Executive Summary Veeam has released critical security patches addressing seven severe vulnerabilities in its flagship Veeam Backup & Replication platform. These flaws, several rated at the highest criticality with CVSS scores of 9.9, enable remote code execution (RCE), privilege escalation, and credential theft by authenticated users. The vulnerabilities impact both Windows-based and Veeam Software Appliance deployments. Given the history of ransomware groups such as FIN7

Executive Summary A highly sophisticated cyber espionage campaign, attributed to a China-based threat cluster, has been actively targeting Southeast Asian military organizations since at least 2020. This campaign leverages two advanced custom malware families, AppleChris and MemFun , alongside a credential harvesting tool known as Getpass (a customized variant of Mimikatz ). The attackers exhibit advanced operational security, strategic patience, and a clear focus on exfilt

Executive Summary Between March 9 and March 11, 2026, the AppsFlyer Web SDK was compromised in a sophisticated supply-chain attack, resulting in the injection of crypto-stealing JavaScript code into thousands of websites and web applications globally. The malicious code, delivered via the trusted AppsFlyer content delivery network, was engineered to intercept and replace cryptocurrency wallet addresses entered by end users, redirecting funds to attacker-controlled wallets.

Executive Summary Recent intelligence has revealed that sophisticated threat actors are actively exploiting authentication bypass vulnerabilities in FortiGate Next-Generation Firewall appliances to gain unauthorized access to enterprise networks and exfiltrate sensitive service account credentials. These attacks leverage flaws in the FortiCloud SSO implementation, specifically targeting vulnerabilities such as CVE-2025-59718 and CVE-2025-59719 , which allow adversaries to

Executive Summary The March 2026 Security Patch Day from SAP has brought to light two critical vulnerabilities affecting SAP FS-QUO (Quotation Management Insurance) and SAP NetWeaver Enterprise Portal Administration . These vulnerabilities, identified as CVE-2019-17571 and CVE-2026-27685 , enable unauthenticated remote code execution and insecure deserialization, respectively. The exploitation of these flaws could result in full system compromise, including the loss of con

Executive Summary The Russian state-sponsored threat actor APT28 (also known as Fancy Bear , Sednit , Forest Blizzard , Unit 26165 , and TA422 ) has intensified its cyber-espionage operations against the Ukrainian military by deploying two advanced malware strains: BEARDSHELL and a customized variant of COVENANT . These campaigns, active since at least April 2024, leverage cloud-based command-and-control (C2) infrastructure and sophisticated obfuscation techniques to mainta

Key Takeaways: Cyber is the New Vanguard: Kinetic military action is now immediately paired with massive digital disruption, targeting both military command structures and civilian connectivity to create a "digital fog." The Blast Radius is Regional: Cyber conflict no longer respects borders. Shared regional cloud infrastructure and interconnected financial systems are highly vulnerable to collateral damage and rapid capital flight. Resilience Over Perimeter Defense: With att

The following is a Rescana review of research prepared by CSET in Washington DC on China’s Military AI Wish. It illustrates: a) The significant value of open source analysis on your Third Party engagement and relations; b) How your Cyber Risk Landscape evolves as a result of AI; c) The seriousness of China’s State level Advanced Persistent Threats. Open source Research on Supply Chain Recent research published in February 2026 by CSET (Center of Security and Emerging Techn

Executive Summary Publication Date: March 2026 The VOID#GEIST malware campaign represents a new frontier in multi-stage, script-based cyberattacks, delivering advanced Remote Access Trojans ( XWorm , AsyncRAT , and Xeno RAT ) through a highly modular and evasive framework. By leveraging legitimate tools such as embedded Python runtimes and Microsoft binaries, and employing fileless shellcode injection, VOID#GEIST is designed to evade traditional security controls and comp

Executive Summary On February 17, 2026, the Federal Bureau of Investigation (FBI) initiated an investigation into suspicious cyber activity detected on an internal system containing sensitive surveillance and investigative information. The affected system, while unclassified, holds law enforcement sensitive data, including returns from legal processes such as pen register and trap and trace surveillance, as well as personally identifiable information (PII) related to subject

