Latest Internet & Cybersecurity News

đź“…March 7, 2026 at 1:00 PM
FBI surveillance network breached, cybercrime forum dismantled, Iranian cyber threats escalate, and zero-day exploits surge targeting enterprises globally.
1

FBI Surveillance Network Breach Confirms Sophisticated Attack on Wiretap Systems

The FBI disclosed a breach of its Digital Collection System Network (DCSNet), which manages court-approved wiretaps and surveillance orders, with suspicious activity first detected on February 17 and publicly confirmed on March 5Source 4Source 6. The attack exploited commercial ISP infrastructure using sophisticated, still-unidentified techniques, potentially exposing sensitive law enforcement data and personally identifiable information related to FBI investigationsSource 6Source 7. The White House, NSA, and CISA are assisting the investigation, though the perpetrator remains unconfirmed despite comparisons to the 2024 Salt Typhoon breachSource 6Source 7.

2

International Law Enforcement Dismantles LeakBase Cybercrime Forum

A coordinated operation across 14 countries, known as Operation Leak, shut down LeakBase, a major cybercrime marketplace with over 142,000 members active since 2021Source 2Source 3. Law enforcement seized the platform's domains and database on March 3-4, 2026, making arrests and conducting search warrants targeting 37 of the forum's most active usersSource 2. The forum had facilitated account takeovers, financial fraud, and network intrusions by trading stolen credentials and hacking toolsSource 2.

3

Russian-Led Campaign Targets Ukraine with New Malware Families BadPaw and MeowMeow

Cybersecurity experts identified a new Russian cyber campaign deploying previously unknown malware families BadPaw and MeowMeow against Ukrainian organizations, using phishing emails with fake border crossing documentsSource 2. The malware includes sophisticated features like system age checking to avoid detection and backdoor capabilities for remote device controlSource 2. A complementary phishing tool called Starkiller has emerged, capable of bypassing multi-factor authentication through real-time proxying and headless browsersSource 2.

4

Iran Escalates Regional Conflict with Missile, Drone, and Cyber Attacks

Iran has launched missile and drone attacks targeting Israel and U.S. positions while activating proxy groups including Hezbollah and the Houthis, accompanied by increased cyber operations from state-sponsored hacking and ransomware groupsSource 1. Iranian cyber operations target critical infrastructure including energy companies, shipping ports, financial institutions, and utilities, leveraging difficulty of attribution to conduct attacks during heightened geopolitical tensionSource 1. Analysts identify three converging red flags: direct military expansion, global energy and shipping instability, and asymmetric cyber and infrastructure attacksSource 1.

5

Phobos Ransomware Operator Pleads Guilty After Collecting $39 Million in Ransom

Russian national Evgenii Ptitsyn pleaded guilty to wire fraud conspiracy for operating the Phobos ransomware operation, which has targeted over 1,000 organizations worldwide since 2020, including schools, hospitals, and government agenciesSource 3. The operation collected more than $39 million in ransom payments through a affiliate model where attackers paid Ptitsyn fees in exchange for decryption keysSource 3. This case highlights the scale and sophistication of organized ransomware-as-a-service operationsSource 3.

6

Nearly Half of Exploited Zero-Day Flaws Target Enterprise Technology in 2026

Google Threat Intelligence Group reported that 90 zero-day vulnerabilities were exploited in the wild during 2025, with almost half targeting enterprise-grade technology, marking an all-time highSource 5. China-nexus espionage groups were attributed to at least 10 zero-days in 2025, double the 2024 figure, including attacks on Juniper MX routers and campaigns involving Brickstorm malwareSource 5. The report warns that AI will increasingly accelerate vulnerability discovery, weaponization, and exploit deployment in 2026Source 5.

7

Commercial Surveillance Vendors Now Lead in Zero-Day Exploitation

For the first time, commercial surveillance vendors surpassed state-sponsored espionage groups in zero-day attacks, involved in more than one-third of such incidents in 2025Source 5. Of 42 unique zero-days attributed to specific actors, surveillance vendors were involved in 15 compared to 12 linked to state-sponsored groupsSource 5. This shift highlights the growing commercialization and proliferation of sophisticated zero-day capabilities across threat ecosystemsSource 5.

8

Coruna iOS Exploit Kit Spreads From Surveillance Vendors to Cybercriminals

Researchers exposed the Coruna exploit kit, which includes advanced techniques like WebKit remote code execution and kernel privilege escalation, spreading from surveillance vendors to Russian espionage groups and financially-motivated cybercriminalsSource 3. The kit was used by suspected Russian group UNC6353 in 2025 for watering hole attacks targeting Ukrainian websites, and later appeared on fake cryptocurrency sites linked to criminal actorsSource 3. Once exploited, Coruna deploys PlasmaLoader to steal cryptocurrency wallet data and sensitive information from victimsSource 3.

9

Hacktivist Groups Launch Coordinated DDoS Attacks Following U.S.-Israel Military Strikes

Three main hacktivist groups—Keymous+, DieNet, and NoName057(16)—were responsible for nearly 70% of observed attack activity between February 28 and March 2, 2026, following U.S.-Israel military operationsSource 3. Pro-Palestinian hacktivist collective Hider Nex (Tunisian Maskers Cyber Force) launched the first recorded attack during this period, combining DDoS attacks with data breaches to support geopolitical messagingSource 3. The activity demonstrates the rapid mobilization of hacktivist networks in response to geopolitical eventsSource 3.

10

Breaches Increase While Victim Numbers Decline but Impact Intensifies

A March 6, 2026 cybersecurity report indicates that breaches have increased overall, though the number of individual victims per breach has decreased, suggesting attackers are targeting fewer but higher-value organizationsSource 10. The average impact and cost of breaches has strengthened, with costs increasingly passed to consumers rather than being absorbed by organizationsSource 10. This trend reflects a strategic shift toward attacking critical infrastructure and enterprise targets with greater financial or operational consequencesSource 10.

11

AI Weaponization Accelerates Cybersecurity Threats in 2026

Security analysts warn that artificial intelligence will be increasingly used by threat actors to speed up and scale attacks in 2026, enhancing reconnaissance, vulnerability discovery, and exploit developmentSource 5. The integration of AI into attack workflows could enable exploitation faster than defensive responses, according to senior vulnerability intelligence analysts at Google Threat IntelligenceSource 5. Organizations are urged to prioritize rapid vulnerability patching and threat intelligence sharing to counter AI-accelerated attack capabilitiesSource 5.

Back to News