Cybercrime
-
DDoS attack disables Perm parking payments, drivers excused for March 10–13
A DDoS attack knocked Perm’s parking payment portal offline from March 10 to 13, leaving paid parking zones free and drivers excused for non-payment while systems were restored.
-
Konni uses compromised KakaoTalk desktops to spread EndRAT via spear-phishing
Konni used spear-phishing to install EndRAT and other RATs then abused compromised KakaoTalk desktops to send malicious ZIP attachments to selected contacts maintaining long-term persistence and stealing internal documents.
-
ForceMemo offshoot of GlassWorm force pushes malware into hundreds of Python repositories
A supply chain campaign called ForceMemo stole GitHub tokens and force-pushed obfuscated code into hundreds of Python repositories starting March 8, 2026. Compromised packages and pip installs may deliver remote payloads.
-
Attack on Stryker erased nearly 80,000 employee devices, company says
Stryker says an attack limited to its internal Microsoft environment erased nearly 80,000 employee devices on March 11. Medical products remain safe but ordering systems are offline and orders must be placed manually while recovery continues.
-
ClickFix campaigns used search ads and ChatGPT lures to deliver MacSync macOS stealer
Sophos found three ClickFix campaigns that tricked users into pasting Terminal commands to install MacSync, a macOS infostealer that steals credentials, keychain data and wallet seed phrases. Campaigns ran from November 2025 to February 2026.
-
DRILLAPP backdoor runs in Edge to target Ukrainian entities
A February 2026 campaign used a JavaScript backdoor called DRILLAPP that runs in Microsoft Edge to capture files, microphone audio, camera video and screen images via the browser.
-
Suspected China-based operation targets Southeast Asian military organizations
A technical analysis by Palo Alto Networks Unit 42 says a suspected China-based espionage campaign has targeted Southeast Asian military organizations since at least 2020 using modular backdoors and Pastebin-based command and control.
-
Poland’s nuclear research centre foils cyberattack, says systems blocked intrusion
Poland’s National Centre for Nuclear Research says a cyberattack on its IT systems was detected and blocked this week before any impact. The MARIA research reactor was not affected and an investigation is under way.
-
INTERPOL operation dismantles 45,000 malicious IPs in 72-country cyber crackdown
INTERPOL announced the takedown of 45,000 malicious IPs and servers in a 72-country operation that led to 94 arrests and 212 devices seized. India’s CBI carried out searches in a related transnational online investment fraud probe.
-
Storm-2561 uses SEO poisoning to deliver trojan VPN clients that steal credentials
Microsoft disclosed a credential theft campaign that used SEO poisoning to deliver digitally signed trojan VPN clients that harvest credentials. The activity was observed in mid-January 2026 and is linked to Storm-2561.
