Daily Digest

Critical Zero-Days from Cisco & Google Under Active Attack; Iran-Linked Cyber Warfare Escalates

Critical Zero-Days from Cisco & Google Under Active Attack; Iran-Linked Cyber Warfare Escalates

March 2, 2026
10 articles (9 new, 1 updated)
30 min read

Summary

This intelligence brief for March 2, 2026, covers a surge in critical threats, including two actively exploited zero-day vulnerabilities in Cisco SD-WAN (CVE-2026-20127) and Android/Qualcomm devices (CVE-2026-21385). Geopolitical tensions have ignited a wave of cyberattacks from Iran-linked actors targeting the U.S. and Israel. Meanwhile, ransomware attacks continue to plague multiple sectors, with a massive data breach at Conduent affecting 25 million individuals, and nation-state actors like North Korea's APT37 and Russia's APT28 are linked to sophisticated new campaigns.

Filter by Category

New Articles (9)

Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update

CRITICAL

Google's March 2026 Android Update Fixes Actively Exploited Qualcomm Zero-Day (CVE-2026-21385)

Google's March 2026 security update for Android addresses 129 vulnerabilities, including a high-severity zero-day flaw, CVE-2026-21385, in a Qualcomm display component. The vulnerability, a memory corruption issue affecting over 230 Qualcomm chipsets, is confirmed to be under limited, targeted exploitation. The patch is included in the '2026-03-05' security patch level, and users are urged to update their devices as soon as the patch is made available by their respective manufacturers to mitigate the risk of compromise.

March 2, 2026
5 min read
AndroidQualcommZero-DayMemory CorruptionPatch Management +1 more
Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update
Vulnerability
Patch Management
Mobile Security

APT37's 'Ruby Jumper' Malware Breaches Air-Gapped Networks via USB

HIGH

North Korea's APT37 Deploys 'Ruby Jumper' Malware to Steal Data from Air-Gapped Systems

The North Korean state-sponsored group APT37 (aka ScarCruft) is using a new malware suite called 'Ruby Jumper' to breach and exfiltrate data from highly secure, air-gapped networks. Active since at least December 2025, the campaign uses weaponized USB drives to bridge the air gap. The complex attack chain involves LNK files, PowerShell, and a backdoored Ruby interpreter to establish persistence and deploy surveillance tools, demonstrating a significant advancement in techniques for targeting isolated environments.

March 2, 2026
5 min read
APT37ScarCruftAir GapUSBEspionage +2 more
APT37's 'Ruby Jumper' Malware Breaches Air-Gapped Networks via USB
Threat Actor
Malware
Cyberattack

Bitrefill Breach: North Korea's Lazarus Group Suspected in Attack on Crypto Service

MEDIUM

Crypto Payment Service Bitrefill Suffers Data Breach with Hallmarks of Lazarus Group

Bitcoin payment service Bitrefill has disclosed a data breach that occurred on March 1, 2026, after a single employee's laptop was compromised. The attack methods bear a strong resemblance to campaigns by the North Korean state-sponsored Lazarus Group. The breach exposed data from approximately 18,500 purchase records, including email addresses and IP metadata. Bitrefill has isolated the affected systems and is working with law enforcement.

March 2, 2026
4 min read
BitrefillLazarus GroupCryptocurrencyData BreachNorth Korea
Bitrefill Breach: North Korea's Lazarus Group Suspected in Attack on Crypto Service
Data Breach
Threat Actor
Cloud Security

Russia's APT28 Linked to Exploitation of MSHTML Zero-Day Before Patch

HIGH

APT28 (Fancy Bear) Likely Exploited Microsoft MSHTML Zero-Day (CVE-2026-21513) Before February Patch

Security firm Akamai has found evidence suggesting that the Russian state-sponsored group APT28 (Fancy Bear) exploited a high-severity zero-day vulnerability, CVE-2026-21513, in Microsoft's MSHTML framework before it was patched in February 2026. The flaw, which allows attackers to bypass the Mark-of-the-Web (MotW) security feature, was reportedly exploited using malicious LNK files. The findings link the zero-day to infrastructure previously used in APT28 campaigns targeting Ukraine.

March 2, 2026
4 min read
APT28Fancy BearZero-DayMicrosoftMSHTML +2 more
Russia's APT28 Linked to Exploitation of MSHTML Zero-Day Before Patch
Vulnerability
Threat Actor
Patch Management

DragonForce Ransomware Hits Top Brazilian University, Threatens Data Leak

HIGH

DragonForce Ransomware Claims Attack on Brazilian University Fundação Getulio Vargas (FGV)

The DragonForce ransomware group has claimed responsibility for a cyberattack on Fundação Getulio Vargas (FGV), a prominent Brazilian university and research institution. In a post on March 2, 2026, the group threatened to publish a 'full leak' of sensitive data if the university does not enter into negotiations. The attack highlights the continued targeting of the education sector by ransomware gangs.

