Healthcare Intelligence
Cyber threats targeting hospitals, pharmaceutical companies, medical devices, and health information systems.
Critical Zero-Day in Palo Alto PAN-OS Firewalls Under Active Mass Exploitation
A critical unauthenticated RCE in PAN-OS GlobalProtect is being mass exploited. Over 25,000 devices vulnerable. CISA issues emergency directive.
LockBit 5.0 Deploys AI-Powered Ransomware with Automated Network Mapping
LockBit 5.0 features AI module for automated reconnaissance, high-value target identification, and optimized encryption timing.
Cl0p Claims 200 New Victims from Cleo Campaign — Threatens Mass Data Release
Cl0p adds 200 organizations to its leak site from the Cleo file transfer campaign. Threatens mass data release starting April 1 if ransoms unpaid.
Critical RCE Chain in Microsoft Azure Kubernetes Service Exposes Cloud Workloads
Three chained vulnerabilities in Azure AKS allow container escape and host node RCE. 40% of AKS clusters were vulnerable before patching.
Scattered Spider Breaches Major US Health Insurer — 8.2M Records Exposed
Scattered Spider breaches top-5 US health insurer via help desk social engineering. 8.2M member records including PHI exfiltrated.
Supply Chain Attack Compromises Python AI/ML Libraries — 45M Downloads
Three popular Python AI/ML packages on PyPI compromised. Credential-stealing code targets AWS, GCP, Azure, and AI API keys.
Volt Typhoon in US Water Systems Triggers EPA Emergency Order
EPA emergency order after confirming Volt Typhoon access to water treatment SCADA systems serving 20M+ Americans. Chemical dosing manipulation capability confirmed.
Cl0p Mass Exploits Cleo File Transfer Zero-Day — 600+ Organizations Hit
Cl0p launches fourth major file transfer campaign exploiting Cleo Harmony, VLTrader, and LexiCom zero-day. Systematic data exfiltration ongoing.
LockBit Affiliate Arrested — Europol Seizes $14M in Cryptocurrency
Europol arrests LockBit affiliate in Ukraine and seizes $14M in cryptocurrency. Suspect linked to attacks on 150+ organizations.
NIST NVD Backlog Exceeds 30,000 Unanalyzed CVEs
NVD backlog doubles year-over-year, creating blind spots in vuln management. Industry coalition demands congressional emergency funding.
ENISA Publishes 2026 Threat Landscape Report — Ransomware and AI Threats Dominate
ENISA annual report identifies ransomware, AI-enabled threats, and supply chain attacks as the top three cyber threats facing Europe in 2026.
Black Basta Ransomware Pivots to Microsoft Teams Social Engineering
Black Basta affiliates using Microsoft Teams messages and Quick Assist for initial access, bypassing email security controls entirely.
Critical VMware ESXi Vulnerability Allows Guest-to-Host Escape
A critical use-after-free vulnerability in VMware ESXi allows virtual machine escape. Active exploitation by ransomware groups confirmed.
Rhysida Ransomware Attacks Five US Hospital Systems in Coordinated Campaign
Rhysida ransomware group simultaneously attacks five US hospital systems, forcing ER diversions and surgical cancellations across 23 facilities.
Microsoft Patches 97 Vulnerabilities Including Three Actively Exploited Zero-Days
March 2026 Patch Tuesday addresses 97 CVEs with three actively exploited zero-days in Windows kernel, NTLM, and Hyper-V.
Play Ransomware Targets Managed Service Providers for Downstream Access
Play ransomware compromises three MSPs to deploy ransomware across 120+ downstream client organizations simultaneously.
SEC Proposes Updated Cybersecurity Incident Reporting Rules for Public Companies
SEC proposes amendments requiring public companies to report material cyber incidents within 48 hours, down from 4 business days.
ALPHV Successor RansomHub Becomes Top Ransomware Threat in Q1 2026
RansomHub, believed to include former ALPHV/BlackCat operators, claims 185+ victims in Q1 2026 alone. Now the most prolific ransomware operation.
North Korean IT Workers Infiltrate Fortune 500 Companies via Remote Positions
DOJ charges 14 North Korean nationals operating as remote IT workers at Fortune 500 companies. $88M in wages funneled to DPRK regime.
Critical SonicWall SMA Gateway Auth Bypass Under Active Exploitation
Authentication bypass in SonicWall SMA 1000 series gateways allows unauthenticated admin access. Active exploitation confirmed by CISA.
Black Basta Internal Chat Logs Leaked — Reveal Operations and Targets
Leaked internal communications from Black Basta ransomware group reveal operational structure, target selection process, and connections to former Conti members.
Scattered Spider Member Arrested in Spain — FBI Unseals Indictment
FBI and Spanish police arrest alleged Scattered Spider member linked to MGM, Caesars, and healthcare breaches. Indictment details $100M+ in damages.
GitHub Actions Supply Chain Attack Injects Malware Into CI/CD Pipelines
Compromised GitHub Action used by 23,000+ repositories injects credential-stealing code into CI/CD pipelines. Broad exposure across enterprise repositories.
CISA Adds 12 Vulnerabilities to Known Exploited Vulnerabilities Catalog in One Week
CISA adds 12 vulnerabilities to KEV catalog in a single week — the highest since the catalog launch. Reflects accelerating exploitation pace.