A malicious campaign named DeepLoad is actively targeting enterprise networks to steal user credentials and maintain persistent access. The malware employs social engineering via ClickFix to trick users into executing PowerShell commands through the Windows Run dialog under false pretenses, often delivered through compromised websites or SEO-poisoned search results. DeepLoad hides its functional payload within layers of AI-generated obfuscation code within meaningless variable assignments, evading file-based detection. It leverages Windows lock screen processes via 'LockAppHost.exe' and abuses Windows Management Instrumentation (WMI) to achieve persistence, automatically re-infecting systems three days after initial removal without additional user or attacker action. The campaign also spreads via USB drives, increasing lateral movement potential, and deploys a malicious browser extension to intercept credentials during login sessions. Impact includes unauthorized access to enterprise accounts, potential data exfiltration, and sustained foothold in compromised networks.

In March 2026, Apple introduced a Terminal security feature in macOS Tahoe 26.4 that blocks execution of pasted commands and warns users of potential risks, directly targeting ClickFix-style social engineering attacks used to distribute malware such as Shamos and MacSync. Since June 2025, the COOKIE SPIDER group’s Shamos infostealer has targeted Mac devices via ClickFix attacks, stealing data and credentials from browsers, Keychain, Apple Notes, and cryptocurrency wallets. Early variants relied on malvertising and fake GitHub repositories to trick users into executing shell commands, while later MacSync variants used digitally signed, notarized Swift applications to bypass Gatekeeper checks. Recent campaigns have leveraged legitimate platforms like Cloudflare Pages and Squarespace to host malicious installers, with ClickFix evolving to require minimal user pretexts.

Gartner has published a structured evaluation framework for AI-driven Security Operations Center (SOC) agents, highlighting significant gaps between adoption rates and measurable improvements. The framework aims to help cybersecurity leaders assess vendor claims, integration complexity, autonomy boundaries, and long-term vendor viability before deployment. The report warns that while 70% of large SOCs are expected to pilot AI agents by 2028, only 15% will achieve measurable improvements without structured evaluation. Gartner’s framework emphasizes outcomes-driven metrics, analyst augmentation, transparency, and integration depth as critical evaluation criteria.

Threat actors are actively exploiting CVE-2025-53521, a critical RCE vulnerability in F5 BIG-IP APM systems, to deploy webshells on unpatched devices. The flaw, initially disclosed as a DoS issue in October 2025, was reclassified as RCE in March 2026 following observed exploitation in the wild. The vulnerability affects BIG-IP APM versions 17.5.0–17.5.1, 17.1.0–17.1.2, 16.1.0–16.1.6, and 15.1.0–15.1.10, enabling unauthenticated code execution when access policies are configured on virtual servers or in Appliance mode. Fixed versions (17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8) address the RCE. CISA added the flaw to its KEV catalog on March 28, 2026, mandating federal remediation within three days, and attackers have since weaponized it to install webshells. Shadowserver tracks over 240,000 exposed BIG-IP instances, though the scope of vulnerable configurations is unclear.

A critical out-of-bounds read vulnerability in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2026-3055, is being actively exploited in the wild to leak sensitive information from appliance memory. The flaw, disclosed by Citrix on March 23, 2026, affects systems configured as SAML Identity Providers with CVSS v4.0 score 9.3. Unauthenticated remote attackers exploit it by sending crafted SAMLRequest payloads to trigger memory overread conditions. Exploitation has been confirmed via honeypot activity since March 27, with evidence linking attacks to known malicious IPs. Impacted versions include NetScaler ADC/Gateway 14.1 before 14.1-66.59, 13.1 before 13.1-62.23, and NetScaler ADC FIPS/NDcPP before 13.1-37.262.

Microsoft has paused the rollout of Windows 11 non-security preview update KB5079391 (OS build 26100.2484) due to widespread installation failures marked by error code 0x80073712, affecting systems running Windows 11 24H2 and 25H2. The update included 29 changes such as Smart App Control improvements, Display enhancements, Windows Hello Fingerprint reliability fixes, and Windows Recovery Environment (Windows RE) stability updates for x64 apps on ARM64 devices. Installation errors manifest with the message: "Some update files are missing or have problems. We'll try to download the update again later. Error code: (0x80073712)."

