# Top Stories

Google patched 129 Android vulnerabilities in its March 2026 security update, the highest single-month count since April 2018, including an actively exploited Qualcomm zero-day. The massive patch volume indicates significant security issues across the Android ecosystem requiring immediate attention from device manufacturers and enterprise security teams.

Threat actors used CyberStrikeAI, an open-source AI security testing platform, in attacks that breached hundreds of Fortinet FortiGate firewalls. This represents the weaponization of legitimate AI security tools by attackers, demonstrating how AI-powered offensive capabilities are being adopted by cybercriminals to enhance their operations.

Project Compass resulted in the arrest of 30 alleged members of 'The Com' cybercriminal collective in a global law enforcement operation that began in January 2025 and identified nearly 180 total members. This major takedown significantly disrupts one of the most notorious cybercriminal organizations currently operating.

APT28 exploited CVE-2026-21513, an MSHTML Framework security feature bypass vulnerability with CVSS score 8.8, before Microsoft's February 2026 Patch Tuesday according to Akamai research. The Russia-linked group's use of this zero-day demonstrates continued sophisticated targeting capabilities and highlights the critical need for rapid patch deployment.

U.S. Cyber Command conducted cyberattacks against Iranian communications systems and sensors that helped enable the joint U.S.-Israel bombing campaign, according to statements from top U.S. military leadership. This represents a significant escalation in acknowledged U.S. offensive cyber operations and coordination between kinetic and cyber warfare.

CVE-2026-0628, a Chrome vulnerability with CVSS score 8.8, allowed malicious extensions to escalate privileges and access local files by exploiting insufficient policy enforcement in the WebView tag affecting Chrome's Gemini panel. Google patched the flaw in January 2026, but the vulnerability demonstrates risks in AI-integrated browser features.

North Korean threat actors published 26 malicious npm packages disguised as developer tools that used Pastebin content as a dead drop resolver for cross-platform RAT command and control as part of the ongoing Contagious Interview campaign. The supply chain attack targets developers and demonstrates sophisticated use of legitimate platforms for C2 infrastructure.

A phishing campaign uses fake Google Account security pages to deploy Progressive Web Apps (PWAs) that steal one-time passcodes, harvest cryptocurrency wallet addresses, and proxy attacker traffic through victims' browsers. The attack abuses PWA technology to create persistent access while appearing as legitimate Google security applications.

University of Hawaii Cancer Center confirmed a data breach following ransomware attack that exposed information from the Multiethnic Cohort Study established in 1993, which included driver's license numbers and voter registration records used to recruit participants. The breach highlights risks to sensitive research data spanning decades of collection.

U.S.-Israel and Iranian forces are actively trading cyberattacks including wiper malware deployment, DDoS attacks, and critical infrastructure disruption as part of escalating cyber warfare operations. The mutual cyber offensive operations represent a significant escalation in state-sponsored cyber conflict with potential for broader regional impact.