March 2, 2026
4 min read
DragonForceRansomwareBrazilEducationFGV +1 more
DragonForce Ransomware Hits Top Brazilian University, Threatens Data Leak
Ransomware
Data Breach
Industrial Control Systems

Qilin Ransomware Strikes Italian Logistics Firm, Threatening Supply Chain Disruption

HIGH

Italian Logistics Firm Traffic Tech Targeted by Qilin Ransomware Group

The Qilin ransomware group has claimed an attack on Traffic Tech, a major logistics and freight company based in Italy. The claim was made on March 1, 2026, with the group threatening to leak sensitive operational data. This attack highlights the persistent and significant threat that ransomware poses to the global supply chain, where operational disruptions can have widespread cascading effects.

March 2, 2026
4 min read
QilinRansomwareItalyLogisticsSupply Chain +1 more
Qilin Ransomware Strikes Italian Logistics Firm, Threatening Supply Chain Disruption
Ransomware
Supply Chain Attack
Industrial Control Systems

Vect Ransomware Claims Breach of Indian Manufacturer USHA, Accessing SAP Data

HIGH

Indian Manufacturer USHA International Hit by Vect Ransomware; SAP Data Compromised

The Vect ransomware group has claimed a cyberattack on USHA International Limited, a major Indian manufacturer of consumer durables. In a post on March 1, 2026, the attackers alleged they have breached sensitive employee data and crucial databases, including SAP, CMS, and CMR systems. The group stated that negotiations with the company were in progress, setting a deadline of approximately 19 days before they threaten to leak the stolen data.

March 2, 2026
4 min read
VectRansomwareIndiaManufacturingSAP +1 more
Vect Ransomware Claims Breach of Indian Manufacturer USHA, Accessing SAP Data
Ransomware
Data Breach
Industrial Control Systems

Iran-Linked 'Dust Specter' APT Uses AI-Generated Malware to Spy on Iraqi Officials

HIGH

Suspected Iran-Nexus APT 'Dust Specter' Targets Iraqi Government with Novel Malware

A suspected Iran-nexus threat actor, tracked by Zscaler ThreatLabz as 'Dust Specter,' was observed targeting Iraqi government officials in a cyberespionage campaign in January 2026. The campaign used previously undocumented malware, including a dropper called SPLITDROP, and leveraged a compromised Iraqi government website for command-and-control. Researchers noted with medium-to-high confidence that the malware's codebase shows signs of being developed with the assistance of generative AI, marking a potential evolution in APT tactics.

March 2, 2026
4 min read
Dust SpecterAPTIranIraqEspionage +2 more
Iran-Linked 'Dust Specter' APT Uses AI-Generated Malware to Spy on Iraqi Officials
Threat Actor
Malware
Cyberattack

Samsung Settles with Texas Over Unauthorized Smart TV Data Collection

INFORMATIONAL

Samsung Reaches Settlement with Texas Over Smart TV Privacy Violations

Samsung Electronics has settled with the State of Texas over allegations that it used Automated Content Recognition (ACR) technology in its Smart TVs to collect detailed user viewing data without obtaining proper, express consent. Announced on March 1, 2026, the settlement resolves claims of deceptive trade practices and requires Samsung to overhaul its privacy disclosures and implement more transparent 'opt-in' mechanisms for data tracking, highlighting growing regulatory scrutiny over consumer data privacy in IoT devices.

March 2, 2026
4 min read
SamsungPrivacySmart TVACRTexas +2 more
Samsung Settles with Texas Over Unauthorized Smart TV Data Collection
Policy and Compliance
Regulatory
IoT Security

Updated Articles (1)

Conduent Breach Explodes: Safepay Ransomware Hits 25 Million with Sensitive Data Theft

CRITICAL

Conduent Data Breach Attributed to Safepay Ransomware Expands to Affect Over 25 Million Individuals

Update:

Conduent has begun sending official notification letters to the 25 million individuals affected by the Safepay ransomware breach. The new report emphasizes critical steps for victims, including immediately freezing credit with all three major bureaus, accepting offered monitoring services, and maintaining vigilance against targeted phishing. For organizations, the incident highlights the importance of robust third-party risk management, comprehensive ransomware defense strategies, and well-rehearsed incident response plans to mitigate similar supply chain risks.

March 1, 2026
Updated: March 2, 2026
5 min read
PIIPHIIdentity TheftMedical FraudCredit Freeze
Conduent Breach Explodes: Safepay Ransomware Hits 25 Million with Sensitive Data Theft
Data Breach
Ransomware
Supply Chain Attack

📢 Share This Publication

Help others stay informed about cybersecurity threats