Threat Pulse – March 2026

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats.

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.

DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the most comprehensive Threat Intelligence and Open Threat Exchange databases available worldwide.

Cyber Incidents in March

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer 

What happened:  

On March 24, 2026, the widely used Python package litellm, a popular abstraction layer for interacting with LLMs, was compromised and two malicious versions (1.82.7 and 1.82.8) were published to PyPI.  

The malicious versions were available for roughly three hours before PyPI quarantined the package, but given the package’s approximately 3.4 million daily downloads, exposure could have been significant.  

Who was behind it:  

The attack was claimed by TeamPCP, the same hacking group responsible for the recent breach of Aqua Security’s Trivy vulnerability scanner. The attackers obtained the LiteLLM maintainer’s PyPI credentials through the prior Trivy compromise, which was used in LiteLLM’s CI/CD security scanning workflow.  

How the attack worked:  

The malicious code operated as a multi-stage payload. The first stage harvested credentials including SSH keys, cloud tokens, Kubernetes secrets, crypto wallets, and .env files.  

The second stage attempted lateral movement across Kubernetes clusters by deploying privileged pods to every node.  

The third stage installed a persistent systemd backdoor disguised as a “System Telemetry Service” that periodically contacted a remote server to download and execute additional payloads.  

Version 1.82.8 was particularly aggressive, it installed a .pth file that Python automatically processes on interpreter startup, meaning the malicious code would execute whenever Python ran, even if LiteLLM was never imported.  

Why litellm was a high-value target: As litellm typically sits between applications and multiple AI service providers, it often has access to API keys, environment variables, and other sensitive configuration data, allowing attackers to intercept and exfiltrate secrets without directly breaching upstream systems.  

How it was discovered: Ironically, a bug in the malicious payload, a fork bomb that spawned runaway processes, caused systems to crash, which is what triggered the initial analysis. Without that coding error, the credential stealer could have run silently for much longer.  

Remediation guidance: Organisations that installed either compromised version should treat all credentials on affected systems as compromised and rotate them immediately, pin LiteLLM to a known safe version such as v1.82.6, and cheque whether the package was pulled in as a transitive dependency by other AI frameworks.  

LiteLLM Several major projects were affected as transitive dependencies, including Microsoft GraphRAG, Google ADK Python, browser-use, and crawl4ai. 

Stryker Cyber Attack 

What happened:  

On March 11, 2026, global medical technology giant Stryker experienced a severe cyberattack that deployed wiper malware to permanently erase data from its network. The breach primarily targeted the company’s headquarters in Cork, Ireland, leaving thousands of employees unable to access critical systems, and disrupted operations worldwide.  

Who was behind it:  

An Iran backed hacktivist group called Handala claimed credit for the attack, stating it was in retaliation for a Feb. 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children.  

Handala is reported to have links to Iran’s Ministry of Intelligence and Security (MOIS), with assessments stating it’s an online persona maintained by a MOIS-affiliated actor known as Void Manticore.  

How the attack worked:  

According to a source familiar with the attack, Handala managed to compromise a Microsoft Intune admin account and used it to create a new Global Administrator account. With that master account, they initiated remote wipe commands, erasing data from nearly 80,000 devices in a matter of hours.  

Rather than deploying traditional malware, the attackers weaponised Microsoft’s own Intune device-management platform to issue remote wipe commands against all connected devices.  

Scale of the damage:  

The hackers claimed to have stolen 50 terabytes of data and wiped information from thousands of servers and mobile devices. The attack caused erasure of data on Intune-managed devices (including work computers and personal smartphones with corporate profiles), a complete operational shutdown of servers and applications across the global network, and defacement of login screens with the Handala logo.  

However, investigators have disputed Handala’s data exfiltration claims, saying they found no evidence that any data was actually removed.  

Real world impact:  

Stryker is a major supplier of medical devices, and the attack directly affected healthcare providers. One professional at a major US university medical system said they were unable to order surgical supplies normally sourced through Stryker, calling it “a real-world supply chain attack” given that virtually every US hospital performing surgeries uses their products.  

