🚨 Major Breaches & Incidents
France bank registry breach, Advantest ransomware disclosure, Canada Goose leak fallout

🛠️ Emerging Threats & Vulnerabilities
SolarWinds WHD exploitation, Patch Tuesday zero-days, Ivanti EPMM exploitation telemetry, Chrome zero-day, BeyondTrust RCE details, Roundcube KEV exploitation

🤖 AI in Cyber
AI used in attacks, prompt injection supply-chain risk, enterprise AI governance pressure

🌍 APTs and State Sponsored Attacks
Iran protest espionage campaign, Volt Typhoon persistence concerns

🔎 Privacy Watch
Poland bars Chinese-made cars from military sites

💳 Attacker got into France’s database listing all bank accounts, makes off with 1.2 million records
Attackers accessed a database tied to France’s national bank account system, exposing account-linked information. While not a full banking system compromise, the dataset could enable downstream fraud and identity abuse. Authorities are investigating the intrusion scope.
👉 Key Takeaway: Financial metadata is just as valuable as direct account access. Data exposure is often the prelude, not the finale.

🏭 Advantest responds to cybersecurity incident
Advantest said an unauthorized party may have accessed parts of its network and deployed ransomware, and it is investigating with outside experts. The company moved quickly to contain the incident and reported no confirmed production shutdown, but supply chain sensitivity makes this a high-impact target class.
👉 Key Takeaway: Semiconductor supply chains remain geopolitical and criminal hot zones. Even limited impact incidents ripple outward.

🧥 Canada Goose downplays ShinyHunters data leak
After criminals claimed to possess customer transaction data, Canada Goose stated the information did not originate from its internal systems. The source of the data remains unclear, raising the possibility of third-party or credential-stuffing exposure.
👉 Key Takeaway: Even when the breach is not yours, the reputational blast radius is.

🧰 Hackers exploit SolarWinds Web Help Desk flaws to deploy Velociraptor
Attackers are actively exploiting SolarWinds Web Help Desk vulnerabilities and deploying legitimate tools like Velociraptor for persistence and post-exploitation. Using legitimate DFIR tooling as a foothold makes detection significantly harder.
👉 Key Takeaway: If attackers are using your security tools, detection gets messy fast.

🩹 Microsoft patches six actively exploited zero-days
Microsoft’s February updates included fixes for six zero-days already being exploited in the wild. Several impact core Windows components, making rapid patch deployment critical for enterprise environments.
👉 Key Takeaway: Actively exploited means patch first, change review board later.

🎯 One threat actor behind 83% of recent Ivanti RCE attacks
Telemetry suggests a single actor drove the majority of exploitation attempts against critical Ivanti EPMM vulnerabilities. Concentrated exploitation indicates coordinated scanning and automation at scale.
👉 Key Takeaway: Edge-facing products do not get a grace period. Once a flaw drops, it is a race.

🌐 Google patches first actively exploited Chrome zero-day of 2026
Google issued an emergency Chrome update for a zero-day under active exploitation. Because browsers now sit at the center of enterprise identity and SaaS access, these vulnerabilities are far from consumer-only issues.
👉 Key Takeaway: The browser is the new endpoint. Treat it like one.

🔐 BeyondTrust vulnerability exploited in ransomware attacks
Security researchers linked exploitation of a BeyondTrust flaw to ransomware campaigns. Remote access and privileged access management platforms remain high-value targets for initial compromise.
👉 Key Takeaway: Remote access tools are prime real estate for ransomware operators.

📬 Roundcube Webmail vulnerability exploited in the wild
Recently patched Roundcube vulnerabilities are now being actively exploited, prompting CISA attention. Webmail systems remain highly attractive due to their intersection with identity and communications.
👉 Key Takeaway: If it handles email and touches the internet, assume it is being scanned.

🧠 Google Threat Intelligence Group report: How threat actors are using AI in cyber attacks
Google’s threat intel team outlines how state-backed and criminal groups are using generative AI for reconnaissance, social engineering, and faster iteration of malicious tooling. The key shift is productivity: better lures, faster research, and fewer language barriers.
👉 Key Takeaway: AI is not the magic hack button - it’s the force multiplier for everything attackers already do.

🦞 The AI security nightmare is here and it looks suspiciously like lobster
A prompt injection attack abused an open-source AI coding agent workflow to push an AI agent onto users’ machines, showing how agentic tools can become an accidental software distribution channel. The incident is a preview of what happens when models can act, not just chat.
👉 Key Takeaway: When an AI tool has permissions, prompt injection becomes a supply chain problem.

🧾 US FTC ramps up scrutiny of Microsoft over AI, cloud practices
Reuters reports the FTC is intensifying its inquiry into Microsoft’s AI and cloud practices, including questions to competitors about bundling and licensing dynamics. Even if this stays in the investigative phase, it signals where AI governance pressure is heading for enterprise platforms.
👉 Key Takeaway: AI security is now inseparable from platform power - expect governance scrutiny to keep climbing.

🕵️ Hackers target supporters of Iran protests in espionage campaign
Researchers identified a cyber-espionage campaign targeting individuals connected to anti-government protests in Iran. The operation blends political surveillance objectives with credential theft and malware deployment.
👉 Key Takeaway: Geopolitical cyber campaigns increasingly target people, not just institutions.

⚡ Volt Typhoon still embedded in critical infrastructure
Researchers warn that the China-linked Volt Typhoon group remains active in critical infrastructure environments. The concern is long-term persistence and pre-positioning rather than immediate disruption.
👉 Key Takeaway: Persistence is power. Pre-positioning is strategy.

🚗 Poland bans Chinese-made vehicles from military sites
Poland restricted China-manufactured vehicles from entering military facilities due to data collection and security concerns. Modern vehicles are sensor platforms, and governments are beginning to treat them as such.
👉 Key Takeaway: Your car is a rolling data center. Governments are starting to act like it.