Executive Summary Veeam has released critical security patches addressing seven severe vulnerabilities in its flagship Veeam Backup & Replication platform. These flaws, several rated at the highest criticality with CVSS scores of 9.9, enable remote code execution (RCE), privilege escalation, and credential theft by authenticated users. The vulnerabilities impact both Windows-based and Veeam Software Appliance deployments. Given the history of ransomware groups such as FIN7

Executive Summary A highly sophisticated cyber espionage campaign, attributed to a China-based threat cluster, has been actively targeting Southeast Asian military organizations since at least 2020. This campaign leverages two advanced custom malware families, AppleChris and MemFun , alongside a credential harvesting tool known as Getpass (a customized variant of Mimikatz ). The attackers exhibit advanced operational security, strategic patience, and a clear focus on exfilt

Executive Summary Between March 9 and March 11, 2026, the AppsFlyer Web SDK was compromised in a sophisticated supply-chain attack, resulting in the injection of crypto-stealing JavaScript code into thousands of websites and web applications globally. The malicious code, delivered via the trusted AppsFlyer content delivery network, was engineered to intercept and replace cryptocurrency wallet addresses entered by end users, redirecting funds to attacker-controlled wallets.

Executive Summary The University of Mississippi Medical Center ( UMMC ) experienced a significant ransomware attack in late February 2026, resulting in the closure of its clinics statewide for nine days. The attack forced the academic medical center to take its Epic electronic health record ( EHR ) system offline and restricted access to phone and email communications. While hospitals and emergency departments remained operational using manual downtime procedures, outpatient

Executive Summary On March 4, 2026, a Europol-led coalition of law enforcement and private sector partners dismantled the Tycoon 2FA phishing-as-a-service ( PhaaS ) platform, which had enabled over 64,000 large-scale phishing attacks globally since its emergence in 2023. Tycoon 2FA specialized in adversary-in-the-middle ( AiTM ) phishing, allowing threat actors to bypass multifactor authentication ( MFA ) and compromise accounts across sectors including education, healthcar

Executive Summary Between February 28 and March 2, 2026, a coordinated wave of 149 hacktivist-driven distributed denial-of-service ( DDoS ) attacks targeted 110 organizations across 16 countries, following the U.S.-Israel military campaign against Iran. The majority of attacks were concentrated in the Middle East, with Kuwait, Israel, and Jordan accounting for over 76% of incidents. Nearly half of the targeted organizations were in the government sector, with finance and tele

Executive Summary On March 3, 2026, LexisNexis Legal & Professional confirmed a data breach following the public leak of approximately 2GB of company files by the threat actor known as FulcrumSec . The breach was achieved by exploiting the React2Shell vulnerability in an unpatched React frontend application, granting attackers unauthorized access to the company’s AWS infrastructure. The compromised data primarily consisted of legacy, deprecated information from before 2020

Executive Summary In December 2025, a highly sophisticated cyberattack targeted multiple Mexican government agencies and a major financial institution, resulting in the exfiltration of over 150GB of sensitive data, including personally identifiable information (PII) of nearly 195 million individuals. The attackers leveraged Anthropic’s Claude Code AI assistant, jailbreaking its guardrails to automate exploit development, credential harvesting, and data exfiltration. This inc

Executive Summary The recent compromise of the QuickLens Chrome extension, officially titled QuickLens – Search Screen with Google Lens , represents a significant escalation in browser extension supply chain attacks. In February 2026, threat actors acquired and weaponized this previously benign extension, leveraging its user base of over 7,000 Chrome users to deploy a sophisticated multi-stage malware campaign. The attackers utilized advanced techniques to bypass browser sec

Executive Summary The ClawJacked vulnerability represents a critical security flaw in the widely adopted open-source AI agent platform OpenClaw . This vulnerability enables malicious websites to hijack locally running OpenClaw instances by exploiting a localhost authentication bypass, resulting in unauthorized access, data exfiltration, and potential full system compromise. The attack leverages browser-based JavaScript to brute-force authentication over WebSocket connection

