Mozilla has integrated a free, built-in VPN feature into Firefox 149 that routes browser traffic through a secure proxy to obscure user IP addresses and location. The service provides up to 50GB of monthly traffic for users with a Mozilla account and will initially roll out to users in the U.S., UK, Germany, and France. The VPN operates at the browser level, differentiating it from Mozilla’s commercial system-wide VPN offering. The feature includes granular controls, such as toggling the VPN on/off and restricting its use to specific websites (up to five) to manage bandwidth. Mozilla states it will collect only technical and interaction data necessary for service maintenance and performance monitoring, with no logging of user content. The routing server is U.S.-based, optimized for location and performance.

Advanced persistent threat (APT) groups and cybercriminals continue to exploit the remote monitoring and management (RMM) tool ScreenConnect for unauthorized system access, leveraging its legitimate features for persistence and lateral movement. A major malvertising campaign active since January 2026 has specifically targeted U.S. tax filers via Google Ads, delivering rogue ScreenConnect installers that deploy a custom EDR-killing driver (HwAudKiller) using a signed Huawei vulnerable driver (HWAuidoOs2Ec.sys) to blind security tools. The attack chain uses commercial cloaking services (Adspect, JustCloakIt) to evade detection and quickly stacks multiple RMM tools (ScreenConnect, FleetDeck Agent) for redundancy. Observed post-compromise activity includes credential dumping via LSASS access and lateral movement with tools like NetExec, aligning with pre-ransomware or initial access broker behavior. Defenders should prioritize monitoring for rogue ScreenConnect installers delivered via malvertising, kernel-mode driver loads from vulnerable Huawei audio drivers, rapid stacking of multiple RMM tools, and use of EDR killers alongside LSASS memory dumps and lateral movement artifacts.

Between late 2025 and early 2026, the Silver Fox intrusion group shifted its operational focus from traditional espionage-style malware to a hybrid model combining state-aligned intelligence collection with financially driven cybercrime. The group targeted finance teams across South and East Asia using tax and payroll-themed phishing lures, evolving delivery methods from malicious PDF attachments and DLL side-loading to SEO poisoning and malicious ads, and ultimately to a custom Python-based credential stealer disguised as a WhatsApp application. Impact includes compromised credentials and sensitive files from organizations in Taiwan, Japan, Malaysia, India, Indonesia, Singapore, Thailand, and the Philippines, with evidence suggesting targeted espionage during tax audit periods and broader financially motivated theft.

As of March 24, 2026, Citrix has disclosed two new vulnerabilities in NetScaler ADC and NetScaler Gateway: CVE-2026-3055, a critical memory overread flaw enabling unauthenticated sensitive data leaks, and CVE-2026-4368, a race condition leading to user session mixups. Both vulnerabilities require specific configurations to be exploitable and affect versions 14.1 before 14.1-66.59, 13.1 before 13.1-62.23, and related FIPS/NDcPP builds. While no in-the-wild exploitation has been observed, historical targeting of similar NetScaler flaws underscores the need for urgent patching. The event began in 2024 with the addition of Citrix Session Recording and Git vulnerabilities to the CISA KEV catalog, followed by the inclusion of NetScaler ADC and Gateway flaws in August 2025. In February 2026, CISA added a five-year-old GitLab SSRF flaw (CVE-2021-39935) to the KEV catalog due to active exploitation. The current developments mark a continuation of recurring vulnerabilities in Citrix’s NetScaler platform, reflecting persistent exploitation trends and the criticality of these appliances in enterprise environments. Citrix has since disclosed CVE-2026-3055, a critical out-of-bounds read vulnerability with CVSS 9.3, enabling unauthenticated memory leaks from appliance memory. Exploitation requires the appliance to be configured as a SAML Identity Provider (SAML IDP), affects only customer-managed instances, and remediation includes patched builds (14.1-66.59+, 13.1-62.23+) or Global Deny List signatures for select firmware builds. No in-the-wild exploitation or PoC has been observed as of March 24, 2026.

