Finance Intelligence
Threats targeting banks, financial institutions, payment processors, and fintech companies.
Critical Zero-Day in Palo Alto PAN-OS Firewalls Under Active Mass Exploitation
A critical unauthenticated RCE in PAN-OS GlobalProtect is being mass exploited. Over 25,000 devices vulnerable. CISA issues emergency directive.
LockBit 5.0 Deploys AI-Powered Ransomware with Automated Network Mapping
LockBit 5.0 features AI module for automated reconnaissance, high-value target identification, and optimized encryption timing.
Cl0p Claims 200 New Victims from Cleo Campaign — Threatens Mass Data Release
Cl0p adds 200 organizations to its leak site from the Cleo file transfer campaign. Threatens mass data release starting April 1 if ransoms unpaid.
Critical RCE Chain in Microsoft Azure Kubernetes Service Exposes Cloud Workloads
Three chained vulnerabilities in Azure AKS allow container escape and host node RCE. 40% of AKS clusters were vulnerable before patching.
Lazarus Group Targets DeFi Protocols with New Smart Contract Exploit Kit
Lazarus Group deploys modular smart contract exploit toolkit targeting DeFi protocols. $200M stolen across four platforms in March.
Scattered Spider Breaches Major US Health Insurer — 8.2M Records Exposed
Scattered Spider breaches top-5 US health insurer via help desk social engineering. 8.2M member records including PHI exfiltrated.
Supply Chain Attack Compromises Python AI/ML Libraries — 45M Downloads
Three popular Python AI/ML packages on PyPI compromised. Credential-stealing code targets AWS, GCP, Azure, and AI API keys.
APT29 Targets European Cloud Service Providers in Operation CloudJack
APT29 compromises two European cloud hosting providers to access customer environments. Hundreds of EU government and enterprise tenants at risk.
Cl0p Mass Exploits Cleo File Transfer Zero-Day — 600+ Organizations Hit
Cl0p launches fourth major file transfer campaign exploiting Cleo Harmony, VLTrader, and LexiCom zero-day. Systematic data exfiltration ongoing.
Critical Fortinet FortiManager Flaw Enables Managed Firewall Takeover
CVE-2026-48788 allows registration of rogue FortiGate devices to FortiManager, enabling config push to entire managed firewall estate.
LockBit Affiliate Arrested — Europol Seizes $14M in Cryptocurrency
Europol arrests LockBit affiliate in Ukraine and seizes $14M in cryptocurrency. Suspect linked to attacks on 150+ organizations.
NIST NVD Backlog Exceeds 30,000 Unanalyzed CVEs
NVD backlog doubles year-over-year, creating blind spots in vuln management. Industry coalition demands congressional emergency funding.
Lazarus Group Linked to $1.5B Bybit Cryptocurrency Heist
FBI attributes the $1.5 billion Bybit cryptocurrency exchange hack to North Korea Lazarus Group. Largest crypto theft in history.
ENISA Publishes 2026 Threat Landscape Report — Ransomware and AI Threats Dominate
ENISA annual report identifies ransomware, AI-enabled threats, and supply chain attacks as the top three cyber threats facing Europe in 2026.
Black Basta Ransomware Pivots to Microsoft Teams Social Engineering
Black Basta affiliates using Microsoft Teams messages and Quick Assist for initial access, bypassing email security controls entirely.
Critical VMware ESXi Vulnerability Allows Guest-to-Host Escape
A critical use-after-free vulnerability in VMware ESXi allows virtual machine escape. Active exploitation by ransomware groups confirmed.
Scattered Spider Uses AI Voice Cloning to Bypass Voice-Based MFA
Scattered Spider adopts AI voice cloning to defeat voice verification MFA at financial institutions. Three banks confirm successful bypass.
Ivanti Connect Secure New Zero-Day Under Active Exploitation
Another zero-day in Ivanti Connect Secure VPN appliances. Stack buffer overflow enables unauthenticated RCE. Third major Ivanti VPN zero-day in two years.
Microsoft Patches 97 Vulnerabilities Including Three Actively Exploited Zero-Days
March 2026 Patch Tuesday addresses 97 CVEs with three actively exploited zero-days in Windows kernel, NTLM, and Hyper-V.
Critical Cisco NX-OS Command Injection Affects Data Center Switches
Command injection in Cisco NX-OS CLI allows authenticated users to escalate to root on Nexus data center switches. PoC exploit published.
Play Ransomware Targets Managed Service Providers for Downstream Access
Play ransomware compromises three MSPs to deploy ransomware across 120+ downstream client organizations simultaneously.
SEC Proposes Updated Cybersecurity Incident Reporting Rules for Public Companies
SEC proposes amendments requiring public companies to report material cyber incidents within 48 hours, down from 4 business days.
ALPHV Successor RansomHub Becomes Top Ransomware Threat in Q1 2026
RansomHub, believed to include former ALPHV/BlackCat operators, claims 185+ victims in Q1 2026 alone. Now the most prolific ransomware operation.
FBI Warns of AI-Generated Deepfake Voice Attacks Targeting Corporate Executives
FBI issues alert on rising deepfake voice attacks using AI-cloned executive voices to authorize fraudulent wire transfers. $68M stolen in Q1 2026.
North Korean IT Workers Infiltrate Fortune 500 Companies via Remote Positions
DOJ charges 14 North Korean nationals operating as remote IT workers at Fortune 500 companies. $88M in wages funneled to DPRK regime.
Critical SonicWall SMA Gateway Auth Bypass Under Active Exploitation
Authentication bypass in SonicWall SMA 1000 series gateways allows unauthenticated admin access. Active exploitation confirmed by CISA.
Black Basta Internal Chat Logs Leaked — Reveal Operations and Targets
Leaked internal communications from Black Basta ransomware group reveal operational structure, target selection process, and connections to former Conti members.
European Banking Authority Reports 340% Increase in DDoS Attacks on Banks
EBA reports unprecedented surge in DDoS attacks against European financial institutions. Pro-Russian hacktivist groups responsible for majority of attacks.
Scattered Spider Member Arrested in Spain — FBI Unseals Indictment
FBI and Spanish police arrest alleged Scattered Spider member linked to MGM, Caesars, and healthcare breaches. Indictment details $100M+ in damages.
Jenkins Security Advisory Patches Critical RCE in Pipeline Plugin
Critical deserialization vulnerability in Jenkins Pipeline plugin allows unauthenticated RCE. 150,000+ Jenkins instances exposed.
GitHub Actions Supply Chain Attack Injects Malware Into CI/CD Pipelines
Compromised GitHub Action used by 23,000+ repositories injects credential-stealing code into CI/CD pipelines. Broad exposure across enterprise repositories.
CISA Adds 12 Vulnerabilities to Known Exploited Vulnerabilities Catalog in One Week
CISA adds 12 vulnerabilities to KEV catalog in a single week — the highest since the catalog launch. Reflects accelerating exploitation pace.
Google Project Zero Discloses Linux Kernel Zero-Day in eBPF Subsystem
Google Project Zero discloses a critical privilege escalation in the Linux kernel eBPF verifier. Affects cloud workloads, containers, and Android.