulnerability, CVE-2026-21902 , has been discovered in Juniper Networks PTX Series Routers running Junos OS Evolved . This flaw enables unauthenticated, remote attackers to execute arbitrary code as root, potentially resulting in a complete device takeover. The vulnerability stems from incorrect permission assignment in the On-Box Anomaly Detection framework, which is externally exposed by default. This exposure creates a significant risk for org

Executive Summary In late 2025, the North Korean advanced persistent threat group APT37 (also known as ScarCruft , Ruby Sleet , and Velvet Chollima ) was observed deploying a new, highly sophisticated malware campaign targeting air-gapped networks. This campaign, referred to as Ruby Jumper by Zscaler ThreatLabz, leverages a multi-stage infection chain and novel malware families to bridge the security gap between isolated, high-value environments and the internet. The attack

Executive Summary In January 2026, ManoMano , a leading European e-commerce platform specializing in DIY, home improvement, and gardening products, detected unauthorized access to customer data via a third-party customer support service provider. The breach, which was publicly disclosed in late February 2026, impacted approximately 38 million individuals across France, Belgium, Spain, Italy, Germany, and the United Kingdom. The compromised data includes full names, email addr

Executive Summary A sophisticated phishing campaign is actively targeting users of Trezor and Ledger cryptocurrency hardware wallets through physical mail, a method rarely seen in the sector. Attackers are sending convincing letters that impersonate official communications from Trezor and Ledger , urging recipients to complete urgent "Authentication Check" or "Transaction Check" procedures by scanning QR codes. These QR codes direct users to phishing websites that closely

Executive Summary A newly identified threat actor, UAT-9921 , has launched a sophisticated campaign leveraging the modular VoidLink malware framework to target organizations in the technology and financial sectors. This campaign, first observed in September 2025, demonstrates advanced capabilities in cloud-native environments, with a focus on Linux-based infrastructure, Kubernetes, and Docker. VoidLink is engineered for stealth, persistence, and lateral movement, utilizing

Executive Summary Google’s Threat Analysis Group (TAG) and Mandiant have recently attributed a series of highly coordinated cyber operations targeting the global defense sector to state-sponsored actors from China , Iran , Russia , and North Korea . These campaigns are characterized by advanced, persistent, and multi-vector attacks leveraging sophisticated tactics, techniques, and procedures (TTPs) to compromise defense contractors, supply chain partners, and critical battlef

Executive Summary South Korea’s Personal Information Protection Commission (PIPC) has imposed a combined fine of approximately $25 million on the Korean subsidiaries of Louis Vuitton , Christian Dior Couture , and Tiffany for significant data breaches that exposed the personal information of more than 5.5 million customers. The breaches, which occurred between June 2025 and early 2026, were facilitated by inadequate security controls in the companies’ cloud-based customer ma

Executive Summary A sophisticated cyberattack campaign has recently been identified in which public artifacts generated by Anthropic’s Claude LLM are abused to distribute Mac infostealer malware through the ClickFix attack chain. This campaign leverages malicious Google Ads and SEO poisoning to target macOS users seeking technical solutions, redirecting them to weaponized Claude artifacts or impersonated support articles. Unsuspecting users are tricked into executing malici

Executive Summary A new wave of highly targeted cyberattacks is exploiting the trust inherent in the software development hiring process. Threat actors, most notably the Lazarus Group (also known as APT38 ), are impersonating legitimate job recruiters and luring developers with enticing job offers. As part of the supposed interview process, these attackers deliver coding challenges that, when executed, surreptitiously install sophisticated malware on the victim’s system. Thi

Executive Summary Google’s Threat Analysis Group (TAG) has recently attributed a series of highly targeted cyberattacks against Ukrainian organizations to a suspected Russian state-aligned threat actor. These attacks are characterized by the deployment of a novel malware family, CANFAIL , which is delivered through advanced phishing campaigns leveraging social engineering and cloud-based delivery mechanisms. The primary targets include Ukrainian defense, government, energy, a

Executive Summary The latest release of Google Chrome 145 (versions 145.0.7632.45/46) addresses a total of 11 security vulnerabilities, including three classified as high-severity. These vulnerabilities, if left unpatched, could enable remote code execution, privilege escalation, or significant information disclosure. Notably, two of the high-severity issues were discovered internally by Google , underscoring the vendor’s commitment to proactive security research. As of this

Executive Summary The recent disclosure by Google 's Threat Intelligence Group (GTIG) highlights a significant escalation in the adversarial misuse of the Gemini AI platform by advanced persistent threat (APT) actors and information operations (IO) groups. These threat actors, including state-sponsored groups from Iran, China, North Korea, and Russia, are leveraging Gemini AI to facilitate every phase of the cyberattack lifecycle. While Google has implemented robust safety