Daily Digest

LexisNexis Breached by 'FulcrumSec,' Global Coalition Dismantles Tycoon 2FA Phishing Empire, and Critical Cisco RCE Patched

LexisNexis Breached by 'FulcrumSec,' Global Coalition Dismantles Tycoon 2FA Phishing Empire, and Critical Cisco RCE Patched

March 5, 2026
6 articles (4 new, 2 updated)
18 min read

Summary

This cybersecurity brief for March 5, 2026, covers a series of high-impact events. Data analytics giant LexisNexis confirmed a major cloud breach by the threat actor 'FulcrumSec,' exposing sensitive legal and government user data. In a significant win for law enforcement, an international coalition led by Europol and Microsoft dismantled the 'Tycoon 2FA' Phishing-as-a-Service platform. Meanwhile, critical vulnerabilities demand immediate attention: Cisco patched a CVSS 10.0 RCE flaw in its firewall management software that was exploited as a zero-day, and CISA added a separate, actively exploited VMware Aria Operations bug to its KEV catalog. The day also saw massive data breach disclosures from CarGurus (12.4M users) and European retailer ManoMano (38M users).

Filter by Category

New Articles (4)

CISA KEV Alert: Actively Exploited VMware Aria Flaw (CVE-2026-22719) Allows Remote Code Execution

HIGH

CISA Adds Actively Exploited VMware Aria Operations Vulnerability (CVE-2026-22719) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity command injection vulnerability in VMware Aria Operations, CVE-2026-22719, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms the flaw is being actively exploited in the wild. The vulnerability, rated CVSS 8.1, allows an unauthenticated attacker to achieve remote code execution during a product migration process, potentially granting them broad access to an organization's virtual infrastructure.

March 5, 2026
4 min read
CISA KEVcommand injectionvirtualizationBroadcomRCE
CISA KEV Alert: Actively Exploited VMware Aria Flaw (CVE-2026-22719) Allows Remote Code Execution
Vulnerability
Cloud Security
Patch Management

CrowdStrike & Schwarz Digits to Offer Sovereign AI-Native Security on STACKIT Cloud

INFORMATIONAL

CrowdStrike Partners with Schwarz Digits for Sovereign AI-Native Security Platform in Europe

CrowdStrike has announced a strategic partnership with Schwarz Digits, the IT division of the group owning retail giants Lidl and Kaufland. The collaboration will deliver CrowdStrike's AI-native Falcon cybersecurity platform on STACKIT, the sovereign cloud developed by Schwarz Group. This initiative aims to provide a comprehensive security solution that meets stringent European data sovereignty and residency requirements, ensuring customer data remains within European legal jurisdictions.

March 5, 2026
3 min read
sovereign clouddata residencypartnershipEuropeGDPR +1 more
CrowdStrike & Schwarz Digits to Offer Sovereign AI-Native Security on STACKIT Cloud
Cloud Security
Policy and Compliance
Other

Hennessy Advisors Discloses Year-Old Data Breach, Notifying 12,000 Individuals

MEDIUM

Hennessy Advisors Notifies 12,000+ Individuals of Data Breach Occurring in March 2025

California-based investment firm Hennessy Advisors, Inc. has begun notifying over 12,000 individuals of a data breach that occurred nearly a full year ago, on March 30, 2025. The notification, filed in early 2026, reveals that an external system breach led to the potential compromise of highly sensitive personal information, including names, driver's license numbers, and financial account details. The significant delay in notification raises concerns and increases the risk of fraud for affected clients.

March 5, 2026
4 min read
delayed notificationinvestment firmfinancial dataPIIincident response
Hennessy Advisors Discloses Year-Old Data Breach, Notifying 12,000 Individuals
Data Breach
Incident Response
Regulatory

Latin America Now Top Global Target, Facing Double the Cyberattacks of US, Report Finds

INFORMATIONAL

Check Point Research: Latin America is Most Targeted Region for Cyberattacks Globally

A new threat report from Check Point Research reveals a dramatic shift in the global cyber threat landscape, with Latin America emerging as the world's most heavily targeted region. Organizations in Latin America now face an average of 3,100 cyber threats per week, a figure that is more than double the rate seen in the United States. This surge is attributed to rapid digitalization across the region, often outpacing the implementation of mature cybersecurity defenses.

March 5, 2026
3 min read
regional trendsattack volumeCheck Pointthreat landscape
Latin America Now Top Global Target, Facing Double the Cyberattacks of US, Report Finds
Threat Intelligence
Other

Updated Articles (2)

Middle East Cyber Conflict Escalates Following Military Strikes on Iran

HIGH

U.S.-Israel Strikes on Iran Trigger Wave of Retaliatory Cyberattacks Across Middle East

Update:

The UK's National Cyber Security Centre (NCSC) has issued an advisory to British organizations, including Critical National Infrastructure (CNI) and those with Middle East operations or supply chains. The warning highlights a heightened risk of indirect cyber threats and collateral damage from Iranian state-sponsored actors and affiliated hacktivist groups, stemming from the ongoing Middle East cyber conflict. While direct threats to the UK remain unchanged, organizations are urged to review their security posture, enhance monitoring, and update incident response plans to mitigate risks like phishing and DDoS attacks.

March 1, 2026
Updated: March 5, 2026
5 min read
GeopoliticsHacktivismDDoSDefacementWiper Malware
Middle East Cyber Conflict Escalates Following Military Strikes on Iran
Cyberattack
Threat Actor
Industrial Control Systems

Cloudflare Report: Attackers Ditch Malware for Stolen Credentials, Shifting from 'Breaking In' to 'Logging In'

INFORMATIONAL

Cloudflare's 2026 Threat Report Reveals Strategic Shift to Identity-Based Attacks and Credential Abuse

Update:

Palo Alto Networks' Unit 42 2026 Incident Response Report reinforces the shift to identity-based attacks and the role of AI. It found attackers can exfiltrate data in as little as 72 minutes from initial compromise, a significant reduction in response time. The report highlights that 89% of all incidents involved compromised identity systems and 65% of initial access attempts leveraged identity-based techniques, underscoring the critical need for robust identity security and automated detection.

March 4, 2026
Updated: March 5, 2026
6 min read
threat intelligenceidentitycredential stuffingransomwarenation-state +3 more
Cloudflare Report: Attackers Ditch Malware for Stolen Credentials, Shifting from 'Breaking In' to 'Logging In'
Threat Intelligence
Threat Actor
Cloud Security

📢 Share This Publication

Help others stay informed about cybersecurity threats