A UK-based monitored alarm provider, TMAC, was fined £100,000 by the Information Commissioner’s Office (ICO) for making 260,000 nuisance calls to numbers registered on the Telephone Preference Service (TPS). The calls, made between February and September 2024, deliberately targeted individuals over 60 using predatory tactics, including impersonating local crime and fire prevention initiatives to deceive recipients. Callers concealed their true identities and failed to comply with UK telemarketing regulations under PECR.

The European Commission has confirmed a second breach affecting its Amazon cloud infrastructure, which hosted its Europa.eu platform, occurring on March 24, 2026. A threat actor, identified as ShinyHunters, claims to have stolen over 350GB of data, including databases, confidential documents, employee PII, DKIM keys, internal admin URLs, NextCloud data, and military financing data. The attacker stated no intention to extort the Commission but warned of potential secondary impacts such as identity risk and spear-phishing attacks. The breach was contained within hours, and the Commission is notifying affected entities while investigating the full impact. This follows the January 30, 2026 breach of the Commission’s mobile device management platform, linked to Ivanti EPMM vulnerabilities, which exposed staff names, phone numbers, and business email addresses and was contained within 9 hours.

Fortinet’s **critical SQL injection vulnerability (CVE-2026-21643, CVSS 9.1)** in FortiClientEMS is now being actively exploited in attacks, according to threat intelligence reports. The flaw allows unauthenticated attackers to execute arbitrary code via crafted HTTP requests targeting the 'Site' header in the web interface. Nearly **1,000 exposed FortiClient EMS instances** remain vulnerable online, with the majority located in the U.S. and Europe. This follows Fortinet’s recent emergency patches for **CVE-2026-24858**, a critical FortiCloud SSO authentication bypass (CVSS 9.4) that was exploited to create admin accounts, modify firewall configurations, and exfiltrate data from over 25,000 exposed devices. CISA has mandated patches for federal agencies, but CVE-2026-21643 remains unlisted in its KEV catalog despite confirmed exploitation. The vulnerabilities stem from improper input validation—SQL injection in FortiClientEMS and authentication bypass in FortiCloud SSO—and have been linked to automated attacks since January 2026. Fortinet advises disabling FortiCloud SSO until patches are applied, restricting management interface access, and treating compromised systems as fully breached, requiring credential rotation and configuration restoration from clean backups. Patches for CVE-2026-24858 are available in **FortiOS 7.4.11**, **FortiManager 7.4.10**, and **FortiAnalyzer 7.4.10**, while CVE-2026-21643 is fixed in **FortiClientEMS 7.4.5** (versions 7.2 and 8.0 are unaffected).

A coordinated cyber operation attributed to three China-linked clusters targeted a Southeast Asian government organization between March and September 2025. The campaign deployed a suite of malware families including HIUPAN (USBFect), PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st via complex infection chains. The activity indicates persistent access was the primary objective, leveraging overlapping TTPs across Mustang Panda (June–August), CL-STA-1048 (March–September, overlapping Earth Estries/Crimson Palace), and CL-STA-1049 (April & August, overlapping Unfading Sea Haze).

A missing capability check in the Smart Slider 3 WordPress plugin allows authenticated users, including subscribers, to read arbitrary files on the server. This flaw affects over 800,000 active installations and enables access to sensitive files such as wp-config.php, exposing database credentials, cryptographic keys, and salts. The vulnerability, tracked as CVE-2026-3098, was patched in version 3.5.1.34 on March 24, 2026, but approximately 500,000 sites remain unpatched and at risk of user data theft or full site compromise.

