Retail is based on three core systems: In physical sites the Point of Sale (POS) systems, in online sites the Order Management Systems (OMS) and in the business back office the Customer Relationship Management (CRM) systems. This is the IT and Operational beating heart of a retail business. Any disruption in these three can make the business stand still, and for big retailers this means a lot of money lost. The problem in terms of security is that all three systems have natur

Executive Summary On March 12, 2026, Intuitive Surgical , a leading provider of robotic surgery systems, publicly disclosed a cybersecurity incident involving unauthorized access to its internal administrative network. The breach was initiated through a phishing attack that resulted in the compromise of an employee’s credentials. As a result, an unauthorized third party accessed customer business and contact information, as well as employee and corporate records. There is no

Executive Summary Recent discoveries have revealed critical vulnerabilities in Amazon Bedrock , LangSmith , and SGLang - three prominent AI platforms - enabling data exfiltration and remote code execution (RCE). These flaws affect both cloud-based and self-hosted deployments, with some remaining unpatched as of this report. Attackers can exploit these weaknesses to bypass network isolation, hijack user accounts, and execute arbitrary code on backend servers. The vulnerabilit

Executive Summary A critical, unpatched vulnerability - CVE-2026-32746 - has been identified in the GNU InetUtils telnetd daemon, affecting all versions up to and including 2.7. This flaw enables unauthenticated remote attackers to achieve root-level remote code execution (RCE) by sending a specially crafted Telnet protocol message to port 23, before any authentication occurs. The vulnerability is trivial to exploit, requires no credentials or user interaction, and is curre

Executive Summary On March 16–17, 2026, the Council of the European Union imposed sanctions on three companies— Integrity Technology Group and Anxun Information Technology (both based in China), and Emennet Pasargad (based in Iran)—as well as two individuals, for their roles in cyberattacks targeting EU member states and critical infrastructure. The sanctioned entities are linked to large-scale device compromises, influence operations, and data breaches affecting sectors s

Executive Summary A highly sophisticated supply chain attack, attributed to the GlassWorm threat actor and tracked as the ForceMemo campaign, is actively targeting the Python open-source ecosystem by leveraging stolen GitHub tokens to force-push obfuscated malware into legitimate Python repositories. The attack chain begins with the compromise of developer workstations via malicious VS Code and Cursor extensions, which exfiltrate authentication tokens and credentials. Us

Executive Summary The Warlock ransomware group has emerged as a formidable threat actor, demonstrating a rapid evolution in its post-exploitation arsenal and operational sophistication. Leveraging advanced techniques such as Bring Your Own Vulnerable Driver (BYOVD), exploitation of unpatched Microsoft SharePoint and SmarterMail servers, and highly effective credential theft and lateral movement strategies, Warlock has successfully targeted organizations across government,

Executive Summary The emergence of the LeakNet ransomware campaign marks a significant escalation in the sophistication of ransomware operations targeting enterprise environments. This campaign leverages the ClickFix social engineering technique to gain initial access via compromised legitimate websites, coercing users into executing malicious scripts under the guise of security verifications. The attackers then deploy a custom in-memory loader built on the Deno JavaScript

Executive Summary A recent campaign orchestrated by the North Korean advanced persistent threat group Konni has demonstrated a significant escalation in the use of multi-stage malware delivery and lateral propagation techniques. The operation leverages highly targeted spear-phishing emails to deliver the EndRAT (EndClient Remote Access Trojan) payload, exploiting the KakaoTalk desktop application as a propagation vector. This campaign is notable for its abuse of trusted so

Executive Summary Apple has released urgent security updates to address a critical WebKit vulnerability, CVE-2025-14174 , which enables attackers to bypass the Same-Origin Policy (SOP) on iOS and macOS devices. This vulnerability affects all Apple devices capable of rendering web content, including Safari and all browsers on iOS/iPadOS , due to the mandatory use of WebKit as the rendering engine. The flaw is also present in Google Chrome and Microsoft Edge because of