Stryker’s ability to process orders, manufacture, and ship devices was disrupted.  

Response and recovery:  

Stryker confirmed in an SEC filing that the attack has been contained, with no indication that customers, suppliers, vendors or other partners were affected. The company assured that all its medical products, including connected and life-saving technologies, remain safe to use, and that the attack was contained to its internal Microsoft environment.  

As of late March, the company has been working to restore manufacturing, ordering, and shipping operations. CISA also urged security teams across the country to harden their endpoint security due to concerns that other Microsoft Intune environments could be targeted similarly. 

Remediation guidance: 

Organisations can strengthen their security posture against attacks like the one Stryker experienced by enforcing multi-factor authentication (ideally phishing-resistant methods like FIDO2 keys) on all privileged accounts, applying the principle of least privilege, and using just-in-time access so that no single account can unilaterally execute mass device actions such as remote wipes.  

Device management platforms like Microsoft Intune should be treated as critical infrastructure, with alerts configured for anomalous bulk commands and the creation of new Global Admin accounts, and destructive actions should require multi-party approval above a certain threshold. Administrative access should be tiered and segmented so that compromise at one level cannot cascade to full environment control, and privileged tasks should only be performed from dedicated Privileged Access Workstations.  

Because the Stryker attack was a destructive wiper rather than ransomware, incident response plans should account for deliberate data destruction scenarios, and organisations should maintain offline, immutable backups that cannot be reached through cloud admin consoles. Regular audits of Microsoft 365 Secure Score and Entra ID configurations are essential, particularly given CISA’s warning that other Microsoft Intune environments could be similarly targeted.  

European Commission – Cloud Infrastructure Breach  

What happened: 

The European Commission discovered a cyberattack targeting the cloud infrastructure (AWS) that hosts its Europa.eu web platform. The attackers gained access to at least one AWS account and are claimed to have exfiltrated over 350 GB of data, including databases, documents, and mail server contents. 

Who was behind it: 

The ShinyHunters extortion gang claimed responsibility for the breach. ShinyHunters is a well-known cybercriminal group that specialises in breaching cloud environments and selling or leaking stolen data. 

How the attack worked: 

The specific initial access vector has not been publicly disclosed. The breach targeted the Commission’s Amazon Web Services account hosting its public-facing web presence. The attackers accessed and exfiltrated data from websites on the Europa.eu platform.  

Internal Commission systems were reportedly not compromised, suggesting some level of segmentation between public web hosting and core networks. 

Scale of the damage: 

• 350+ GB of data reportedly stolen, including databases, confidential documents, contracts, and mail server contents 
• This was the Commission’s second data breach in 2026 (an earlier incident in February also affected employee data) 
• Full scope under investigation 

Real world impact: 

While Europa.eu websites remained available throughout, the breach raises serious concerns about the security of EU institutional cloud infrastructure, particularly given the EU’s own push for tighter cyber security regulation (NIS2, Cyber Resilience Act).  

The incident demonstrates that even organisations driving regulatory standards can fall victim to cloud-based attacks. 

Response and recovery: 

The Commission said it took immediate steps to contain the attack, implemented risk mitigation measures, and launched an investigation. EU entities potentially affected by the data theft are being notified.  

AWS confirmed its own infrastructure was not compromised and that services operated as designed. 

Remediation Guidance: 

• Enforce least-privilege IAM policies and credential rotation on cloud accounts. 
• Enable comprehensive cloud logging (CloudTrail, GuardDuty) and real-time alerting for anomalous data access or bulk downloads. 
• Segment public-facing web hosting environments from internal systems with strict network boundaries. 
• Conduct regular cloud security posture assessments (CSPM) and penetration testing on public-sector cloud estates. 

FBI Director Kash Patel – Personal Email Breach  

What happened: 

Iran-linked hackers claimed to have breached the personal Gmail account of FBI Director Kash Patel, leaking photographs, a resume, and over 300 emails (a mix of personal and work correspondence dating from 2010–2019) onto the internet. 

