Daily Digest

US Unveils Offensive Cyber Strategy as Critical Zero-Days in Cisco and Android See Active Exploitation

US Unveils Offensive Cyber Strategy as Critical Zero-Days in Cisco and Android See Active Exploitation

March 6, 2026
7 articles (2 new, 5 updated)
21 min read

Summary

This 24-hour period is marked by a major shift in U.S. cybersecurity policy with the release of an aggressive, offensive-oriented national strategy. Concurrently, the operational landscape is highly active, with security agencies responding to the multi-year exploitation of a critical CVSS 10.0 flaw in Cisco SD-WAN and Google patching an actively exploited zero-day in hundreds of millions of Android devices. Geopolitical tensions manifest in a destructive wiper campaign by Iranian-aligned actors, while ransomware groups Anubis and INC Ransom continue to plague manufacturing and healthcare sectors across the globe.

Filter by Category

New Articles (2)

Paint Giant AkzoNobel Hit by Anubis Ransomware; 170GB of Client Data and Passports Leaked

HIGH

AkzoNobel Confirms US Site Breached; Anubis Ransomware Claims 170GB Data Theft

Dutch paint and coatings multinational AkzoNobel has confirmed that one of its U.S. sites was hit by a ransomware attack. The Anubis ransomware group has claimed responsibility on its dark web leak site, stating it exfiltrated 170 GB of data, including over 170,000 files. The attackers leaked samples containing confidential client agreements, product specifications, and sensitive employee PII like passport scans, demonstrating a classic double-extortion tactic. AkzoNobel stated the incident was contained to the single site.

March 6, 2026
4 min read
AnubisRansomwareAkzoNobelData LeakManufacturing +2 more
Paint Giant AkzoNobel Hit by Anubis Ransomware; 170GB of Client Data and Passports Leaked
Ransomware
Data Breach
Cyberattack

Australia, NZ, and Tonga Issue Joint Advisory on INC Ransomware Targeting Healthcare

HIGH

Australian and Pacific Authorities Warn of INC Ransomware Targeting Critical Networks

On March 6, 2026, cyber authorities from Australia (ACSC), New Zealand (NCSC-NZ), and Tonga (CERT Tonga) issued a joint advisory on the INC Ransom group. The Ransomware-as-a-Service (RaaS) operation is actively using affiliates to conduct double-extortion attacks, with a significant focus on the healthcare sector across the Pacific region. The advisory details the group's TTPs—including initial access via phishing and exploitation of public-facing services—and highlights a major incident that disrupted Tonga's national healthcare network in 2025.

March 6, 2026
4 min read
INC RansomRaaSHealthcareAustraliaNew Zealand +2 more
Australia, NZ, and Tonga Issue Joint Advisory on INC Ransomware Targeting Healthcare
Ransomware
Threat Actor
Threat Intelligence

Updated Articles (5)

Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update

CRITICAL

Google's March 2026 Android Update Fixes Actively Exploited Qualcomm Zero-Day (CVE-2026-21385)

Update:

Further analysis of CVE-2026-21385 reveals its profound impact on enterprise security, particularly in BYOD environments. The firmware-level flaw allows sophisticated actors, such as nation-state groups, to bypass traditional Mobile Device Management (MDM) and endpoint security controls. This significantly elevates the risk of complete device compromise and espionage for high-value targets. The vulnerability affects hundreds of millions of Android devices across 234 Qualcomm chipsets, underscoring the critical need for immediate patching and robust enterprise-wide update policies.

