剣 KENSAI
← Back to archive

🛡️ KENSAI Security Intelligence

Thursday, March 12 — Friday, March 13, 2026
📡 5 Sources Monitored 📰 18+ Stories Analyzed ⏰ Report Generated 04:00 CET
3
Data Breaches
6
Critical CVEs
3
Ransomware / Wiper
4
Emerging Threats
🔓

Data Breaches

CRITICAL

Telus Digital Confirms Breach — Hacker Claims 1 Petabyte Stolen

Canadian BPO giant Telus Digital confirmed a multi-month security breach after threat actors claimed to have exfiltrated nearly 1 petabyte of data. The scale of this breach is extraordinary — one of the largest volumetric data thefts ever claimed.

BPOData ExfiltrationCanada
Source: BleepingComputer · Mar 12
HIGH

Bell Ambulance Data Breach — 238,000 Individuals Impacted

Hackers stole personal information including names, Social Security numbers, and driver's license numbers from Bell Ambulance, impacting 238,000 individuals. Healthcare sector continues to be a prime target.

HealthcarePIISSN Exposure
Source: SecurityWeek · Mar 12
MEDIUM

Loblaw (Canada's Largest Retailer) Notifies Customers of Breach

Canadian retail giant Loblaw forced all customers to log out of their accounts following a data breach. The company's digital services were temporarily disrupted as a precautionary measure.

RetailCustomer DataCanada
Source: BleepingComputer · Mar 12
🐛

Critical Vulnerabilities & Patches

CRITICAL

Veeam Backup & Replication — 4 Critical RCE Flaws

Veeam patched 4 critical remote code execution vulnerabilities in its Backup & Replication solution. Given Veeam's prevalence in enterprise environments, these flaws are high-priority targets for ransomware operators. Patch immediately.

RCEBackup InfrastructurePatch Now
Source: BleepingComputer · Mar 12
CRITICAL

Microsoft Patch Tuesday — 77 Vulnerabilities Fixed

Microsoft released fixes for 77 flaws including CVE-2026-21262 (SQL Server privilege escalation to sysadmin, CVSS 8.8), CVE-2026-26113 and CVE-2026-26110 (Office RCE via Preview Pane — no click needed). Two bugs were publicly disclosed prior to patching.

Patch TuesdaySQL ServerOffice RCE.NET
Source: KrebsOnSecurity · Mar 12
CRITICAL

N8n Workflow Automation — Server Takeover Vulnerabilities

Critical bugs in n8n allowed unauthenticated attackers to execute arbitrary code, steal credentials, and take over servers. Any organization running n8n should patch immediately — this is an unauthenticated RCE.

n8nUnauthenticated RCEWorkflow Automation
Source: SecurityWeek · Mar 12
HIGH

Cisco IOS XR — High-Severity Patches

Cisco patched high-severity vulnerabilities in IOS XR that could lead to DoS, command execution, or complete device takeover. Network infrastructure operators should prioritize.

CiscoNetwork InfrastructureDoS
Source: SecurityWeek · Mar 12
HIGH

Splunk & Zoom — Severe Vulnerabilities Patched

Critical and high-severity flaws in Splunk and Zoom could be exploited to execute arbitrary shell commands or elevate privileges. Both widely deployed in enterprise environments.

SplunkZoomShell Execution
Source: SecurityWeek · Mar 12
HIGH

Apple Backports Coruna Exploit Kit Patches to Legacy iOS

Apple released iOS 15.8.7 and 16.7.15 to patch CVE-2023-43010 (WebKit memory corruption) used in the Coruna exploit kit for cyberespionage and crypto-theft. Targets older iPhones/iPads that can't run latest iOS.

AppleWebKitExploit KitEspionage
Source: THN + BleepingComputer + SecurityWeek · Mar 12
HIGH

WordPress "Ally" Plugin — SQL Injection Affecting 200K+ Sites

A flaw in the Ally WordPress plugin exposes over 200,000 websites to SQL injection attacks, allowing attackers to extract sensitive database information.

WordPressSQLi200K Sites
Source: SecurityWeek · Mar 12
💀

Ransomware & Destructive Attacks

CRITICAL — NATION STATE

MedTech Giant Stryker Crippled by Iran-Linked Wiper Attack

The Iran-backed hacktivist group Handala (linked to MOIS/Void Manticore) claims to have wiped data from 200,000+ systems across Stryker's global operations. 5,000+ workers in Ireland sent home. Offices in 79 countries affected. Employee personal devices with Outlook were also wiped. Login pages defaced with Handala logo. Company phone lines report "building emergency."

This is one of the most impactful wiper attacks against a Western corporation in years — a $25B company essentially offline globally.

Nation StateIran / MOISWiperHandalaMedTech
Source: KrebsOnSecurity + SecurityWeek · Mar 12–13
HIGH

England Hockey Hit by AiLock Ransomware

England Hockey, the national governing body for field hockey, is investigating a potential data breach after the AiLock ransomware gang listed them on their leak site. Sports organizations increasingly targeted.