Executive Summary On February 26, 2026, South Korea’s National Tax Service (NTS) inadvertently exposed the mnemonic (seed) phrase of a seized Ledger hardware wallet in an official press release, resulting in the immediate theft of approximately $4.8 million in Pre-Retogeum (PRTG) tokens. The seed phrase, visible in photographs published online, enabled an unknown actor to gain full control of the wallet and transfer all assets out in a series of transactions. This incident

Executive Summary In October 2025, Canadian Tire experienced a significant data breach impacting approximately 38 million customer accounts. The breach resulted in the exposure of personally identifiable information (PII), including names, email addresses, phone numbers, physical addresses, dates of birth, and encrypted passwords. For a subset of users, partial credit card data—such as card type, expiry date, and masked card numbers—was also compromised. No bank account or l

Executive Summary Trend Micro has released urgent security patches addressing two critical remote code execution (RCE) vulnerabilities in the Apex One (on-premise) Management Console, identified as CVE-2025-54948 and CVE-2025-54987 . Both vulnerabilities are rated CVSS 9.4 (Critical) and have been confirmed as exploited in the wild. These flaws enable pre-authenticated remote attackers to upload malicious code and execute arbitrary commands on affected systems, posing a se

Executive Summary Google, in collaboration with Mandiant and industry partners, has disrupted the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 following confirmed breaches of at least 53 organizations across 42 countries. The campaign, which has been active since at least 2017, primarily targeted global telecommunications providers and government organizations. The attackers leveraged a novel backdoor, GRIDTIDE , which abused the Google

Executive Summary Publication Date: February 24, 2026 On February 24, 2026, the United States Department of the Treasury and Department of State announced sweeping sanctions against the Russian exploit broker Operation Zero and its principal, Sergey Sergeyevich Zelenyuk , under the Protecting American Intellectual Property Act (PAIPA). This unprecedented action targets the illicit trade in zero-day vulnerabilities and the theft of proprietary US cyber tools, marking the firs

Executive Summary A critical zero-day vulnerability, CVE-2026-20127 , has been discovered and actively exploited in the wild, targeting Cisco Catalyst SD-WAN Controller (formerly vSmart ) and Cisco Catalyst SD-WAN Manager (formerly vManage ). This vulnerability, rated with a maximum CVSS score of 10.0, enables unauthenticated remote attackers to bypass authentication and obtain administrative privileges, granting them full control over affected SD-WAN environments. The expl

Executive Summary CVE-2026-20127 is a critical zero-day authentication bypass vulnerability (CVSS 10.0) affecting Cisco 's flagship SD-WAN products, specifically Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). This vulnerability has been actively exploited in the wild since at least 2023 by a highly sophisticated threat actor tracked as UAT-8616 . Successful exploitation allows unauthenticated remote attackers to ga

Executive Summary The threat actor UAT-10027 has launched a sophisticated cyber campaign targeting the U.S. education and healthcare sectors, deploying a novel backdoor known as Dohdoor . This malware leverages DNS-over-HTTPS (DoH) for covert command-and-control (C2) communications, enabling it to bypass traditional network monitoring and security controls. The campaign, active since at least December 2025, utilizes advanced evasion techniques such as DLL sideloading, proces

Executive Summary On February 23, 2026, Olympique Marseille became the subject of a public cyberattack claim, with a hacker alleging possession and intent to sell a database containing information on approximately 400,000 supporters. The club responded promptly, issuing an official statement on February 24, 2026, confirming an attempted cyber intrusion but disputing the scale of the breach. Olympique Marseille emphasized that no banking data or passwords were compromised and

Executive Summary Between late 2025 and early 2026, the Russian state-sponsored threat group APT28 (also known as Fancy Bear , STRONTIUM , Sofacy , and Sednit ) orchestrated a sophisticated spear-phishing campaign targeting governmental, diplomatic, and critical infrastructure organizations across Western and Central Europe. This operation, widely referred to as Operation MacroMaze , leveraged macro-enabled Microsoft Office documents that exploited webhook-based infrastructu