March 2, 2026
Updated: March 6, 2026
5 min read
AndroidQualcommZero-DayMemory CorruptionPatch Management +1 more
Google Patches Actively Exploited Qualcomm Zero-Day in Massive Android Update
Vulnerability
Patch Management
Mobile Security

UK NCSC Warns of Heightened Indirect Cyber Threat from Iran Amid Geopolitical Tensions

MEDIUM

UK's NCSC Issues Advisory on Heightened Cyber Threat from Iran-Linked Actors

Update:

New analysis highlights a significant escalation in Iranian state-sponsored and hacktivist cyber operations, moving beyond espionage to more disruptive attacks. The threat now explicitly includes the use of wiper malware (T1485) and exploitation of public-facing applications (T1190), posing a heightened risk of 'cyber spillover' to global commercial, financial, and critical infrastructure targets, not just UK entities. The increased tempo and severity of these campaigns, driven by escalating US-Iran tensions, necessitate a 'shields up' posture and robust defenses against data destruction and widespread collateral damage.

March 5, 2026
Updated: March 6, 2026
4 min read
geopolitical risknation-stateadvisoryNCSCIran +1 more
UK NCSC Warns of Heightened Indirect Cyber Threat from Iran Amid Geopolitical Tensions
Policy and Compliance
Threat Intelligence
Threat Actor

Dutch Telecom Odido Hit by Massive Data Breach; 6.2 Million Customers Exposed

CRITICAL

ShinyHunters Claims Responsibility for Odido Data Breach Affecting 6.2 Million Customers in the Netherlands

Update:

The cybercrime group ShinyHunters has publicly leaked the extensive customer data stolen from Dutch telecom Odido. This action follows Odido's refusal to pay a ransom demand made by the group after the initial breach in February 2026. The leaked data, which includes names, addresses, phone numbers, email addresses, dates of birth, IBAN bank account numbers, and some identification details, is now available on a dark web forum. This development significantly increases the immediate threat of identity theft, financial fraud, and targeted phishing campaigns for the 6.2 million affected customers, moving from a potential threat to an active risk.

February 12, 2026
Updated: March 6, 2026
6 min read
Data BreachOdidoShinyHuntersNetherlandsTelecommunications +4 more
Dutch Telecom Odido Hit by Massive Data Breach; 6.2 Million Customers Exposed
Data Breach
Phishing
Threat Actor

Middle East Cyber Conflict Escalates Following Military Strikes on Iran

HIGH

U.S.-Israel Strikes on Iran Trigger Wave of Retaliatory Cyberattacks Across Middle East

Update:

A coalition of Iranian-aligned groups, including 'Handala Hack,' initiated 'The Great Epic' campaign, deploying destructive wiper malware against critical infrastructure and logistics in Israel and Jordan. This campaign aims for pure disruption, causing permanent data loss. Israel's National Cyber Directorate issued a warning on March 6, 2026, about active attacks deleting servers. The Handala group also leaked sensitive data of Israeli military personnel and the Sanzer Hasidic Jewish community, escalating the conflict's psychological impact.

March 1, 2026
Updated: March 6, 2026
5 min read
GeopoliticsHacktivismDDoSDefacementWiper Malware
Middle East Cyber Conflict Escalates Following Military Strikes on Iran
Cyberattack
Threat Actor
Industrial Control Systems

Pentagon Blacklists Anthropic AI, Citing National Security Risk Over Usage Policy Dispute

HIGH

Pentagon Designates Anthropic a Supply Chain Risk After AI Use Policy Dispute

Update:

Following its refusal to weaken AI safeguards for government use, Anthropic has reportedly experienced a significant increase in subscribers for its Claude AI model. This development has sparked a broader public and industry debate on the critical intersection of AI ethics, public safety, and national security. Anthropic's stance is seen as a corporate precedent, highlighting the growing demand for AI platforms with a 'safety-first' mindset and emphasizing the dual-use dilemma of advanced AI systems.

March 3, 2026
Updated: March 6, 2026
4 min read
Artificial IntelligenceAI EthicsSupply Chain RiskUS GovernmentNational Security +1 more
Pentagon Blacklists Anthropic AI, Citing National Security Risk Over Usage Policy Dispute
Policy and Compliance
Regulatory
Supply Chain Attack

📢 Share This Publication

Help others stay informed about cybersecurity threats