Snapshot Summary

Digital Forensics & Incident Response

Australia’s ACSC issues critical alert on Cisco SD-WAN exploitation [APAC] The Australian Cyber Security Centre warned on 2026-03-06 that threat actors are actively targeting Cisco SD-WAN appliances worldwide and published mitigations for exposed organisations, adding another government signal that defenders should assume real-world compromise risk. Incident responders should prioritise asset inventory, emergency patching, credential review, and forensic preservation on internet-facing SD-WAN systems before attackers can expand access or erase traces. (Source: ACSC, 06-03-2026)

UK NCSC tells organisations to review posture as Middle East tensions raise indirect risk [EMEA] The UK National Cyber Security Centre said on 2026-03-06 that while it sees no major direct shift in Iran-to-UK cyber threat, organisations with supply-chain or operational exposure in the region should raise monitoring and review external attack surfaces. For DFIR teams, the advisory is a timely reminder to refresh contingency playbooks, validate logging coverage, and pre-stage triage steps for phishing, DDoS, and potential collateral intrusion activity. (Source: NCSC, 06-03-2026)

Cyber Investigations

U.S. investigators reportedly suspect China-linked actors in FBI surveillance-system intrusion [AMER] Reuters reported on 2026-03-06 that U.S. investigators believe hackers affiliated with the Chinese government may be behind a cyber intrusion into an internal FBI network holding information tied to domestic surveillance orders. Even without full scope details, the case matters because it points DFIR teams toward supply-chain, telecom, and trusted-admin-path hypotheses that should be tested early in sensitive government investigations. (Source: Reuters, 06-03-2026)

Passaic County says malware attack disrupted government phones and IT systems [AMER] Recorded Future News reported on 2026-03-05 that Passaic County, New Jersey, is working with federal and state officials after a malware attack knocked out phone lines and affected county IT operations across offices serving nearly 600,000 residents. The case reinforces how investigations in municipal environments must quickly connect service disruption, lateral movement, and recovery dependencies because small-government outages can escalate into long-lived public-safety and evidence-preservation problems. (Source: The Record, 05-03-2026)

Major Cyber Incidents

LexisNexis confirms breach after hackers leak stolen files [AMER] SecurityWeek reported on 2026-03-04 that LexisNexis confirmed unauthorized access to a limited number of servers after a threat actor leaked files and claimed to have taken millions of records, including business and customer data from mostly legacy environments. For cyber defenders, the incident underscores how supposedly low-value legacy systems can still create high-impact exposure paths involving legal, government, and identity-related datasets that complicate notification, scoping, and containment. (Source: SecurityWeek, 04-03-2026)

TriZetto breach exposes protected health data for 3.4 million people [AMER] BleepingComputer reported on 2026-03-06 that TriZetto Provider Solutions disclosed a breach affecting more than 3.4 million individuals after attackers accessed records tied to insurance eligibility verification transactions over an extended exposure window. The scale and sensitivity make this a major healthcare-sector incident, and responders should note how third-party processing platforms can turn one compromise into many downstream notification, evidence, and trust-management challenges. (Source: BleepingComputer, 06-03-2026)

Exploits & Threat Intelligence

Google says 90 zero-days were exploited in 2025 [AMER] Recorded Future News reported on 2026-03-05 that Google Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in the wild during 2025, with commercial surveillance vendors and enterprise technologies remaining prominent drivers of operational abuse. The finding matters because it supports prioritising externally reachable enterprise products, mobile chains, and vendor-assisted telemetry in hunting programs rather than assuming zero-day exposure is still concentrated in browsers alone. (Source: The Record, 05-03-2026)

Trend Micro finds BoryptGrab stealer spread through more than 100 GitHub repositories [AMER] SecurityWeek reported on 2026-03-07 that BoryptGrab is being distributed via a large GitHub-based infrastructure and is built to steal browser data, wallet contents, system information, and user files from infected hosts. The campaign is operationally significant because it blends trusted developer platforms with commodity theft objectives, making repository reputation, signed-code assumptions, and browser-artefact triage more important during endpoint investigations. (Source: SecurityWeek, 07-03-2026)