Microsoft has resolved a bug causing synchronization issues for Gmail and Yahoo accounts in classic Outlook, which previously triggered 0x800CCC0F and 0x80070057 errors. The company confirmed the fix was deployed in the Microsoft 365 service, though some users may still encounter temporary sync problems until their OAuth tokens expire. Microsoft continues to investigate additional issues, including "Can't connect to the server" errors when creating groups with EWS enabled and the mouse pointer disappearance bug that affects classic Outlook and other Microsoft 365 apps. Earlier investigations revealed that Microsoft was addressing multiple problems in classic Outlook, including mouse pointer disappearance that also impacted OneNote and other Microsoft 365 apps, as well as synchronization and connection issues with Gmail and Yahoo accounts. Temporary workarounds were provided for these issues while Microsoft worked on permanent fixes.

A coordinated campaign tracked as Ghost continues to target developers via malicious npm packages and GitHub repositories to deploy credential stealers and cryptocurrency wallet harvesters. The operation leverages social engineering and multi-stage infection chains, including fake installation wizards that request sudo/administrator privileges and deceptive npm logs simulating dependency downloads and progress indicators. Stolen data—including browser credentials, crypto wallets, SSH keys, and cloud tokens—is exfiltrated to Telegram channels and BSC smart contracts. The campaign employs a dual monetization model combining credential theft via Telegram channels with affiliate link redirections stored in a BSC smart contract. Malicious npm packages first appeared under the user 'mikilanjijo', with operations beginning as early as February 2026 and expanding to at least 11 packages such as react-performance-suite and react-query-core-utils. The final payload is a remote access trojan that downloads from Telegram channels, decrypts using externally retrieved keys, and executes locally using stolen sudo passwords to harvest credentials and deploy GhostLoader.

Organizations migrating to Zero Trust frameworks often neglect the critical linkage between user authentication and device trust, leaving hybrid workforces vulnerable to credential theft and session hijacking despite multi-factor authentication (MFA) deployment. The absence of continuous device posture validation enables attackers to exploit stolen tokens or session cookies to bypass identity checks, transforming authenticated sessions into covert access channels. Without real-time device health verification, Zero Trust remains partially implemented, failing to address lateral movement risks associated with compromised endpoints.

Navia Benefit Solutions confirmed a data breach affecting approximately 2.7 million individuals, with unauthorized access occurring between December 22, 2025, and January 15, 2026. The breach was attributed to a Broken Object Level Authorization (BOLA) vulnerability, and the exposed data includes full names, dates of birth, Social Security Numbers, phone numbers, email addresses, and enrollment details for HRA, FSA, and COBRA programs. No claims or financial information was exposed, but the incident heightened risks of phishing and identity theft. The breach also impacted HackerOne, a bug bounty platform, exposing sensitive data for 287 employees and their dependents, including Social Security numbers, addresses, and plan enrollment details. Navia notified law enforcement, offered 12 months of identity protection services, and sent letters to impacted companies on February 20, 2026. The incident has not been attributed to a specific cybercrime group or ransomware operation.

Former Ukrainian Foreign Minister Dr. Dmytro Kuleba will deliver a keynote at Infosecurity Europe 2026 on 3 June 2026, discussing Ukraine’s wartime experiences with synchronized Russian cyber and kinetic attacks. Kuleba’s address, titled ‘Ukraine’s Hybrid War and the New Cyber Frontline,’ will focus on how Russia weaponized telecommunications disruption, disinformation, and electronic warfare in tandem with physical strikes, framing Western enterprises as the new primary battlefield. The session underscores the evolution of cyber conflict into a persistent, high-impact domain requiring enterprise-level resilience amid escalating geopolitical tensions.

In December 2024, a data breach at PowerSchool, a cloud-based software provider for K-12 schools, exposed the personal information of 62 million students and 9.5 million teachers across the U.S., Canada, and other countries. The breach included full names, addresses, phone numbers, passwords, parent information, contact details, Social Security numbers, and medical data. The attacker initially demanded a $2.85 million ransom in Bitcoin. The breach affected 6,505 school districts, including over 880,000 Texans. The Texas Attorney General has filed a lawsuit against PowerSchool for failing to protect sensitive information. In May 2025, an affiliate of the ShinyHunters group attempted to extort school districts individually. In June 2025, Matthew D. Lane pleaded guilty to orchestrating the attack and attempting to extort millions of dollars. In October 2025, Lane was sentenced to four years in prison and ordered to pay $14 million in restitution and a $25,000 fine. The breach was part of a series of attacks on PowerSchool's PowerSource portal, with previous breaches occurring in August and September 2024. In March 2026, Infinite Campus, another K-12 student information system provider, warned of a breach after ShinyHunters claimed to have stolen data from an employee’s Salesforce account. The exposed data was mostly public, but the incident involved extortion attempts and prompted Infinite Campus to disable certain services and scan for compromised data. ShinyHunters has targeted hundreds of Salesforce accounts in recent campaigns, including claims of stealing over 1.5 billion records.