Who was behind it: 

Handala Hack Team (the same Iran-linked MOIS front group responsible for the Stryker attack above). The group said the Patel hack was in direct retaliation for the FBI’s seizure of four Handala domains on 19th March. 

How the attack worked: 

The specific compromise method has not been confirmed. However, the Gmail address matched one already associated with Patel in previous data breaches catalogued by dark web intelligence firm District 4 Labs, suggesting credential reuse or access via previously compromised credentials may have been a factor.  

Iranian hackers had also accessed Patel’s communications in a separate 2024 campaign. 

Scale of the damage: 

• Personal photos, a CV, and 300+ emails published online 
• The FBI confirmed the breach was of Patel’s personal account only; no government or classified information was involved 
• The leaked material was historical (pre-2019) 

Real world impact: 

This was part of a broader Iranian psychological operations campaign, pairing destructive cyberattacks (Stryker) with hack-and-leak operations designed to embarrass senior officials and create the impression of systemic vulnerability.  

The FBI responded by offering up to $10 million in rewards for information on Handala members. The incident underscores the personal cyber risk facing senior government officials.  

Response and recovery: 

The FBI stated it had taken all necessary steps to mitigate risks. The DOJ had already seized four Handala domains on 19 March. The State Department’s Rewards for Justice programme posted the $10 million bounty.  

Handala’s social media accounts have been repeatedly suspended but the group continues to reconstitute on new platforms. 

Remediation guidance: 

• Senior officials and executives should use phishing-resistant MFA on all personal accounts, not just official ones. 
• Separate personal and professional digital identities; avoid reusing passwords or email accounts across contexts. 
• Maintain a strong password policy for personal accounts. 

F5 BIG-IP – Critical RCE Vulnerability Exploited in the Wild  

What happened: 

A vulnerability in F5’s BIG-IP Access Policy Manager (CVE-2025-53521), initially classified as a denial-of-service flaw, was reclassified to a critical remote code execution (RCE) vulnerability in March 2026 after new exploitation evidence emerged. CISA added it to the Known Exploited Vulnerabilities catalogue, confirming active exploitation in the wild. 

Who was behind it: 

No specific threat actor has been publicly attributed. Active exploitation has been confirmed by F5 and CISA, suggesting opportunistic and possibly state-level scanning and exploitation across sectors. 

How the attack worked: 

The flaw affects BIG-IP APM when an access policy is configured on a virtual server. Specific malicious traffic can trigger remote code execution on the appliance. F5 originally patched the issue as a DoS bug, but “new information obtained in March 2026” led to reclassification as RCE (CVSS v4: 9.3). Attackers are exploiting vulnerable, unpatched BIG-IP instances. 

Scale of the damage: 

• BIG-IP is widely deployed across financial services, government, healthcare, and telecoms, including many UK CNI organisations 
• The exact number of compromised organisations is not yet public 
• Concurrent active exploitation of a separate Fortinet FortiClient EMS vulnerability was also reported in the same period 

Real world impact: 

BIG-IP appliances sit at the network perimeter of many critical infrastructure environments, handling authentication, traffic management, and access control. Successful RCE on these devices gives attackers a foothold inside otherwise well-defended networks.  

Organisations running unpatched BIG-IP are at immediate risk of network compromise. 

Response and recovery: 

CISA added CVE-2025-53521 to its KEV catalogue, triggering mandatory patching timelines for US federal agencies. F5 updated its advisory and confirmed active exploitation.  

Organisations are urged to patch immediately or apply vendor recommended mitigations. 

Remediation guidance: 

• Patch all F5 BIG-IP instances immediately to the latest fixed version. 
• If patching is not immediately possible, restrict management interface access to trusted networks only and disable unused features. 
• Review BIG-IP access logs for indicators of compromise. 
• Implement network-level monitoring for anomalous traffic to/from BIG-IP appliances. 
• Extend this posture review to all perimeter appliances, Fortinet, Citrix NetScaler, and Palo Alto devices have also seen active exploitation in 2026. 