The Iranian hacktivist group Handala—linked to Iran’s Ministry of Intelligence and Security (MOIS)—conducted a destructive wiper attack against Stryker, a U.S. Fortune 500 medical technology company, on March 11, 2026. The attack affected over 200,000 systems across 79 countries, disrupted operations in Ireland, and sent over 5,000 workers home. Handala claimed responsibility, citing retaliation for a U.S. missile strike. The attack leveraged Microsoft Intune to issue remote wipe commands and defaced Stryker’s Entra login page. Stryker confirmed the incident in an SEC filing and reported no evidence of data exfiltration. Recovery efforts prioritized restoring supply-chain systems. In a separate but related development, Handala breached the personal email account of FBI Director Kash Patel on March 28, 2026, and leaked historical emails from 2010 and 2019. The FBI acknowledged the targeting and stated the leaked data was not government-related. Handala operates under multiple monikers, including Banished Kitten and Void Manticore, and has integrated criminal tools such as Rhadamanthys stealer to enhance its operations. The group’s activities align with broader Iranian cyber operations targeting Western entities amid heightened geopolitical tensions, including destructive attacks, hack-and-leak campaigns, and psychological influence operations. U.S. authorities have seized multiple domains linked to Handala and offered a $10 million reward for information on group members.

A new macOS-targeting infostealer named Infinity Stealer is being distributed via ClickFix CAPTCHA lures impersonating Cloudflare’s human verification, leading victims to execute a base64-obfuscated Bash command that fetches and runs a Nuitka-compiled Python payload. The attack abuses a fake CAPTCHA on update-check[.]com to bypass OS defenses and install a Mach-O loader that extracts a zstd-compressed archive containing the stealer. Infinity Stealer harvests browser credentials, macOS Keychain entries, cryptocurrency wallets, and plaintext secrets from developer files, and exfiltrates data via HTTP POST to C2 with Telegram notifications to operators.

Apple has begun sending Lock Screen notifications to iPhones and iPads running outdated iOS versions warning users of active web-based exploits and urging immediate updates. This follows Apple’s support document alerting users to exploit kits like Coruna (targeting iOS 13–18.7) and Darksword (targeting iOS 18.4–18.7) and the public leak of a newer Darksword version on GitHub. Coruna and Darksword are now independently confirmed as closely related frameworks with shared origins in the 2019–2023 Operation Triangulation campaign, reinforcing attribution to Russian threat actor UNC6353 and associated groups. Coruna has evolved from a precision espionage tool into a mass-exploitation framework with 23 exploits across five chains, while Darksword is now publicly leaked and targets iOS 18.7. Apple has patched all exploited flaws in recent releases (18.7.3, 26.2, 26.3.1), and CISA has mandated federal agencies patch three DarkSword-linked vulnerabilities (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520) by April 3, 2026. Campaigns linked to UNC6353, UNC6748, and Turkish vendor PARS Defense highlight the growing commoditization of iOS exploitation tools and elevated risk to end-users globally.

GlassWorm has escalated into a multi-stage framework combining remote access trojans (RATs), data theft, and hardware wallet phishing, with the latest iteration leveraging Solana dead drops for C2, a novel browser extension for surveillance, and a shift into the Model Context Protocol (MCP) ecosystem. The campaign now delivers a .NET binary that targets Ledger and Trezor devices by masquerading as configuration errors and prompting users to input recovery phrases, while a Websocket-based JavaScript RAT exfiltrates browser data, executes arbitrary code, and deploys HVNC or SOCKS proxy modules. The malware uses a Google Chrome extension disguised as Google Docs Offline to perform session surveillance on cryptocurrency platforms like Bybit and harvest extensive browser data. Additionally, threat actors have begun distributing malicious payloads via npm packages impersonating the WaterCrawl MCP server, marking GlassWorm’s first confirmed incursion into the AI-assisted development ecosystem. The GlassWorm campaign remains a persistent supply chain threat impacting multiple ecosystems including npm, PyPI, GitHub, and Open VSX. Since its emergence in October 2025, the campaign has evolved from invisible Unicode steganography in VS Code extensions to a sophisticated multi-vector operation spanning 151 compromised GitHub repositories and dozens of malicious npm packages. The threat actor, assessed to be Russian-speaking, continues to avoid infecting Russian-locale systems and leverages Solana blockchain transactions as dead drops for C2 resolution. Recent developments include the ForceMemo offshoot that force-pushes malicious code into Python repositories, the abuse of extensionPack and extensionDependencies for transitive malware delivery, and the introduction of Rust-based implants targeting developer toolchains. The Eclipse Foundation and Open VSX have implemented security measures such as token revocation and automated scanning, but the threat actors have repeatedly adapted by rotating infrastructure, obfuscating payloads, and expanding into new ecosystems like MCP servers. A new large-scale social engineering campaign has emerged, using fake VS Code security alerts posted in GitHub Discussions to distribute malware. The campaign automates posts across thousands of repositories using low-activity accounts, triggering GitHub email notifications with fake vulnerability advisories containing realistic CVE references. Links in these posts redirect victims through a cookie-driven chain to drnatashachinn[.]com, where a JavaScript reconnaissance payload profiles targets before delivering additional malicious payloads. This operation represents a coordinated, large-scale effort targeting developers as part of the broader GlassWorm malware campaign.