Endpoint cybersecurity tools fail to protect approximately 20% of enterprise devices, creating an average of 76 exploitable days per year where organizations remain vulnerable to cyber threats, data breaches, and operational downtime. The failure stems from systemic gaps in maintaining operational integrity of security tools amid growing IT complexity, with persistent delays in patch management exacerbating the risk. Nearly a quarter of endpoint vulnerability management platforms operate outside compliance, while Windows critical updates face an average delay of 127 days. Approximately 10% of enterprise endpoints are permanently unpatched, particularly those running unsupported OS versions like Windows 10.

Microsoft has introduced identity management and guardrails for AI agents to mitigate expanding attack surfaces created by agentic AI systems. The company debuted agent identities in Azure AI Foundry and Microsoft Entra ID, enabling organizations to assign unique identities, enforce permissions, and log agent behavior. Guardrails now include controls to restrict agent capabilities, while Security Copilot integrates AI agents for continuous security monitoring and triage. The move addresses rising enterprise concerns over securing non-human identities amid the proliferation of agentic browsers, swarms, and multi-agent systems.

The Dutch Ministry of Finance disclosed a cybersecurity incident involving unauthorized access to systems within its policy department, initially detected on March 19, 2026. The breach affected a subset of ministry employees and prompted immediate containment measures, including blocking access to the compromised systems. No impact was reported on core tax administration, customs, or benefits systems handling over 9.5 million annual tax returns. The investigation remains ongoing, with no attribution or confirmation of data exfiltration disclosed.

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, defining the need for independent oversight layers to supervise autonomous AI agents across enterprise environments. The report highlights the rapid, unchecked adoption of AI agents in production—nearly 70% of enterprises already deploy them, with 23% planning deployments in 2026—outpacing traditional governance controls and expanding "identity dark matter" risks. Guardian agents are positioned as a neutral, enterprise-owned control layer to enforce governance, visibility, and runtime enforcement across multi-cloud, cross-platform environments where AI agents interact with APIs, applications, and data repositories. Adversaries are also exploiting AI systems, with malicious prompt injections detected in over 90 organizations, underscoring the urgency for robust oversight mechanisms. The guidance emphasizes three core capabilities for guardian agents: AI visibility and traceability, continuous assurance and evaluation, and runtime inspection and enforcement. Gartner warns that governance cannot remain platform-native and must instead operate as an independent layer to prevent unintended behaviors, compliance failures, and security incidents as AI agents increasingly automate critical workflows.

Aleksey Olegovich Volkov, a 26-year-old Russian national from St. Petersburg, was sentenced to 81 months in prison for his role as an initial access broker (IAB) facilitating ransomware attacks. Volkov pleaded guilty to multiple charges, including conspiracy to commit computer fraud and money laundering, and must pay at least $9.2 million in restitution to victims. Between July 2021 and November 2022, Volkov breached corporate networks and sold access to ransomware groups, including Yanluowang, resulting in extortion attempts totaling $24 million. He was arrested in Rome in 2024, extradited to the U.S. in 2025, and admitted to working with several major cybercrime groups. Yanluowang, a Russian ransomware operation unmasked in 2022, employed 'triple extortion' tactics and claimed victims such as Cisco and Walmart. Volkov’s activities as an IAB were part of a broader cybercrime supply chain, enabling multiple ransomware-as-a-service (RaaS) groups to accelerate attacks by purchasing network access. Investigators linked Volkov’s identity through digital evidence, including Apple iCloud data and cryptocurrency records, while chat logs and stolen data provided further confirmation of his involvement. His case highlights the interconnected nature of cybercriminal ecosystems, where access brokers, RaaS operators, and affiliates collaborate to maximize financial gain and operational efficiency.

