Executive Summary The latest threat analysis conducted by CheckPoint reveals a strategic shift among Iranian Ministry of Intelligence and Security (MOIS) linked actors. Instead of merely masquerading as cyber criminals, these groups are actively integrating criminal
Continue ReadingMonth: March 2026
NotDoor Outlook Macro Threat Analysis
Overview In early March 2026 the Splunk Threat Research Team released a detailed examination of the NotDoor backdoor, a sophisticated malware family that exploits native Outlook macros and DLL sideloading to establish persistence and exfiltrate data
Continue ReadingOkta SMS Pumping Threat Advisory
In early March 2026, Okta Threat Intelligence released a comprehensive threat advisory titled SMS Pumping | Threat Advisory | Okta Threat Intelligence. The report details a coordinated, high‑volume campaign that exploits disposable email infrastructure and commodity
Continue ReadingOAuth Device Code Phishing Exploits Microsoft Accounts
Threat Overview In the past week, security researchers have identified a surge in phishing campaigns that target Microsoft OAuth Device Code flow, a feature designed to simplify authentication for devices that lack input capabilities. The technique,
Continue ReadingCritical Cisco FMC Vulnerability Enables Full System Takeover
Threat Overview On March 4, 2026, Cisco released a bundled security advisory (ERP‑75736) that highlighted 48 vulnerabilities across its Secure Firewall ASA, Secure Firewall Management Center (FMC), and Secure Threat Defense (FTD) software. Among these, two
Continue ReadingSigned Malware Mimicking Workplace Apps Deploys RMM Backdoors
In early 2026, a sophisticated phishing campaign surfaced that leveraged digitally signed malware to masquerade as trusted workplace applications. Threat actors distributed malicious executables that appeared to be legitimate software such as Microsoft Teams, Adobe Reader,
Continue ReadingNorth Korean Actors Abuse npm Ecosystem With Steganography Based Malware
Threat Overview On March 3, 2026, the research team at CODERED_VTA released a detailed threat bulletin exposing a new campaign by a North Korean threat actor group, informally dubbed FAMOUS CHOLLIMA. The actors have moved beyond traditional malware vectors
Continue ReadingGRIDTIDE Campaign Disruption Global Cyber Espionage Targeting Telecom and Gov
The threat landscape continues to evolve, and the recent disruption of the GRIDTIDE global cyber espionage campaign underscores the need for vigilance across all sectors. In this report, we analyze the tactics, techniques, and procedures (TTPs)
Continue ReadingAPT37 Expands Reach Into Air Gapped Systems
The latest threat analysis from Zscaler ThreatLabz reveals a sophisticated campaign orchestrated by the DPRK‑backed group APT37, also known as ScarCruft, Ruby Sleet, and Velvet Chollima. Published on March 1, 2026, the report details a multi‑stage
Continue Reading