Executive Summary A newly identified campaign orchestrated by the Iranian state-sponsored advanced persistent threat group MuddyWater (also known as Seedworm and attributed to Iran’s Ministry of Intelligence and Security, MOIS) is actively targeting U.S. organizations with a sophisticated malware arsenal. The centerpiece of this campaign is a novel backdoor dubbed Dindoor , which leverages the Deno JavaScript runtime for execution, marking a significant evolution in the gr

Executive Summary The recent deployment of OpenAI Codex Security has marked a significant milestone in automated vulnerability discovery, with the platform autonomously scanning over 1.2 million code commits and identifying 10,561 high-severity issues, including 792 critical vulnerabilities, across a spectrum of widely used open-source projects. This unprecedented scale of automated code review has exposed latent risks in foundational software components such as GnuPG , GnuT

Executive Summary The University of Mississippi Medical Center ( UMMC ) experienced a significant ransomware attack in late February 2026, resulting in the closure of its clinics statewide for nine days. The attack forced the academic medical center to take its Epic electronic health record ( EHR ) system offline and restricted access to phone and email communications. While hospitals and emergency departments remained operational using manual downtime procedures, outpatient

Executive Summary On March 4, 2026, a Europol-led coalition of law enforcement and private sector partners dismantled the Tycoon 2FA phishing-as-a-service ( PhaaS ) platform, which had enabled over 64,000 large-scale phishing attacks globally since its emergence in 2023. Tycoon 2FA specialized in adversary-in-the-middle ( AiTM ) phishing, allowing threat actors to bypass multifactor authentication ( MFA ) and compromise accounts across sectors including education, healthcar

Executive Summary Between February 28 and March 2, 2026, a coordinated wave of 149 hacktivist-driven distributed denial-of-service ( DDoS ) attacks targeted 110 organizations across 16 countries, following the U.S.-Israel military campaign against Iran. The majority of attacks were concentrated in the Middle East, with Kuwait, Israel, and Jordan accounting for over 76% of incidents. Nearly half of the targeted organizations were in the government sector, with finance and tele

Executive Summary On March 3, 2026, LexisNexis Legal & Professional confirmed a data breach following the public leak of approximately 2GB of company files by the threat actor known as FulcrumSec . The breach was achieved by exploiting the React2Shell vulnerability in an unpatched React frontend application, granting attackers unauthorized access to the company’s AWS infrastructure. The compromised data primarily consisted of legacy, deprecated information from before 2020

Executive Summary Publication Date: March 2, 2026 The Register’s March 2, 2026 report, “Iran’s cyberwar has begun,” marks a significant escalation in Iranian state-sponsored cyber operations following recent US and Israeli missile strikes. Iranian Advanced Persistent Threat (APT) groups have launched a coordinated campaign targeting Israel, Persian Gulf states, and organizations with US or Israeli ties. The campaign leverages advanced reconnaissance, custom malware, ransomwa

Executive Summary In December 2025, a highly sophisticated cyberattack targeted multiple Mexican government agencies and a major financial institution, resulting in the exfiltration of over 150GB of sensitive data, including personally identifiable information (PII) of nearly 195 million individuals. The attackers leveraged Anthropic’s Claude Code AI assistant, jailbreaking its guardrails to automate exploit development, credential harvesting, and data exfiltration. This inc

Executive Summary The recent compromise of the QuickLens Chrome extension, officially titled QuickLens – Search Screen with Google Lens , represents a significant escalation in browser extension supply chain attacks. In February 2026, threat actors acquired and weaponized this previously benign extension, leveraging its user base of over 7,000 Chrome users to deploy a sophisticated multi-stage malware campaign. The attackers utilized advanced techniques to bypass browser sec

Executive Summary The ClawJacked vulnerability represents a critical security flaw in the widely adopted open-source AI agent platform OpenClaw . This vulnerability enables malicious websites to hijack locally running OpenClaw instances by exploiting a localhost authentication bypass, resulting in unauthorized access, data exfiltration, and potential full system compromise. The attack leverages browser-based JavaScript to brute-force authentication over WebSocket connection