Cybersecurity teams increasingly experience operational and strategic challenges due to the erosion of foundational knowledge as specialization accelerates, leading to misaligned tooling, unclear risk priorities, and difficulty translating technical issues into business-relevant context. This trend manifests in programs where security decisions are driven by product features or industry trends rather than specific organizational risks, and where even strong technical execution fails to address persistent issues such as incident response inefficiencies, alert fatigue, and control misalignment. The gap is rooted in a lack of shared understanding of how business missions, systems, and risks interrelate, which undermines end-to-end visibility and coherent risk reasoning.

On March 11, 2026, the Iranian hacktivist group Handala—linked to Iran’s Ministry of Intelligence and Security (MOIS)—conducted a targeted data-wiping attack against Stryker, a global medical technology company, affecting over 200,000 systems across 79 countries. The attack utilized Microsoft Intune to issue remote wipe commands, disrupting operations and sending over 5,000 workers in Ireland home. Handala claimed responsibility, citing retaliation for a U.S. missile strike that killed 175 people, including children. Stryker’s recovery efforts prioritized restoring supply-chain systems and customer orders, with no evidence of data exfiltration found by investigators (Microsoft DART and Palo Alto Unit 42). The attack was not a ransomware incident, and no malware was deployed. Handala, historically focused on Israeli targets, has expanded operations in alignment with Iranian state interests. Investigations further reveal that Handala’s broader malicious activities include long-running malware campaigns against journalists, Iranian dissidents, and opposition groups dating back to autumn 2023, using multi-stage malware with Telegram-based command-and-control infrastructure for remote access and data exfiltration.

TeamPCP has escalated the CanisterWorm campaign into a multi-vector operation targeting Kubernetes clusters with geopolitically targeted destructive payloads, while simultaneously expanding their supply chain sabotage to additional vendors via stolen CI credentials. The group now compromises GitHub Actions workflows (e.g., Checkmarx, Trivy) to deploy the TeamPCP Cloud stealer, exfiltrating credentials and triggering cascading supply chain compromises. The campaign originally began as a supply-chain attack involving 47 compromised npm packages and the @teale.io/eslint-config variant, leveraging ICP canisters for decentralized C2 and persistence via masqueraded systemd services. It expanded to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and deployment of an infostealer. The latest development confirms the group's pivot to targeting CI/CD pipelines directly, using stolen credentials from prior compromises to poison trusted GitHub Actions workflows (Checkmarx) and Open VSX extensions, while also refining their wiper payloads to include time-zone/locale-based targeting of Iranian systems in Kubernetes environments.

OpenAI has introduced a new ChatGPT Library feature that automatically stores user-uploaded files or images in a dedicated, secure cloud storage location accessible across chats. The feature, available to ChatGPT Plus, Pro, and Business users worldwide except the EEA, Switzerland, and the UK, retains uploaded files by default for future reference, including documents, spreadsheets, presentations, and images. Users can manually delete files, which are then removed from servers within 30 days. The Library maintains files even after associated chats are deleted, raising data retention and deletion transparency considerations.

Mazda Motor Corporation disclosed a security incident in December 2025 involving unauthorized external access to a warehouse management system linked to parts procured from Thailand. The incident exposed 692 records containing employee and business partner information, including user IDs, full names, email addresses, company names, and business partner IDs. Mazda stated no customer data was affected and no misuse has been detected, but warned of elevated phishing risks. The company reported the incident to Japanese authorities and implemented enhanced security measures, including reduced internet exposure, patching, increased monitoring, and stricter access controls.

