Risk
-
INTERPOL operation dismantles 45,000 malicious IPs in 72-country cyber crackdown
INTERPOL announced the takedown of 45,000 malicious IPs and servers in a 72-country operation that led to 94 arrests and 212 devices seized. India’s CBI carried out searches in a related transnational online investment fraud probe.
-
Loblaw notifies customers after breach exposes names and contact details
Loblaw notified customers this week that a breach of a contained part of its IT network exposed names phone numbers and email addresses. The company logged customers out and there was no evidence that financial or health data were accessed.
-
CL-UNK-1068 espionage campaign targets critical sectors across Asia
Palo Alto Networks Unit 42 reported a years-long CL-UNK-1068 campaign that targeted critical sectors across Asia, using web server exploits, web shells and credential theft tools to steal sensitive files and maintain persistent access.
-
CISA adds two critical Hikvision and Rockwell vulnerabilities to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency added two critical CVE-2017-7921 and CVE-2021-22681 vulnerabilities affecting Hikvision and Rockwell products to its Known Exploited Vulnerabilities catalog, both rated CVSS 9.8.
-
Coordinated action disrupts Tycoon 2FA phishing service that targeted tens of thousands of organisations
A coordinated operation in early March 2026 disrupted Tycoon 2FA, a subscription phishing platform that generated tens of millions of emails monthly and enabled unauthorized access to nearly 100,000 organisations worldwide.
-
Drone strikes damage AWS data centers in UAE and Bahrain
Drone strikes damaged three AWS facilities in the UAE and one in Bahrain, causing outages that affect dozens of cloud services. Structural, power and water damage were reported and recovery work is under way.
-
Microsoft warns of OAuth redirect abuse used to deliver malware to public sector
Microsoft warned that attackers are abusing OAuth redirect features to bypass phishing defenses and direct government and public sector users to attacker controlled domains that deliver malware or intercept credentials.
-
Starkiller phishing suite proxies live login pages to bypass MFA
Researchers disclosed Starkiller, a phishing suite that proxies live login pages through attacker controlled headless browsers to capture keystrokes, session tokens and MFA codes. The toolkit centralises deployment and uses URL masking to hide destinations.
-
Agentic AI moves into production, raising governance and monitoring demands
Agentic AI is moving into production, enabling models to plan and execute multi-step tasks without continuous human input. This increases the need for supervised fine-tuning, continuous monitoring and traceability to manage operational and regulatory risk.
-
Critical Junos flaw allows unauthenticated root takeover of PTX routers
A Junos OS Evolved flaw in PTX Series routers could allow unauthenticated remote code execution as root. Juniper issued patches and operators are advised to apply fixes or restrict access and consider disabling the vulnerable service.