Microsoft March 2026 Patch Tuesday Summary 

Microsoft’s March 2026 Patch Tuesday addressed over 80 vulnerabilities across Windows, Office, Azure, SQL Server, and .NET, including two publicly disclosed zero-days and eight critical flaws, with none actively exploited at release. The zero-days were a SQL Server privilege escalation bug (CVE-2026-21262) and a .NET denial-of-service flaw (CVE-2026-26127).  

The most severe critical issue was CVE-2026-21536 (CVSS 9.8), an unauthenticated RCE in the Devices Pricing Program, mitigated server-side. Two Office RCE flaws (CVE-2026-26110, CVE-2026-26113) were exploitable via the preview pane without opening a file, and an Excel XSS bug (CVE-2026-26144) could trigger Copilot Agent data exfiltration in a zero-click attack.  

Six privilege escalation flaws were rated “more likely” to be exploited, targeting the Windows Kernel, Graphics Component, and Accessibility Infrastructure, with the latter granting SYSTEM-level access across nearly all modern Windows installations. Additional patches covered a PrintNightmare-like Print Spooler RCE, an Azure MCP Server SSRF leaking identity tokens, a Microsoft Authenticator man-in-the-middle risk on mobile, SharePoint RCE flaws, multiple Excel code execution bugs, and 10 Chromium fixes in Edge. 

Adobe March 2026 Patch Tuesday Summary 

Adobe released eight security advisories in March 2026 addressing 80 vulnerabilities across Commerce, Illustrator, Substance 3D Painter, Acrobat Reader, Premiere Pro, Experience Manager, Substance 3D Stager, and the DNG SDK, with 21 rated critical. The flaws expose users to arbitrary code execution, privilege escalation, XSS, and security feature bypass, with no exploits reported in the wild.  

Adobe Commerce alone had 19 security vulnerabilities including six classified as critical, and Illustrator had seven vulnerabilities with five rated critical allowing code injection. Experience Manager received patches for 33 stored XSS flaws, and Substance 3D Painter had nine important-severity issues. 

Docker March 2026 Vulnerability Summary 

CVE-2026-28400, disclosed in late February and patched in the March Docker Desktop 4.61.0 release, is a runtime flag injection flaw in Docker Model Runner that allows local attackers to create denial-of-service conditions or, in specific configurations, achieve container escape by overwriting the Docker Desktop VM disk.  

Docker also addressed CVE-2026-2664, an out-of-bounds read in the gRPC-FUSE kernel module, fixed in the 4.62.0 release. 

GitHub March 2026 Vulnerability Summary 

CVE-2026-3854 is a high-severity remote code execution vulnerability in GitHub Enterprise Server where unsanitised Git push option values allowed attackers with push access to inject malicious metadata and execute arbitrary code, fixed across versions 3.14.24 through 3.19.3. 

Additional March 2026 fixes for Enterprise Server included CVE-2026-1355 (migration upload authorisation bypass), CVE-2026-1999 (unauthorised pull request merging), CVE-2026-2266 (XSS via task list rendering bypassing CSP), CVE-2026-3582 (private repository search scope bypass), and CVE-2026-3306 (project metadata permission bypass). 

WordPress March 2026 Vulnerability Summary 

WordPress released security update 6.9.4 addressing 10 security issues, and during March 2026, over 330 new vulnerabilities emerged weekly in the WordPress ecosystem across plugins and themes, with 120 remaining unpatched in a single week.  

WordPress 6.9.3 was also issued as a mandatory security and maintenance update following version 6.9.2 which had introduced a display bug, with the combined updates addressing 10 security vulnerabilities. 

Ubiquiti UniFi March 2026 Vulnerability Summary 

CVE-2026-22557, published on 18 March 2026, is a maximum-severity (CVSS 10.0) path traversal vulnerability in the Ubiquiti UniFi Network Application allowing unauthenticated attackers to access and manipulate files on the underlying system to achieve full account takeover with no user interaction required. A companion vulnerability, CVE-2026-22558 (CVSS 7.7), is a NoSQL injection flaw allowing privilege escalation that can be chained with CVE-2026-22557 for initial access followed by administrative rights escalation.  