Law Enforcement

Operation Leak seizes the LeakBase cybercrime forum [AMER] The U.S. Department of Justice said on 2026-03-04 that authorities in 14 countries shut down LeakBase, seized forum data, and carried out searches, arrests, and interviews against one of the largest marketplaces for stolen credentials and cybercrime tools. For investigators and private-sector teams, the action could generate valuable intelligence on victims, buyers, infrastructure, and reused identities that may sharpen future attribution and victim-notification work. (Source: DoJ, 04-03-2026)

Europol-backed action disrupts Tycoon 2FA phishing-as-a-service platform [EMEA] Europol announced on 2026-03-04 that authorities and industry partners dismantled Tycoon 2FA by seizing 330 domains tied to a phishing platform used to bypass multi-factor authentication and target more than 500,000 organisations worldwide. The takedown matters because Tycoon 2FA infrastructure had become a repeatable initial-access channel for credential theft, so defenders should monitor for residual domains, recycled kits, and follow-on actor migration. (Source: Europol, 04-03-2026)

Policy

White House publishes President Trump’s Cyber Strategy for America [AMER] The White House released its cyber strategy on 2026-03-06, framing six policy pillars around deterrence, federal network modernization, critical-infrastructure protection, AI, and post-quantum priorities for follow-on government action and resourcing. Security leaders should track the document because procurement, federal alignment, and cross-sector expectations often move first through strategy language before binding regulations and technical implementation guidance appear. (Source: White House, 06-03-2026)

European Commission opens draft Cyber Resilience Act guidance for feedback [EMEA] The European Commission published draft guidance on 2026-03-03 to help companies apply the Cyber Resilience Act, clarifying scope, support periods, remote data processing, open-source treatment, and practical obligations for smaller firms. For compliance and product-security teams, this is the signal to tighten bill-of-materials governance, vulnerability handling, and lifecycle documentation before CRA expectations become harder to negotiate away in market access conversations. (Source: European Commission, 03-03-2026)

Standards & Compliance

EU advances a renewed European Cybersecurity Certification Framework [EMEA] The European Commission’s 2026 certification-framework update highlights a revised Cybersecurity Act proposal intended to simplify scheme development, reduce compliance friction, and align certification more closely with ICT supply-chain assurance needs. This matters for audit and assurance teams because certification is increasingly becoming a practical proof point for procurement, regulated-sector trust, and product-security claims rather than a distant policy concept. (Source: European Commission, 20-01-2026)

Seven governments launch 6G Security and Resilience Principles [EMEA] The UK government said on 2026-03-03 that members of the Global Coalition on Telecoms Security and Resilience launched shared 6G security principles at Mobile World Congress, with support from industry partners. The announcement matters now because architecture choices made in pre-standardisation phases often harden into procurement and compliance baselines later, especially around supply chain, resilience, and secure-by-design expectations. (Source: GOV.UK, 03-03-2026)

Consumer App Data Leaks

No additional credible updates in the last 72h.

Editorial Perspective

This cycle was defined less by novelty than by operational pressure: exploited edge infrastructure, sensitive government-network investigations, and takedowns aimed at widely reused criminal services.

For DFIR teams, the practical message is to move fast on exposed management systems, preserve evidence early in municipal and regulated-sector outages, and assume legacy platforms still hold material breach value.

For security leaders, policy and certification developments in Washington, Brussels, and the telecom standards space show that resilience, reporting, and secure-by-design expectations are continuing to converge across markets.

Reference Reading

• ACSC alert on exploitation of Cisco SD-WAN appliances
• NCSC alert on heightened cyber posture after Middle East escalation
• DoJ announcement on the LeakBase takedown
• Europol notice on the Tycoon 2FA disruption
• White House cyber strategy announcement
• European Commission draft guidance for the Cyber Resilience Act

Tags

DFIR, Incident Response, Threat Intelligence, Zero-Days, Ransomware, LeakBase, Tycoon2FA, Cyber Policy, Cyber Resilience Act, Telecom Security, Healthcare Breach, Government Networks

Share