TeamPCP has escalated its multi-vector CanisterWorm campaign into a broader geopolitically targeted operation, now compromising trusted PyPI packages to deliver credential-stealing malware with automated execution mechanisms. The group has targeted the LiteLLM and Telnyx Python packages (versions 1.82.7, 1.82.8, 4.87.1, and 4.87.2), embedding malware that harvests SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files before exfiltrating data to attacker-controlled infrastructure and establishing persistent backdoors. The campaign began as a supply-chain attack involving 47 compromised npm packages and the @teale.io/eslint-config variant, leveraging ICP canisters for decentralized C2 and persistence via masqueraded systemd services. It escalated to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and deployment of an infostealer, then pivoted to targeting CI/CD pipelines directly via GitHub Actions workflows (e.g., Checkmarx, Trivy) using stolen credentials. TeamPCP now compromises GitHub Actions workflows and Open VSX extensions to deploy the TeamPCP Cloud stealer, while refining destructive payloads targeting Iranian systems in Kubernetes environments with time-zone/locale-based wipers. Recent compromises of LiteLLM and Telnyx demonstrate rapid iteration and maturation of supply chain attack methodology, with evidence suggesting collaboration with the Vectr ransomware group for follow-on ransomware operations.

Enterprise Governance, Risk, and Compliance (GRC) teams equipped with agentic AI tools are confronting an operational identity crisis as autonomous agents assume core workflows such as evidence collection, control monitoring, and audit preparation. The transition exposes a long-standing misalignment between traditional GRC roles—centered on operational execution—and the profession’s intended purpose: strategic risk insight and organizational protection. Practitioners report reluctance not due to technological limitations, but because the relinquishing of operations-based tasks challenges their professional identity and value proposition. Organizations progressing toward agentic GRC are redefining practitioner roles toward judgment-driven risk leadership, leveraging years of accrued expertise to define risk appetite, validate control efficacy, and interpret business context into compliance logic.

A design flaw in Open VSX’s pre-publish scanning pipeline enabled malicious Visual Studio Code (VS Code) extensions to bypass security vetting and become publicly available in the registry. The issue stemmed from a single boolean return value that conflated two distinct states: absence of configured scanners and scanner job failures. Under load, scanner failures (e.g., due to exhausted database connection pools) were misinterpreted as "no scanners configured," causing the system to mark extensions as passed and activate them immediately. This affected both the initial publish flow and a recovery service designed to retry failed scans. An attacker with a standard publisher account could exploit the flaw by flooding the publish endpoint to exhaust the database connection pool, preventing scan jobs from enqueuing and allowing malicious extensions to evade detection. The flaw was patched in Open VSX version 0.32.0 on March 3, 2026, following disclosure on February 8, 2026.

Google has accelerated the timeline for post-quantum cryptography (PQC) migration, warning that traditional encryption methods could become obsolete as early as 2029 due to quantum computing advancements. The 'Harvest Now, Decrypt Later' (HNDL) strategy remains a critical threat, with adversaries storing encrypted data for future decryption. Organizations must urgently adopt PQC to secure long-term sensitive data, with Google’s Android 17 integrating PQC digital signature protection in alignment with NIST standards. Regulatory and industry timelines, including those from the NSA and NCSC, remain aligned around 2033–2035, but Google’s 2029 deadline underscores the need for immediate action.