Censys observed nearly 88,000 exposed UniFi Network Application hosts publicly accessible on the internet. 

Ubuntu March 2026 Security Summary 

Ubuntu issued multiple security notices in March 2026, including fixes for Go Networking vulnerabilities, Dovecot security issues, Ruby information disclosure, and Pillow flaws, among others across various Ubuntu LTS releases. 

Amazon Web Services (AWS) March 2026 Vulnerability Summary 

Researchers disclosed AI-related flaws affecting Amazon Bedrock’s Code Interpreter, which could be abused for bidirectional DNS-based command-and-control, data exfiltration from S3 buckets, and reverse shell access when overprivileged IAM roles are assigned.  

AWS also issued Amazon Linux 2023 live patches in March 2026 addressing Linux kernel vulnerabilities including IPv6 and io_uring flaws. 

Cloudflare March 2026 Summary 

Cloudflare’s 2026 Threat Report disclosed CVE-2026-22813 (CVSS 9.4), a critical flaw in markdown rendering pipelines discovered through internal AI-driven self-analysis, allowing unauthenticated remote code execution.  

Cloudflare’s WAF also rolled out new detection rules throughout March 2026 for various third-party vulnerabilities. 

IBM MQ March 2026 Vulnerability Summary 

IBM published a security bulletin in March 2026 addressing multiple CVEs affecting IBM MQ, including CVE-2026-22795 and CVE-2026-2279 related to OpenSSL vulnerabilities (NULL pointer dereference and type confusion in PKCS#7/PKCS#12 processing), as well as several other OpenSSL-related flaws.  

These affect the Advanced Message Security (AMS) component of IBM MQ. Remediation was made available through MQ fix packs. Additionally, CVE-2026-1713, an authority vulnerability in IBM MQ Appliance allowing unintended access to the SYSTEM.AUTH.DATA.QUEUE (CVSS 5.5), was disclosed in February 2026 with fixes delivered in the 9.4.0.20 and 9.4.5.0 firmware releases. 

SAP March 2026 Security Patch Day Summary 

SAP’s March 2026 Security Patch Day, released on 10 March, delivered 15 new security notes including two critical-severity vulnerabilities and one high-priority issue. The most severe was a code injection vulnerability in SAP Quotation Management Insurance (FS-QUO) stemming from an outdated Apache Log4j 1.2 dependency (CVE-2019-17571, CVSS 9.8), enabling unauthenticated remote code execution through the quotation scheduler module. 

The second critical flaw was an insecure deserialisation vulnerability in SAP NetWeaver Enterprise Portal Administration (CVE-2026-27685, CVSS 9.1), which could allow high-privileged attackers to upload untrusted data leading to arbitrary code execution or privilege escalation.  

A high-severity denial-of-service vulnerability in SAP Supply Chain Management (CVE-2026-27689, CVSS 7.7) allowed authenticated attackers to exhaust system resources through an uncontrolled loop parameter.  

The remaining 11 medium-severity and one low-severity notes addressed SQL injection (CVE-2026-27684), SSRF (CVE-2026-24316), multiple missing authorization checks, XSS in SAP Business One, DLL hijacking, insecure storage, and outdated OpenSSL in NetWeaver AS Java Adobe Document Services, affecting SAP NetWeaver, S/4HANA, Business Warehouse, Customer Checkout, and SAP GUI for Windows. 

Zoom March 2026 Vulnerability Summary 

Zoom released patches in March 2026 for three high-severity vulnerabilities in Zoom Clients for Windows that could be exploited by local attackers to escalate privileges. CVE-2026-30903 specifically allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths in Zoom Workplace for Windows.  

These were in addition to the critical CVE-2026-22844 (CVSS 9.9) command injection flaw in Zoom Node Multimedia Routers disclosed in January 2026, for which patching activity continued into March. 

