Cybersecurity News | Daily Recap [06 Mar 2026]

hendryadrian.com

hendryadrian.com

Nation‑state Activity

• China-linked APT UAT-9244 targets South American telcos, deploying new malware families TernDoor, PeerTime, and BruteEntry against Windows, Linux and edge devices – China Telcos
• Iranian-nexus actors weaponize exposed IP cameras (e.g., Hikvision, Dahua) across the Middle East for real‑time reconnaissance supporting missile operations and battle‑damage assessment – IP Cameras
• Israel claims it struck Tehran’s cyber warfare headquarters amid warnings that pre‑positioned APT footholds and themed phishing campaigns mean cyber threats persist despite degraded Iranian connectivity – Iran Strike
• Multi‑stage BadPaw campaign targets Ukraine with ZIP/HTA delivery, steganography persistence and staged C2 that deploys the MeowMeowProgram backdoor – BadPaw Campaign

Vulnerabilities & Exploits

• Google Threat Intelligence tracked 90 zero‑days exploited in 2025 (up from 78), nearly 50% aimed at enterprises, with commercial spyware and PRC‑nexus groups prominent and AI expected to amplify risks – Zero‑Days, Zero‑Days
• Cisco warns of active exploitation of recently patched Catalyst SD‑WAN flaws (e.g., CVE‑2026‑20128, CVE‑2026‑20122) after a prior zero‑day linked to UAT‑8616, and released fixes for 50 vulnerabilities (including two CVSS 10.0 criticals) across enterprise products — admins urged to patch immediately – Cisco SD‑WAN, Cisco Patches
• Malware‑laced OpenClaw installers surfaced and were amplified via Bing AI search results, distributing malicious payloads to users seeking the tool – OpenClaw Malware

Cybercrime & Disruptions

• Passaic County, New Jersey, suffered a malware attack that took down phone lines and IT systems, impacting services for ~600,000 residents while authorities investigate – County Outage
• International police dismantled the Tycoon 2FA phishing‑as‑a‑service, seizing 330 domains that intercepted MFA sessions and targeted >500,000 organizations, notably hospitals and schools – Tycoon Takedown
• Spanish ring exploited displaced Ukrainian women to open bank accounts and launder roughly $5.5M (~€4.75M) via automated betting; 12 arrests and thousands of stolen identities were reported – Gambling Ring, Gambling Ring
• Evgenii Ptitsyn, accused key developer/operator of Phobos, pleaded guilty in the US to wire fraud, faces up to 20 years, and is linked to >1,000 victims and millions in extortion proceeds – Phobos Guilty, Phobos Guilty
• Threat actor mass‑mailed extortion messages claiming access to restaurant customer records via the HungerRush POS platform; vendor says affected third‑party account was disabled and no confirmed sensitive exposure – HungerRush Extort
• LastPass warns of phishing that spoofs its display name to deliver fake security alerts and harvest master passwords via fraudulent SSO pages — users urged to report suspicious messages – LastPass Phish
• Law enforcement shut down the LeakBase cybercrime forum and arrested suspects in the operation – LeakBase Shut
• Florida software distributor Heidi Richards sentenced to 22 months and fined $50,000 for trafficking Microsoft Certificate of Authenticity labels and enabling unauthorized activations – Certificate Fraud

Industry & Research

• The 2026 State of Browser Security report finds browsers are the most critical yet least protected control point, exposing blind spots around sensitive uploads, personal accounts, extensions and the rise of AI‑native copilots – Browser Blindspots
• Reclaim Security raised $20M in Series A to scale its AI Security Engineer and PIPE simulation engine that prioritizes and automates remediation to cut response times to minutes – Reclaim Funding

Cybersecurity News | Daily Recap – hendryadrian.com