The geopolitical landscape has shifted from an era of relative stability under Pax Americana to one where technology is weaponized and cyber operations are integral to state power projection. State-linked actors, particularly China- and Russia-aligned groups, are intensifying campaigns targeting critical infrastructure, telecommunications, and government networks with long-dwell access, stealthy backdoors, and operational technology (OT) compromise. Non-state actors, including hacktivists and cybercriminals, have aligned with geopolitical agendas, executing disruptive operations that blur the line between activism, crime, and statecraft, often with physical consequences. Cyber extortion remains a dominant threat, driven by commoditized attack ecosystems and persistent failures in basic cyber hygiene, despite increased law-enforcement disruption efforts.

An international anti-piracy coalition led by the Alliance for Creativity and Entertainment (ACE) disrupted the AnimePlay anime streaming platform, which allegedly served over 5 million registered users predominantly in Indonesia. ACE seized control of the platform’s infrastructure, including the application, 15 associated domains, backend code repositories, hosting environments, and related digital assets, rendering the service inoperable. The takedown included over 60 terabytes of infringing anime content and the surrender of backend systems, advertising tools, and 29 GitHub repositories containing full source code by the platform’s operator. The action follows ACE’s recent dismantling of Photocall, a piracy platform with 26 million annual users, and reflects ongoing global enforcement against large-scale illegal streaming services.

Microsoft released KB5079391, a non-security preview cumulative update for Windows 11 versions 24H2 and 25H2, introducing toggle functionality for Smart App Control without OS reinstallation and multiple display reliability improvements. The update, part of Microsoft’s end-of-month non-security preview schedule, enables users to enable or disable Smart App Control through Windows Security settings, expanding accessibility beyond clean installations. Additionally, it adds support for monitors reporting refresh rates exceeding 1000 Hz, native USB4 monitor connections, and improved HDR reliability. The optional update targets builds 26200.8116 for 25H2 and 26100.8116 for 24H2, addressing performance, stability, and user interface refinements.

The Dutch National Police (Politie) confirmed a phishing attack resulted in a limited security breach, with attackers' access blocked shortly after detection by the Security Operations Center. The incident did not expose or access citizens' data or investigative information, and a criminal investigation has been launched. The timing of detection and potential exposure of employees' data remain undisclosed. This follows a prior 2024 breach attributed to a state actor, which stole work-related and private contact information for police officers. Enhanced security measures, including two-factor authentication and continuous monitoring, were implemented post-2024 but did not prevent the recent phishing incident.

A threat actor exploited vulnerabilities in Ajax Amsterdam’s IT systems to access limited fan data and manipulate ticket assignments and stadium bans. The incident affected a few hundred individuals, with fewer than 20 stadium bans compromised, including names, email addresses, and dates of birth. The attacker demonstrated the ability to reassign season tickets and modify existing stadium bans before disclosing the flaws to media outlets. The club has patched vulnerabilities, engaged external investigators, and notified Dutch authorities. No evidence of data leakage has been identified.

The total number of major operational technology (OT) cyber incidents causing physical consequences decreased by 25% in 2025, reversing a seven-year upward trend. Major OT cyberattacks fell from 76 in 2024 to 57 in 2025 according to Waterfall Security Solutions’ annual report, marking the first decline since 2018. The reduction contrasts with historical increases driven by ransomware and exposed industrial control systems, though many of the remaining 2025 incidents remained severe despite lower technical sophistication. The shift raises questions about underlying drivers, including improved defenses, underreporting due to legal risks, or fluctuations in ransomware ecosystem dynamics.

The U.S. Federal Communications Commission (FCC) has expanded its Covered List to prohibit the sale of new consumer-grade routers manufactured outside the United States, citing unacceptable national security risks. The ban targets 'consumer-grade' routers as defined in NIST Internal Report 8425A, while permitting continued operation of existing routers and maintaining imports for previously authorized foreign-manufactured models. The decision follows a March 20 National Security Determination identifying severe supply-chain vulnerabilities in foreign-made routers. Exemptions are strictly limited to Department of Defense or Department of Homeland Security drone and surveillance systems, with no blanket exclusions for foreign-made consumer routers. Existing hardware and U.S.-manufactured devices like Starlink routers remain unaffected. Critics warn the policy may leave consumers and businesses reliant on older, less secure routers as replacement markets shrink and compliance costs rise, potentially increasing long-term exposure to operational vulnerabilities rather than reducing them.

