Tag: phishing

Week in Malware: CISA Adds n8n to KEV, Iran-Linked Wiper Hits Medical Giant

CISA added an actively exploited n8n RCE vulnerability to its KEV catalog, mandating federal patches by March 25. Meanwhile, Iranian-linked Handala group deployed wiper malware against medical technology giant Stryker.

Mar 12, 2026BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Bitdefender Labs

ransomwaresupply-chaincisa-kev

🇷🇺BlackCat

🇺🇸Google🇺🇸Meta Platforms

criticalMalware & Threats

Malware Threats Weekly: CISA Flags Ivanti EPM Zero-Day, APT28 Leverages Covenant Framework, Meta Ad Network Powers Global Scam Operations

CISA ordered federal agencies to patch an actively exploited Ivanti Endpoint Manager vulnerability within three weeks. Russian APT28 operators are using customized Covenant framework tools for espionage, while a massive investment fraud network leveraging Meta advertising platforms has been discovered operating across 25 countries.

Mar 10, 2026BleepingComputer, Checkpoint Research, Malwarebytes Labs, SecureList (Kaspersky), Bitdefender Labs

apt28ivanticisa-kev

🏴ShinyHunters🇷🇺APT28🏴Play

🇺🇸Meta Platforms🇺🇸Google

highNation-State & APT

Tycoon 2FA Platform Disrupted, Russian Messaging App Attacks, AI Security Bypasses

International law enforcement disrupted the Tycoon 2FA phishing-as-a-service platform that targeted over 500,000 organizations monthly. Meanwhile, Dutch intelligence warns of Russian-linked actors targeting encrypted messaging apps used by government officials worldwide.

Mar 10, 2026Security Affairs, Palo Alto Unit 42

phishinglaw-enforcementrussia

🇺🇸Meta Platforms

mediumMalware & Threats

Weekly Threat Roundup: EU Court Shifts Phishing Liability, New .arpa Evasion Techniques Emerge

The EU's top court adviser suggests banks must immediately refund phishing victims regardless of fault, while threat actors exploit .arpa domains and IPv6 reverse DNS to bypass email security. Research also advances on AI-powered threat intelligence extraction.

Mar 9, 2026BleepingComputer, SentinelOne Labs, Malwarebytes Labs

phishingdns-evasionarpa-domain

mediumMalware & Threats

Social Security Phishing Campaign Deploys Datto RMM for Remote PC Takeover

A phishing campaign is targeting US recipients with fake Social Security Administration emails containing fraudulent tax documents. The attack uses legitimate Datto RMM software to gain persistent remote access to compromised systems.

Mar 8, 2026Hackread

phishingsocial-engineeringremote-access-trojan

criticalIndustry & Policy

Cyber Threat Landscape Shifts: AI-Powered Attacks, Critical Cisco Flaws, and Global Enforcement Wins

This week brought critical infrastructure vulnerabilities from Cisco, AI-powered nation-state malware campaigns, and successful law enforcement operations against cybercriminal infrastructure. The convergence of AI tooling in both offensive and defensive operations marks a significant shift in the threat landscape.

Mar 6, 2026Dark Reading, Infosecurity Magazine

threat-intelligencevulnerabilitiesai-security

highData Breaches & Incidents

Security Roundup: Certificate Abuse, Phishing Evolution, and Enterprise Defense Gaps

Attackers are leveraging stolen certificates to distribute malware through fake Zoom/Teams updates, while new phishing tactics exploit encrypted flows and QR codes to bypass enterprise defenses. Startups face unique confidentiality challenges during fundraising and hiring processes.

Mar 5, 2026Hackread

phishingmalwarecertificates

highIndustry & Policy

VMware Exploitation Active, Major Law Enforcement Wins Against Cybercrime Infrastructure

Attackers are actively exploiting a command injection flaw in VMware Aria Operations that could compromise cloud environments. Meanwhile, coordinated law enforcement operations have successfully taken down the LeakBase data breach forum and Tycoon2FA phishing-as-a-service platform.

Mar 5, 2026Dark Reading, Infosecurity Magazine

vmwareexploitationlaw-enforcement

mediumData Breaches & Incidents

Weekly Security Roundup: Vehicle Tracking Privacy Flaws, Telegram Cybercrime Surge, and Major CSAM Network Disrupted

Researchers demonstrate how unencrypted tire pressure sensors can track vehicles without consent, while cybercriminals increasingly use Telegram for selling access and malware. Meanwhile, Europol's Project Compass resulted in 30 arrests targeting a network exploiting minors.

Mar 4, 2026Hackread

privacyvehicle-securitytelegram

🇦🇪Telegram🇺🇸Google

criticalMalware & Threats

Critical Infrastructure Under Fire: AWS Drone Strikes, Android Zero-Day, and AI-Powered Attack Tools

Physical attacks on AWS infrastructure in the Middle East caused extensive cloud service outages, while Google patched an actively exploited Qualcomm zero-day affecting Android devices. Multiple major data breaches and the weaponization of AI security tools highlight escalating threat landscape complexity.

Mar 3, 2026BleepingComputer, Cisco Talos

awszero-dayransomware

🇺🇸Amazon🇺🇸Google

mediumData Breaches & Incidents

Weekly Security Roundup: Teramind Phishing Campaign Targets Remote Workers

Cybercriminals are leveraging fake video conferencing pages to trick users into installing Teramind monitoring software on Windows systems. The campaign exploits trust in legitimate platforms like Zoom and Google Meet to deploy potentially unwanted monitoring tools.

Mar 2, 2026Hackread

phishingteramindmonitoring-software

🇺🇸Google

mediumMalware & Threats

Privacy Settlement, Phishing Evolution, and Weekly Threat Intel Roundup

Samsung agrees to stop collecting Texas residents' viewing data without consent following state settlement. Meanwhile, threat actors deploy sophisticated phishing campaigns disguised as purchase order PDFs to harvest credentials.

Mar 2, 2026BleepingComputer, Malwarebytes Labs

privacyphishingsmart-tv

🇰🇷Samsung