Microsoft March 2026 Patch Tuesday [AMER] shipped fixes for 79 flaws, including two publicly disclosed zero-days, giving defenders a fresh surge of triage, prioritisation, and enterprise validation work on 2026-03-10. For DFIR teams, the mix of zero-days and critical issues means accelerated exposure reviews, emergency change control, and tighter hunting for pre-patch compromise indicators across Windows estates and connected workloads (Source: BleepingComputer, 10-03-2026).

SAP March Security Patch Day [EMEA] delivered 15 security notes on 2026-03-10, including critical fixes for FS-QUO code injection and NetWeaver insecure deserialization that could enable arbitrary code execution. This matters operationally because SAP environments often sit close to finance and supply-chain workflows, so responders need rapid asset identification, patch sequencing, and compensating controls where maintenance windows are constrained (Source: SecurityWeek, 10-03-2026).

Reuters reveals FBI New York server breach details [AMER] reported on 2026-03-11 that a foreign hacker accessed files tied to the Epstein investigation during a 2023 intrusion at the bureau’s New York field office. The disclosure is notable for investigators because it highlights how misconfiguration, evidence-handling systems, and intelligence-value datasets can intersect, raising chain-of-custody, compartmentation, and insider-procedure questions long after the initial event date (Source: Reuters, 11-03-2026).

US judiciary accelerates case-system overhaul after hack [AMER] said on 2026-03-10 that policymakers are fast-tracking a more secure electronic court-records platform after last year’s compromise exposed weaknesses in legacy infrastructure. That matters to cyber investigators because court and evidence-management systems are high-value repositories whose integrity, logging, and retention controls directly affect breach reconstruction, legal process, and evidentiary defensibility (Source: Reuters, 10-03-2026).

Loblaw investigates customer-data breach [AMER] disclosed on 2026-03-10 that a criminal third party accessed names, phone numbers, and email addresses from a contained, non-critical part of the retailer’s network. Even with limited data categories reported so far, the incident is important because large retail identity datasets can quickly fuel credential stuffing, phishing, and fraud, forcing defenders to coordinate containment, notification, and abuse monitoring in parallel (Source: Reuters, 10-03-2026).

Ericsson US breach disclosure points to vendor risk [AMER] emerged on 2026-03-10 after the company said unauthorized access at a third-party service provider exposed files containing personal information for thousands of people. The case reinforces a persistent incident pattern for responders: breaches discovered late in outsourced environments can expand notification scope, complicate log access, and slow reliable scoping when contractual and technical visibility are split across organizations (Source: SecurityWeek, 10-03-2026).

Dutch agencies warn of Signal and WhatsApp targeting [EMEA] said on 2026-03-09 that Russia-backed operators are using chat-based social engineering to capture verification and PIN codes from officials, soldiers, and journalists worldwide. The campaign matters because it shifts compromise from endpoint exploits to identity abuse inside trusted messaging ecosystems, expanding the need for telecom-aware investigations, secure onboarding, and account-recovery playbooks (Source: Reuters, 09-03-2026).

Ivanti Endpoint Manager flaw seen in active attacks [AMER] was reported on 2026-03-10 as exploited in the wild, adding urgency for organizations running a widely deployed enterprise management stack. For threat intel and detection teams, endpoint-management compromises are especially consequential because successful exploitation can yield privileged reach across large fleets, making rapid exposure mapping and secondary-access hunting essential (Source: SecurityWeek, 10-03-2026).

NCA backs UK fraud strategy and Operation Henhouse [EMEA] was highlighted on 2026-03-09 as part of the agency’s real-time push against fraudsters across policing and the public sector. The update matters to cyber professionals because much contemporary fraud is cyber-enabled, and coordinated disruption activity can generate intelligence leads, victim-notification demands, and follow-on digital evidence opportunities for private-sector defenders (Source: National Crime Agency, 09-03-2026).

No additional credible updates in the last 72h.

European Commission updates AI Act standardisation FAQ [EMEA] was refreshed on 2026-03-11 with practical detail on how harmonised standards will map legal requirements such as logging, human oversight, robustness, and cybersecurity for high-risk AI systems. This is policy-relevant for security teams because it signals where compliance expectations are hardening before the first standards are referenced, affecting secure-development planning, assurance claims, and procurement language (Source: European Commission, 11-03-2026).

No additional credible updates in the last 72h.

ENISA issues package-manager security advisory [EMEA] published new technical guidance on 2026-03-10 covering dependency selection, integration, monitoring, and vulnerability handling across modern software delivery chains. Compliance teams should watch this because package governance is increasingly tied to secure-development obligations, SBOM expectations, and supplier-assurance conversations that now sit close to both audit scope and incident-prevention baselines (Source: ENISA, 10-03-2026).

Commission seeks feedback on Cyber Resilience Act guidance [EMEA] remains a key compliance signal after the 2026-03-03 publication clarified obligations and scope for companies, especially SMEs, preparing for the CRA’s reporting and product-security duties. For practitioners, the guidance is useful because it helps translate statutory language into implementation planning, board reporting, and supplier control updates ahead of enforcement milestones already visible on the horizon (Source: European Commission, 03-03-2026).

Substack breach notifications continue to reverberate [AMER] remained relevant to consumer-facing platform defenders after users were notified that attackers accessed email addresses and phone numbers in an October 2025 breach, with reporting published on 2026-02-05. The case still matters because creator-economy platforms hold identity-rich datasets that can be weaponised for phishing and account takeover, even when the initial intrusion predates the present roundup window (Source: BleepingComputer, 05-02-2026).

No additional credible updates in the last 72h.