Security researchers have demonstrated 76 zero-day vulnerabilities in automotive systems during Pwn2Own Automotive 2026, earning $1,047,000 in cash awards. Affected systems include in-vehicle infotainment (IVI) units, EV chargers, and automotive-grade Linux, with exploits targeting Tesla, Sony, ChargePoint, and other vendors. The competition, held in Tokyo from January 21 to 23, 2026, highlighted the persistent insecurity of IT and OT components in vehicles, particularly aftermarket IVI systems and charging infrastructure. The contest revealed that EV chargers, despite improvements, retain a large attack surface, and banned previously known unpatched vulnerabilities from infotainment systems. Vendors have 90 days to develop and release security fixes before disclosure. Team Fuzzware.io secured the top prize with $215,000, followed by Team DDOS ($100,750) and Synacktiv ($85,000). Experts at RSAC 2026 emphasized that modern vehicles are effectively 'computers on wheels,' with attack surfaces expanding alongside connectivity and autonomous driving capabilities. The automotive industry continues to grapple with securing complex systems reliant on millions of lines of code, often developed by disparate suppliers without deep cybersecurity expertise. Regulatory frameworks like UN Regulation No. 155 now mandate cybersecurity assessments and secure development practices for vehicles across 63 countries.

CISA formally confirmed active exploitation of the Langflow unauthenticated RCE vulnerability (CVE-2026-33017) on March 26, 2026, adding it to the Known Exploited Vulnerabilities (KEV) catalog and mandating U.S. federal agencies to apply mitigations or stop using the product by April 8, 2026. Threat actors exploited the flaw within 20–24 hours of its March 17, 2026 disclosure, progressing from automated scanning to staged Python payload delivery and credential harvesting (including .env and .db files) despite the absence of public PoC code. The vulnerability, with a CVSS score of 9.3, affects all Langflow versions prior to and including 1.8.1 and stems from an unsandboxed exec() call in the /api/v1/build_public_tmp/{flow_id}/flow endpoint. CISA did not attribute exploitation to ransomware actors but emphasized the risk to AI workflows given Langflow’s widespread adoption, including 145,000 GitHub stars. Endor Labs reported that attackers likely reverse-engineered exploits from the advisory details, underscoring the accelerating weaponization timeline. Mitigation guidance includes upgrading to version 1.9.0+ or disabling the vulnerable endpoint, restricting internet exposure, monitoring outbound traffic, and rotating all associated credentials.

A China-nexus threat group, tracked as Red Menshen (aka Earth Bluecrow, DecisiveArchitect, Red Dev 18), has conducted a multi-year espionage campaign targeting telecom providers in the Middle East and Asia by deploying stealthy Linux kernel-level implants. The adversary abuses Berkeley Packet Filter (BPF) functionality to embed passive backdoors (BPFDoor) that activate via crafted network packets, avoiding detectable listeners or C2 channels. Initial access is obtained via internet-facing edge services (e.g., VPNs, firewalls) from vendors including Ivanti, Cisco, Juniper, Fortinet, VMware, Palo Alto, and Apache Struts. Post-exploitation includes deployment of frameworks like CrossC2 and Sliver, alongside credential harvesting tools, enabling lateral movement. BPFDoor’s functionality extends to telecom-native protocols (e.g., SCTP), potentially granting visibility into subscriber behavior, location tracking, and surveillance of high-value targets. A newly documented variant enhances evasion by concealing trigger packets within legitimate HTTPS traffic at fixed byte offsets and introducing ICMP-based lightweight communication between infected hosts.

Researchers at Georgia Tech’s Systems Software & Security Lab (SSLab) report a significant increase in vulnerabilities directly introduced by AI coding tools, with at least 35 new CVE entries disclosed in March 2026 alone—up from six in January and 15 in February. The findings, part of the Vibe Security Radar project launched in May 2025, track flaws across multiple public advisories (NVD, GHSA, OSV, RustSec) and confirm 74 cases where AI tool signatures (e.g., co-author tags, bot emails) were present in vulnerability-introducing commits. Anthropic’s Claude Code is the most frequently identified tool, though underreporting is suspected due to metadata stripping and lack of traces in tools like GitHub Copilot.