Common Attack Vectors in March 2026 

Phishing and Social Engineering – covering AI-enhanced phishing, vishing overtaking email phishing for cloud environments, trusted platform abuse (Dropbox/DocuSign as delivery mechanisms), and MFA fatigue/bypass techniques. 

Supply Chain Compromise – open-source package poisoning (Trivy/LiteLLM/CanisterWorm), SaaS-to-SaaS integration abuse, MSP compromise as a force multiplier, and CI/CD pipeline attacks achieving full cloud compromise within 72 hours. 

Ransomware and Extortion – the industrialised ecosystem of initial access brokers, double/triple extortion, ransomware-as-a-service, and the emerging shift to cloud-targeted ransomware against environments such as Microsoft 365. 

Identity and Credential Attacks – Credential abuse accounts for 22% of all breaches according to Verizon’s DBIR, and identity-based attacks now represent roughly 30% of all intrusions. The FICOBA breach demonstrated the risk starkly: 1.2 million bank accounts exposed through a single set of stolen government credentials. Attackers sign in using stolen credentials, session tokens, or compromised authentication flows, then move across systems and escalate privileges while appearing as legitimate users.

Machine identities, API keys, service accounts, and automation credentials, now dramatically outnumber human identities and are often entirely unmanaged. Unmanaged devices were behind 46% of compromised systems.

With the Cybersecurity Information Sharing Act set to expire in September 2026, institutions face potential loss of legal protections for threat intelligence sharing at a critical moment. 

Cloud Misconfiguration and Exploitation – misconfigurations as the most common cloud vulnerability, living-off-the-cloud techniques, and cloud account compromise at institutional scale. 

Exploitation of Public-Facing Applications and Appliances – the actively exploited F5 BIG-IP, Fortinet, and Citrix vulnerabilities as of March 2026, with a 44% year-on-year increase in public-facing application exploitation. 

AI-Enabled Attack Techniques – automated spear-phishing, deepfake fraud (700% increase), AI-assisted reconnaissance at machine speed, and the AI toolchain itself becoming an attack surface. NIST’s adversarial AI research highlights how attackers exploit AI systems through data poisoning, model manipulation, and malicious prompt injection.

AI enables persona-based fraud at scale, with attackers generating synthetic identities, automating credential stuffing, and crafting deepfake audio or video to authorise fraudulent transactions. 

Nation-State Espionage and IP Theft – Chinese and Russian-aligned groups infiltrate networks to steal proprietary designs and technologies and sensitive data. Mandiant’s M-Trends 2026 documented the BRICKSTORM backdoor deployed on appliances that do not support EDR, with attackers cloning virtual machines containing identity providers and domain controllers to circumvent security alerting entirely. 

DDoS and Service Disruption – finance is the top-targeted industry for denial-of-service attacks. DDoS remains strategically important to adversaries because financial institutions are dependent on round-the-clock availability, and even brief outages erode customer trust and trigger regulatory scrutiny. The Iran conflict heightened DDoS risk, with the NY DFS explicitly urging financial entities to review operational resilience procedures for prolonged system disruptions.

Geopolitically motivated hacktivist groups have historically used DDoS against financial infrastructure to amplify conflict narratives and signal capability. 

IT/OT Convergence Exploitation – PLCs, SCADA systems, HMI panels, and DCS controllers run on embedded operating systems that cannot be patched, communicating over protocols like Modbus and DNP3 with no built-in authentication. Only 22% of OT incidents are remediated within 48 hours, and in 30% of Dragos incident response cases, investigations began not with a detection alert but with someone noticing that “something seemed wrong” in operations, because the telemetry to identify adversary activity had never been collected. 

Remote Access and VPN Exploitation – a common ransomware entry point. Attackers use stolen credentials to authenticate into VPN portals, firewall interfaces, and vendor tunnels, then leverage RDP, SMB/PsExec, WinRM, and SSH to move laterally toward VMware ESXi hypervisors and OT-support servers.  

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, while you take care of business.

Talk to the team to see how you can start protecting your business against cyberattacks today.