White House Shifts to Offensive Cyber Strategy; Iranian APT Breaches US Critical Infrastructure; Critical Flaws in Cisco, Android & VMware Exploited

Publication Date: March 7, 2026

Summary

This edition for March 7, 2026, covers a significant shift in U.S. cybersecurity policy towards offensive operations, as detailed in the new White House strategy. Concurrently, an Iranian state-sponsored group, Seedworm, has infiltrated key U.S. sectors including a bank and an airport. Active exploitation of critical vulnerabilities continues to pose a major threat, with flaws in Cisco SD-WAN, Android OS, and VMware Aria being leveraged by attackers in the wild. Major data breaches also dominate the landscape, with incidents reported at a Cognizant subsidiary affecting 3.4 million patients and a mass data theft campaign targeting misconfigured Salesforce cloud instances.

Today New Articles

ShinyHunters Exploits Salesforce Cloud Flaw, Steals Data from Hundreds of Orgs

The **[ShinyHunters](https://malpedia.caad.fkie.fraunhofer.de/actor/shinyhunters)** cybercrime group is actively exploiting widespread customer misconfigurations in **[Salesforce](https://www.salesforce.com/)** Experience Cloud, leading to data exfiltration fr...

Cognizant Subsidiary TriZetto Breach Exposes 3.4M Patients' Health Data

TriZetto Provider Solutions (TPS), a healthcare technology subsidiary of IT giant **[Cognizant](https://www.cognizant.com)**, has disclosed a data breach that exposed the protected health information (PHI) of 3,433,965 individuals. Unauthorized actors gained a...

Genesis Ransomware Hits Healthcare Firm, Claims 100GB Data Theft

The **Genesis** ransomware group has claimed responsibility for a cyberattack against Sierra Management Group, a California-based firm that provides management services to medical practices. In a dark web post on March 7, 2026, the group alleged it exfiltrated...

Phishing Campaign Delivers Signed Malware via Fake Zoom/Teams Invites

A sophisticated phishing campaign is targeting corporate employees with fake Zoom and Microsoft Teams meeting invitations. The attack, identified by **[Microsoft](https://www.microsoft.com/security)**, uses social engineering to trick users into downloading a...

New Russian Malware 'BadPaw' & 'MeowMeow' Target Ukraine; 'Starkiller' Phishing Tool Bypasses MFA

Two distinct but significant threats have emerged. First, a new Russian-led cyber campaign is targeting Ukrainian organizations with two previously unknown malware families, **BadPaw** and **MeowMeow**. The attack uses a phishing lure disguised as a border cro...

Hacker 'GhostCrawl' Claims Breach of Cybersecurity Firm Team4Security

On March 7, 2026, a threat actor using the alias 'GhostCrawl' posted a claim on the 'Breachforums' hacking forum, alleging they had breached the cybersecurity firm Team4Security. The actor demanded a ransom of $2,350, threatening to leak confidential files, co...

Article Updates

Boggy Serpens (MuddyWater) APT Targets UAE Energy Firm in Sustained Espionage Campaign

Update:The Iranian APT group MuddyWater, also known as Seedworm, has expanded its operations, now targeting U.S. critical infrastructure including a bank, an airport, and a defense software supplier. This new campaign, active since February 2026, utilizes novel malwa...

CISA Adds VMware Aria RCE Flaw to 'Must-Patch' KEV List, Confirming Active Exploitation

Update:The latest intelligence on CVE-2026-22719, a critical RCE flaw in VMware Aria Operations, now includes specific affected versions: Aria Operations 8.x (fixed in 8.18.6), VMware Cloud Foundation 9.x.x.x (fixed in 9.0.2.0), and VMware vSphere Foundation 9.x.x.x...