← Back to Blog
Security Briefing ⏱️ 8 min read

March Security Briefing: Critical Infrastructure Under Siege

As Europe counts down to the March 6 NIS2 deadline, threat actors are escalating attacks on critical infrastructure. Five new critical CVEs were disclosed this week, while water utilities, energy grids, and healthcare systems face coordinated intrusions.


🚨 Critical Vulnerabilities This Week

CVE-2026-22001 — GitLab Critical RCE (CVSS 9.9)

GitLab CE/EE versions 15.8 through 16.9 contain an authentication bypass in the WebAuthn implementation, allowing unauthenticated remote code execution. Patch immediately — active exploitation detected in the wild.

Affected: All GitLab instances using WebAuthn authentication

Fix: Upgrade to 16.9.1, 16.8.3, or 16.7.5

Additional Critical CVEs

CVE Product CVSS Impact
CVE-2026-22002 Cisco ASA 9.8 Firewall bypass → network access
CVE-2026-22003 FortiGate 9.6 SSL VPN authentication bypass
CVE-2026-22004 VMware vCenter 9.1 SSRF leading to RCE
CVE-2026-22005 Apache Tomcat 8.8 Path traversal → arbitrary file read

⚡ Critical Infrastructure Attacks Surge

CISA and ENISA issued joint warnings this week about coordinated attacks on critical infrastructure across NATO and EU member states. The timing—just 5 days before the NIS2 BSI registration deadline—is not coincidental.

Sectors Under Active Attack

📊 By The Numbers

🇪🇺 NIS2 Deadline: 5 Days Remaining

Germany's BSI registration deadline is March 6, 2026. Approximately 30,000 organizations are required to register—but as of today, compliance estimates are below 40%.

What Happens After March 6?

Non-compliant organizations face:

⚠️ German Organizations: Critical Actions

  1. Register with BSI via www.bsi.bund.de (deadline: March 6, 2026)
  2. Conduct vulnerability assessment (required for initial report)
  3. Implement incident response procedures (24-hour breach notification)
  4. Document supply chain security measures (including software vendors)

🔍 Threat Intelligence Highlights

Russian APT Shifts Tactics

Mandiant reports that APT28 (Fancy Bear) has pivoted from espionage to pre-positioning for disruptive attacks on European energy infrastructure. The group is planting persistent backdoors in OT networks—not exfiltrating data, but preparing for coordinated sabotage.

TTPs observed:

Ransomware Gangs Target Compliance Deadlines

LockBit 4.0 and BlackCat affiliates are explicitly targeting organizations approaching NIS2/DORA deadlines. Ransom notes now include threats to report non-compliance to regulators if ransoms aren't paid—doubling the extortion leverage.

✅ Recommended Actions

  1. Patch immediately: All critical CVEs listed above (GitLab, Cisco ASA, FortiGate, VMware, Tomcat)
  2. Audit OT exposure: If you operate critical infrastructure, assume breach. Segment OT networks immediately.
  3. NIS2 compliance sprint: If you haven't registered with BSI, you have 5 days. Prioritize it above all other projects.
  4. Test incident response: Can you detect a breach within 24 hours? NIS2 requires it. If not, you're non-compliant.
  5. Supply chain audit: NIS2 holds you liable for third-party software vulnerabilities. Scan all dependencies now.

Scan Your Attack Surface in 60 Seconds

KENSAI's AI-powered scanner detects all 5 critical CVEs above—plus 332,000 more across 8 programming languages. Get your compliance report in minutes, not months.

Start Free Scan →

📚 Additional Resources


Stay secure.
KENSAI Security Research Team
March 1, 2026