Cybersecurity News | Daily Recap [03 Mar 2026]

hendryadrian.com

hendryadrian.com

State & APT Campaigns

• Following allied strikes, a multi-vector retaliatory campaign by state-aligned actors and hacktivists is escalating with claimed intrusions and a plunge in Iranian connectivity to 1–4%, raising supply-chain and high-value target risks – Cyber Escalation, US Cyber Ops
• The year‑long espionage campaign attributed to the India‑nexus actor SloppyLemming targeted government and critical infrastructure in Pakistan, Bangladesh and Sri Lanka, using spear‑phishing and deploying the BurrowShell backdoor and Excel keyloggers – SloppyLemming, India Nexus
• APT37 (Ruby Jumper) targeted air‑gapped systems using LNK‑triggered PowerShell to load shellcode and tools like SnakeDropper, ThumbsBD and VirusTask for USB exfiltration and Android surveillance via FootWine – North Korea APT
• The Russia‑linked actor APT28 is tied to pre‑patch exploitation of an MSHTML 0‑day (CVE‑2026‑21513) that allowed code execution outside the browser sandbox – APT28 0-day
• A large, brief multi‑vector DDoS disrupted Russian regulator Roskomnadzor and the Defense Ministry, with traffic traced to servers in Russia, the US, China, the UK and the Netherlands – Russia DDoS

Vulnerabilities & Exploits

• OAuth-redirect phishing campaigns abuse legitimate redirect flows to deliver malware via ZIPs that trigger PowerShell, DLL sideloading and in‑memory payloads against government targets, with some AitM credential harvesting – OAuth Redirect
• Google confirmed exploitation of a high‑severity Qualcomm graphics component flaw (CVE‑2026‑21385); the March Android update includes this patch among 129 fixes and notes limited targeted abuse – Qualcomm CVE
• Researchers disclosed the now‑patched Chrome WebView Gemini side‑panel bug (CVE‑2026‑0628, “Glic Jack”) that allowed malicious extensions to escalate privileges and access local files and devices – Chrome Gemini, Gemini Hijack
• A critical flaw in ModelScope MS‑Agent Shell (CVE‑2026‑2256) lets crafted input bypass regex blacklists to execute OS commands, risking secret theft, persistent backdoors and lateral movement – MS-Agent CVE
• The OpenClaw local gateway bug allowed websites to hijack AI agents by abusing loopback WebSocket behavior and rate‑limit exemptions; users should upgrade to patched versions – OpenClaw Flaw

Breach & Ransomware

• The University of Hawaiʻi Cancer Center disclosed a ransomware incident that exposed research data and personally identifiable information — reporting up to 1.2 million records affected and SSNs for > 87,000+ study participants — with investigations ongoing – UH Breach, UH Report
• Madison Square Garden confirmed a data breach after the Cl0p extortion group exploited Oracle E‑Business Suite zero‑days, leaking > 210GB of stolen archives including names and SSNs from a third‑party‑hosted EBS instance – MSG Breach

IoT & Privacy Risks

• Researchers demonstrated passive tracking of vehicles via TPMS broadcasts by collecting > 6 million messages from ~20,000 cars over 10 weeks with five low‑cost receivers, enabling tracking, behavior inference and spoofed alerts – Tire Tracking
• Singapore will require residential routers sold locally to meet CLS Level‑2 security standards by end of 2027 after findings that thousands of devices were part of a global botnet in 2025 – Singapore Routers

Defensive & Standards

• Google is developing Merkle Tree Certificates with partners to enable quantum‑resistant HTTPS in Chrome and plans a phased rollout to a Chrome Quantum‑resistant Root Store by Q3 2027 – Merkle Certs
• Product guidance: SafeLine, a self‑hosted WAF/reverse proxy, offers semantic request analysis, anti‑bot challenges and rate‑limiting to protect SaaS apps from bot‑driven fraud, scraping and API abuse – SafeLine WAF

Crime & Infostealers

• An infostealer infection tied to pirated GTA V cheats reportedly exposed a North Korean agent by leaking credentials and forensic artifacts during a gaming‑cheat compromise – GTA Cheats

Cybersecurity News | Daily Recap – hendryadrian.com