Executive Summary On March 17, 2026, multiple reputable cybersecurity news sources reported that Outpost24 , a cybersecurity firm, was targeted in a sophisticated phishing campaign. The attack was directed at a C-suite executive and utilized a multi-stage approach, leveraging trusted brands and domains to increase the credibility of the phishing attempt. The primary objective was to obtain credentials through social engineering. There is no evidence from any primary source th

Executive Summary On March 10, 2026, Loblaw Companies Limited , Canada’s largest food and pharmacy retailer, publicly disclosed a data breach involving unauthorized access to customer information. The breach, confirmed by multiple independent sources, resulted in the exposure of basic personally identifiable information (PII) including names, phone numbers, and email addresses. No sensitive data such as passwords, health records, or financial information was compromised. The

Executive Summary Starbucks has disclosed a data breach impacting 889 employees after attackers gained unauthorized access to internal HR accounts through credential-harvesting phishing attacks. The breach, detected on February 6, 2026, involved threat actors impersonating the Starbucks Partner Central portal to obtain employee login credentials. The attackers maintained access to affected accounts between January 19 and February 11, 2026, exposing sensitive personal and fin

Executive Summary A critical authentication bypass vulnerability, identified as CVE-2026-23813 , has been discovered in HPE Aruba Networking AOS-CX , the network operating system that powers the Aruba CX-series campus and data center switches. This vulnerability allows unauthenticated remote attackers to reset administrator passwords through the web-based management interface, potentially granting full administrative control over affected devices. While there is currently no

Executive Summary On March 12-13, 2026, Poland’s National Centre for Nuclear Research ( NCBJ ) was the target of a cyberattack aimed at its IT infrastructure. The attack was detected and blocked by internal security systems before any operational impact or data compromise occurred. All safety and research systems, including the MARIA research reactor, continued to function normally throughout the incident. The event triggered a coordinated response involving national cyberse

Executive Summary The GlassWorm supply-chain attack represents a critical escalation in the threat landscape targeting developer ecosystems. Since late January 2026, threat actors have abused at least 72 Open VSX extensions, leveraging transitive dependencies and extension packs to propagate sophisticated malware. This campaign is characterized by its technical complexity, stealthy delivery mechanisms, and broad impact, with over 9 million installs of malicious extensions r

Executive Summary A newly identified banking malware, VENON , written in the Rust programming language, is actively targeting 33 Brazilian banks and digital asset platforms. This malware represents a significant technical leap from the traditional Delphi-based Latin American banking trojans, leveraging advanced evasion techniques, credential-stealing overlays, and shortcut hijacking to compromise victims and exfiltrate sensitive banking credentials. The campaign is notable fo

Executive Summary Iran-linked Advanced Persistent Threat (APT) groups, most notably those affiliated with the Islamic Revolutionary Guard Corps (IRGC) and operating under the CyberAv3ngers persona, have intensified cyber operations targeting the United States and allied nations amid ongoing geopolitical tensions and regional conflict. These campaigns have focused on critical infrastructure sectors, particularly water and wastewater systems, energy, transportation, and healt

Executive Summary Veeam has released critical security patches addressing seven severe vulnerabilities in its flagship Veeam Backup & Replication platform. These flaws, several rated at the highest criticality with CVSS scores of 9.9, enable remote code execution (RCE), privilege escalation, and credential theft by authenticated users. The vulnerabilities impact both Windows-based and Veeam Software Appliance deployments. Given the history of ransomware groups such as FIN7

Executive Summary A highly sophisticated cyber espionage campaign, attributed to a China-based threat cluster, has been actively targeting Southeast Asian military organizations since at least 2020. This campaign leverages two advanced custom malware families, AppleChris and MemFun , alongside a credential harvesting tool known as Getpass (a customized variant of Mimikatz ). The attackers exhibit advanced operational security, strategic patience, and a clear focus on exfilt