Tycoon2FA, a subscription-based phishing-as-a-service (PhaaS) platform that bypassed MFA using adversary-in-the-middle techniques, resumed operations at pre-disruption levels within days of a March 4, 2026 global takedown, despite initial reductions in campaign volumes. The platform, active since August 2023, offered subscription-based access for bypassing multi-factor authentication, targeting major services like Microsoft 365 and Google. It was linked to over 64,000 phishing incidents and facilitated unauthorized access to nearly 100,000 organizations globally by mid-2025. The primary operator, identified as 'SaaadFridi' and 'Mr_Xaad,' remains at large. The platform’s infrastructure relied on adversary-in-the-middle techniques, AI-generated decoy pages, and short-lived domains to evade detection, while customers employed tactics like ATO Jumping to distribute phishing URLs. The takedown involved Europol’s EC3 and law enforcement from six European countries. Following the disruption, Tycoon2FA rapidly recovered to pre-disruption operational levels, with daily campaign volumes returning to early 2026 levels by March 6. Post-compromise activities included business email compromise (BEC), email thread hijacking, cloud account takeovers, and malicious SharePoint links. Old infrastructure remained active after the disruption, while new phishing domains and IP addresses were registered quickly. Operators continued using unchanged TTPs, including compromised domains, legitimate cloud services, and IPv6-based automated logins, underscoring the resilience of the PhaaS model without arrests or physical seizures.

A threat actor claimed responsibility for breaching Crunchyroll on March 12, 2025, by compromising the Okta SSO account of a Telus International support agent via malware. The compromise enabled access to multiple Crunchyroll applications, including Zendesk, Wizer, and Slack, leading to the exfiltration of 8 million support tickets containing data for 6.8 million unique email addresses. The attack targeted a business process outsourcing (BPO) employee with legitimate access to customer support systems. Crunchyroll confirmed the incident and is investigating with cybersecurity experts. The exposed data includes names, email addresses, IP addresses, geographic locations, and support ticket contents, with partial credit card details appearing only when customers included them in tickets. The threat actor demanded $5 million in extortion but received no response from Crunchyroll.

The North Korean Lazarus Group (UNC1069, also tracked as WaterPlum) continues to expand its operations with new malware and refined tactics targeting the cryptocurrency and defense sectors. Recent activity includes the deployment of StoatWaffle, a modular malware delivered via malicious Visual Studio Code (VS Code) projects, which abuses auto-run tasks to maintain persistence and execute next-stage payloads. The malware includes stealer and RAT modules, targeting sensitive data such as browser credentials and iCloud Keychain on macOS. The threat actor has also disseminated additional malware families—including PylangGhost, PolinRider, and FlexibleFerret (WeaselStore)—through npm packages, GitHub repositories, and staged recruitment processes. Targets include founders, CTOs, and senior engineers in cryptocurrency and Web3 sectors, often approached via LinkedIn or fake job interviews. Microsoft has introduced mitigations in VS Code (v1.109/1.110) to block auto-run tasks, addressing abuse of the 'tasks.json' file. The campaign overlaps with previously documented activity by UNC1069 and GhostCall, highlighting the group's persistent focus on the open-source ecosystem and cross-platform attacks.

A survey of over 3,400 IT and cybersecurity professionals reveals significant uncertainty in incident response capabilities for compromised AI systems. 56% of respondents lack awareness of their organization’s ability to halt AI systems during an attack, while only 32% believe they could respond within an hour. Confusion over ownership of enterprise AI applications exacerbates governance and security risks, with 20% of respondents unaware of accountability structures. Only 43% of security professionals express high confidence in their organization’s ability to investigate and explain serious AI incidents to leadership or regulators, highlighting systemic preparedness gaps.

A supply chain compromise in the Trivy vulnerability scanner resulted in credential-stealing malware being injected into official releases and GitHub Actions workflows. The breach affected over 32,000 GitHub stars and 100 million Docker Hub downloads, enabling the self-propagating CanisterWorm to spread across at least 100 organizations. Additional compromised versions (0.69.5 and 0.69.6) were identified on March 22, 2026, and Aqua Security's internal GitHub organization was exposed with repositories renamed in a scripted attack. On March 19, 2026, attackers compromised Trivy version 0.69.4, followed by the distribution of malicious Docker images through Docker Hub. Security researchers identified indicators of compromise linked to the TeamPCP infostealer, and Aqua Security confirmed unauthorized changes during their investigation. TeamPCP repurposed the Trivy compromise infrastructure to deploy a wiper attack targeting Iran or systems with Farsi locale settings over the weekend of March 21–22, 2026. The wiper payload executes only if the victim’s timezone or language indicates Iran, otherwise performing a local wipe or, if Kubernetes access is detected, destroying data on every cluster node. The campaign was orchestrated through Internet Computer Protocol (ICP) canisters that evade takedown attempts and alternate between malware delivery and Rick Roll redirects. TeamPCP operators claim large-scale data theft from major companies, including a multinational pharmaceutical firm, and boast of a second Aqua Security compromise used to spam GitHub accounts. The TeamPCP threat group has expanded operations beyond credential theft to include worm propagation, ransomware deployment, cryptocurrency mining, and destructive attacks targeting Kubernetes environments, underscoring persistent risks in CI/CD supply chains where compromised security tools enable rapid worm propagation and broader malicious activities.

