Hack attempt reported at Poland’s nuclear research center says Poland’s National Centre for Nuclear Research blocked a recent cyberattack targeting IT infrastructure, with officials saying preliminary indicators pointed to Iran while cautioning the traces could be a false flag [EMEA]. For DFIR teams protecting research and OT-adjacent environments, the case reinforces the value of fast containment, careful attribution discipline, and preserving telemetry before geopolitical assumptions harden into operational decisions (Source: SecurityWeek, 16-03-2026).

Iran-linked hackers claim cyberattack on Albania’s parliament email systems reports that Albania’s parliament said a sophisticated attack targeted internal systems and forced a temporary suspension of administrative email services, even as the website and core systems remained available during containment [EMEA]. The response pattern matters because isolating collaboration systems while keeping public-facing functions online is a practical playbook for limiting blast radius and preserving evidence during politically sensitive incidents (Source: The Record, 12-03-2026).

FBI seeks victims of Steam games used to spread malware says investigators are seeking users who installed eight Steam games allegedly loaded with malware between May 2024 and January 2026 as they trace cryptocurrency theft, account takeovers, and related losses [AMER]. The outreach is significant because victim identification, wallet tracing, and preserved screenshots or chat records can materially improve attribution and restitution prospects in malware cases that began as seemingly routine gaming downloads (Source: BleepingComputer, 13-03-2026).

DOJ says incident responder helped BlackCat ransomware actors reports that U.S. prosecutors allege an incident responder aided BlackCat actors during negotiations and cyberattacks, turning a trusted remediation role into part of the criminal enterprise under federal scrutiny [AMER]. The case is highly relevant for investigators because it puts vendor due diligence, privileged access controls, conflict checks, and evidence-chain integrity back at the center of breach response governance (Source: The Record, 13-03-2026).

Telus says it is investigating hack of its systems reports that the Canadian telecom and services firm is investigating unauthorized access to some systems after ShinyHunters claimed a massive theft, while the company said operations and customer connectivity remained unaffected [AMER]. The incident matters because the alleged mix of source code, recordings, and personally identifiable information would create a long-tail exposure problem across enterprise customers even without an immediate outage (Source: Reuters, 12-03-2026).

Iran-linked hacker attack on Stryker disrupted manufacturing and shipping says Stryker disclosed a cyberattack that disrupted manufacturing and shipping, with reporting indicating attackers likely abused Microsoft Intune and other native management capabilities rather than deploying conventional malware [AMER]. The case stands out for defenders because living-off-the-land disruption can bypass malware-centric controls, complicate triage, and directly hit medical-device supply chains where downtime rapidly becomes a business and patient-safety issue (Source: SecurityWeek, 13-03-2026).

Critical HPE AOS-CX vulnerability allows admin password resets warns that a critical flaw can let a remote, unauthenticated attacker reset an administrator password and bypass existing authentication controls on affected network infrastructure [AMER]. For blue teams, this is a priority patching event because control-plane compromise on switching platforms can quickly enable lateral movement, traffic manipulation, and stealthier follow-on access across enterprise environments (Source: SecurityWeek, 14-03-2026).

Chrome 146 update patches two exploited zero-days says Google released an emergency update to fix CVE-2026-3909 and CVE-2026-3910, two high-severity browser bugs it said were already being exploited in the wild [AMER]. The update matters immediately because browser zero-days remain one of the fastest ways to reach users at scale, so defenders should pair rapid patching with web telemetry review and exploit-attempt hunting (Source: SecurityWeek, 13-03-2026).

Authorities disrupt SocksEscort proxy service powered by Avrecon botnet says U.S. and European authorities disrupted the service, which investigators say leveraged malware-infected routers and had impacted roughly 360,000 devices since 2020 [AMER/EMEA]. The takedown matters because proxy-for-hire infrastructure underpins fraud, ransomware operations, and abuse at scale, and sinkholing access points can degrade multiple criminal services at once (Source: SecurityWeek, 13-03-2026).

45,000 malicious IP addresses taken down in international cyber operation says INTERPOL’s Operation Synergia III led to 94 arrests and the takedown of more than 45,000 malicious IP addresses and servers tied to phishing, malware, and ransomware activity across 72 countries and territories [GLOBAL]. For practitioners, the operation shows how large-scale intelligence fusion and coordinated sinkholing can generate real disruption while also yielding devices, suspects, and investigative leads for follow-on cases (Source: INTERPOL, 13-03-2026).

White House releases new cyber strategy focused on offense, AI and lighter regulation reports that the administration called for more offensive action against criminal and state actors while also promising to ease some regulations and emphasize AI security and workforce pilots [AMER]. This matters because federal priorities shape procurement, reporting expectations, and public-private coordination, giving security leaders early clues about where enforcement pressure and funding attention may move next (Source: The Record, 09-03-2026).

EU Parliament extends temporary CSAM detection rules says lawmakers voted to extend temporary rules allowing online platforms to voluntarily detect child sexual abuse material until August 2027 while negotiators continue work on a permanent framework [EMEA]. The policy is important for cyber and privacy teams because it preserves a narrow legal basis for scanning while explicitly keeping pressure on proportionality, judicial oversight, and the treatment of encrypted communications (Source: Help Net Security, 13-03-2026).

Guidelines for API Protection for Cloud-Native Systems: March 2026 update says NIST updated SP 800-228 with risk factors across the API lifecycle plus basic and advanced controls for pre-runtime and runtime protection in cloud-native systems [AMER]. Compliance and architecture teams should pay attention because the document provides a practical benchmark for hardening API estates that increasingly sit inside audit scope, supplier reviews, and secure-by-design claims (Source: NIST, 13-03-2026).

ETSI highlights from the 10th Cybersecurity Standardisation Conference says ETSI, ENISA, CEN, and CENELEC highlighted the Cyber Resilience Act, NIS2, DORA, and eIDAS while stressing faster but still consensus-based standards work [EMEA]. The update matters for compliance planning because harmonised standards will increasingly drive presumption of conformity, implementation timelines, and evidence expectations for vendors selling into the European market (Source: ETSI, 13-03-2026).

Loblaw data breach impacts customer information says the Canadian retail giant disclosed that a criminal third party accessed customer data including names, email addresses, and phone numbers, though it said passwords, health information, and payment-card data were not impacted [AMER]. Even with seemingly basic fields, the exposure creates useful fuel for phishing, credential-stuffing, and loyalty-account fraud against a large consumer base tied to multiple household brands (Source: SecurityWeek, 15-03-2026).

Starbucks data breach impacts employees says phishing against fake Partner Central portals exposed personal information from nearly 900 employee accounts after attackers obtained credentials and accessed the workforce self-service environment [AMER]. The breach matters because payroll and benefits portals remain high-value targets where a small identity compromise can expose Social Security numbers, bank-routing data, and enough context for long-lived follow-on fraud (Source: SecurityWeek, 13-03-2026).