AiLockSportsUK
Source: BleepingComputer · Mar 12
HIGH

AI-Generated "Slopoly" Malware Used in Interlock Ransomware Attack

A new AI-generated malware strain called Slopoly was used in an Interlock ransomware attack, allowing threat actors to maintain persistence for over a week and exfiltrate data before deploying ransomware. Signals growing use of AI in malware development.

AI-Generated MalwareInterlockPersistence
Source: BleepingComputer · Mar 12
🔬

Emerging Threats & Research

CRITICAL

VENON Banking Trojan — Rust-Based Malware Targeting 33 Brazilian Banks

A new Rust-based banking trojan called VENON targets 33 Brazilian banks using overlay attacks, active window monitoring, and LNK hijacking. The shift from Delphi to Rust signals malware authors adopting modern, harder-to-analyze languages.

Banking TrojanRustBrazilOverlay Attack
Source: The Hacker News · Mar 12
HIGH

Six New Android Malware Families Target Pix Payments & Crypto Wallets

Zimperium discovered 6 new Android malware families: PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, Oblivion RAT, and SURXRAT. PixRevolution hijacks Brazil's Pix instant payment transfers in real-time. Some use AI/human operators watching victims' screens live.

AndroidMobile BankingPixRAT
Source: The Hacker News · Mar 12
HIGH

AI Agentic Browsers Vulnerable to Phishing — Perplexity's Comet Tricked in 4 Minutes

Guardio researchers demonstrated that AI-powered agentic browsers (like Perplexity's Comet) can be tricked into phishing scams by exploiting the AI's tendency to reason and narrate actions. Attackers manipulate the reasoning process to lower security guardrails.

AI SecurityAgentic AIBrowserPhishing
Source: The Hacker News · Mar 11
INTEL

Polyfill Supply Chain Attack (2024) Now Linked to North Korea

The 2024 Polyfill.io supply chain attack impacting 100K+ websites was initially attributed to China but new evidence from an infostealer infection reveals North Korean involvement. Highlights the ongoing attribution challenges in supply chain attacks.

Supply ChainNorth KoreaAttribution
Source: SecurityWeek · Mar 12
⚖️

Law Enforcement & Industry

INFO

US Disrupts SocksEscort Proxy Network

US and European law enforcement disrupted the SocksEscort cybercrime proxy network, which used edge devices compromised via AVRecon Linux malware. A significant takedown of criminal infrastructure.

TakedownProxy NetworkIoT
Source: BleepingComputer · Mar 12
INFO

Meta Disables 150K+ Scam Center Accounts in Asia

Meta launched new protection tools and disabled over 150,000 accounts powering scam centers across Asia. Continuing their crackdown on organized fraud operations.

MetaScam CentersAsia
Source: SecurityWeek · Mar 12
INFO

Wiz Joins Google Cloud — $32B Acquisition Closes

Google completed its landmark $32 billion acquisition of cloud security company Wiz. Wiz will maintain its brand within Google Cloud. The largest cybersecurity acquisition in history.

M&AGoogle CloudWiz$32B
Source: SecurityWeek · Mar 12
INFO

Google Paid $17.1M in Bug Bounties in 2025

Google's Vulnerability Reward Program paid out $17.1 million to 747 researchers in 2025, demonstrating continued investment in crowdsourced security.

Bug BountyGoogle VRP
Source: BleepingComputer · Mar 12
INFO

Senate Confirms Joshua Rudd as NSA & Cyber Command Chief

The US Senate confirmed Joshua Rudd to lead both the NSA and US Cyber Command under the "dual-hat" arrangement.

GovernmentNSAUSCYBERCOM
Source: SecurityWeek · Mar 12

🎯 KENSAI Analysis — What Matters for Our Customers

  • Veeam RCE + Ransomware Convergence: Backup infrastructure is now a primary attack target. Organizations using Veeam must patch immediately — ransomware operators actively exploit backup systems to prevent recovery. KENSAI's infrastructure scanning detects exposed Veeam instances.
  • AI-Generated Malware is Production-Ready: The "Slopoly" malware used in the Interlock attack was AI-generated and effective enough for a week-long intrusion. This lowers the barrier for sophisticated attacks — exactly why AI-powered defense (KENSAI) must match AI-powered offense.
  • Nation-State Wipers Going Commercial: The Stryker attack by Handala/MOIS shows state-backed groups deploying devastating wipers against Western companies. 200K+ devices wiped in a single operation. NIS2 compliance requirements for incident response and resilience are not optional.
  • WordPress Plugin Exposures (200K sites): The Ally plugin SQLi affects 200K+ sites. KENSAI's DAST capabilities can detect these injection points automatically before attackers do.
  • Supply Chain Attribution is Shifting: Polyfill attack re-attributed from China to North Korea. Organizations need continuous dependency monitoring — KENSAI's SBOM analysis catches compromised packages.
  • Patch Tuesday Priority: Microsoft Office Preview Pane RCE (CVE-2026-26113/26110) requires zero clicks. SQL Server elevation to sysadmin (CVE-2026-21262) is network-exploitable. Both are high priority for any DACH enterprise running Microsoft infrastructure.