In 2025, the high-tech sector became the most targeted industry for cyber-attacks, comprising 17% of Mandiant’s incident response investigations, surpassing financial services which held the top position in 2023 and 2024. The shift is highlighted in Mandiant’s M-Trends 2026 Report, published on March 23, 2026. The global median dwell time for intrusions increased from 11 days in 2024 to 14 days in 2025, with North Korea-linked espionage and IT worker scam campaigns exhibiting median dwell times of 122 days. Threat actors increasingly leveraged native system functionalities and legitimate tools to evade detection while focusing on recovery denial objectives in ransomware operations.

Analysis of 2025 incident data shows a dramatic reduction in the median time between initial system compromise and handoff to secondary threat groups, shrinking from hours to just 22 seconds. This shift reflects increased operational integration between initial access brokers and follow-on intrusion groups, with automation likely facilitating direct delivery of payloads. The trend underscores a maturing cybercrime ecosystem where access commodification and specialization accelerate attack timelines. The median dwell time for intrusions increased to 14 days in 2025, despite long-term declines over the past decade, driven in part by advanced evasion techniques attributed to North Korean cyberespionage actors and IT workers.

Varonis has launched Varonis Atlas, an end-to-end AI Security Platform designed to inventory, assess, test, govern, and monitor AI systems across enterprise environments. The platform integrates with the Varonis Data Security Platform to provide data-aware security controls for AI agents, custom LLMs, chatbots, and embedded AI across cloud, code repositories, and SaaS. Atlas addresses risks from autonomous AI actions, shadow AI, and third-party dependencies by enforcing runtime guardrails, continuous posture management, adversarial testing, and compliance automation tied to data context and real-time activity monitoring.

Microsoft is resolving an ongoing disruption affecting Exchange Online mailbox access via Outlook mobile and Mac desktop clients, caused by the introduction of a new virtual account in the service. Impacted users experience intermittent access failures since March 20, 2026. Microsoft initiated a rollback of the change as the remediation path after initial infrastructure restarts failed to resolve the issue. The outage has been classified as a service incident, typically reserved for critical disruptions with measurable user impact. Microsoft has not disclosed affected regions or user counts.

A malicious GitHub campaign, tracked as **"TroyDen's Lure Factory"**, is distributing over **300 Trojanized packages**, including a fake **OpenClaw Docker deployer**, to deliver a LuaJIT-based data-stealing Trojan. The campaign targets developers, gamers, and the general public with lures ranging from AI tools to game cheats, exploiting automated analysis gaps by splitting the payload into two components—a renamed Lua runtime and an encrypted script—that evade detection when analyzed separately. Once executed, the Trojan captures screenshots, performs geolocation, and exfiltrates credentials to a Frankfurt-based C2 server, with a **29,000-year sleep delay** to defeat sandboxes. GitHub was notified on **March 20, 2026**, but at least two lure repositories remain active. This follows a pattern of **supply-chain and social engineering attacks** leveraging OpenClaw’s popularity, including prior incidents like the **Cline npm compromise** (February 2026), **malicious ClawHub skills** pushing info-stealers, and **exposed OpenClaw instances** (40,000+ vulnerable deployments globally). Chinese authorities have restricted OpenClaw usage in state-run enterprises due to its **privileged system access and prompt injection risks**, while threat actors continue to distribute **fake installers** (e.g., Atomic Stealer, Vidar, GhostSocks proxy malware). Users are urged to **verify repository authenticity, isolate AI tools, and audit environments** for unexpected OpenClaw installations.