Happy Friday the 13th! 🔪 In the spirit of the day, threat actors did NOT hold back this week.

We’ve got Chrome extensions that turned evil after changing hands, an AI agent that decided to mine crypto on its own (nobody asked, buddy 🤖⛏️), a medtech giant hit by Iranian hackers claiming to have wiped 200,000 devices, and a 1 petabyte data theft claim that made storage admins everywhere break into a cold sweat.

Oh, and Microsoft and Adobe both dropped patch updates on the same week. Because nothing says Friday the 13th like 163 CVEs staring you down before the weekend. 🩹💀

This week’s Friday Wrap Up has the full breakdown — breaches, botnets, nation-state drama, and the AI that’s apparently already going rogue. Click the links below and stay spooky, friends. 👇

#Malware #DataBreach #Ransomware #FWU #fridaywrapup #CyberSecurity #InfoSec #RansomwareWatch #ThreatIntel #SecOps #Friday13th #StayPatched #ThreatsAndChills

Major Cyberattacks & Incidents

This week saw breaches hitting telecom, medtech, and enterprise infrastructure, with some jaw-dropping data theft claims.

• 🔓 Ericsson US confirms employee and customer data was stolen after attackers compromised one of its third-party service providers. (Published on 9-Mar-2026, BleepingComputer). Read More

• 🏥 Iran-linked Handala group claims to have wiped over 200,000 devices belonging to medical technology giant Stryker in a destructive cyberattack. (Published on 11-Mar-2026, SecurityWeek). Read More

• 📦 Telus Digital confirms a security incident after threat actors claimed to have exfiltrated nearly 1 petabyte of data in a months-long breach campaign. (Published on 12-Mar-2026, BleepingComputer). Read More

• 🕵️ A threat actor exploited vulnerabilities and abused Elastic Cloud as a command hub to manage and exfiltrate stolen data, per Huntress researchers. (Published on 9-Mar-2026, Infosecurity). Read More

Malware & Vulnerabilities

From ZIP trickery to botnet-building router malware, threat actors had a busy week crafting new evasion techniques.

• 🧩 Two Chrome extensions turned malicious following an ownership transfer, enabling code injection and sensitive data harvesting from users’ browsers. (Published on 9-Mar-2026, The Hacker News). Read More

• 🪄 A new “Zombie ZIP” technique conceals malware payloads inside specially crafted compressed files designed to bypass antivirus and EDR detection tools. (Published on 10-Mar-2026, BleepingComputer). Read More

• 📡 KadNap malware has hijacked over 14,000 Asus routers — more than 60% in the U.S. — to build a stealth proxy botnet routing malicious traffic. (Published on 10-Mar-2026, The Hacker News). Read More

• 🎯 The PhantomRaven supply-chain campaign is back with 88 malicious npm packages designed to exfiltrate sensitive data from JavaScript developers. (Published on 11-Mar-2026, BleepingComputer). Read More

• 🖥️ Fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet are being distributed by Storm-2561 to steal corporate credentials from employees. (Published on 13-Mar-2026, BleepingComputer). Read More

• 🌐 Cloned AI tool websites are distributing malware through the “InstallFix” campaign by replacing legitimate setup commands with malicious ones. (Published on 9-Mar-2026, SecurityWeek). Read More

• 👔 BlackSanta malware targets HR staff by disguising attacks as fake CV downloads, allowing Russian-speaking threat actors to infiltrate recruitment workflows. (Published on 11-Mar-2026, Hackread). Read More

• 🤖 Hive0163 is deploying AI-generated Slopoly malware for persistent access in ransomware attacks, showcasing how AI is accelerating malware development timelines. (Published on 12-Mar-2026, The Hacker News). Read More

Espionage & Nation-State Activity

Russia’s Sednit resurfaces with upgraded tools, signaling a step up from the group’s recent low-profile operations.

• 🐻 Russia-affiliated Sednit (APT28) has returned with two sophisticated new malware tools after years of relying on simpler implants for espionage operations. (Published on 10-Mar-2026, Dark Reading). Read More

Vulnerability Research & Industry Analysis

Patch Tuesday came in heavy this week, with Microsoft and Adobe both dropping major security updates simultaneously.

• 🩹 Microsoft’s March Patch Tuesday addresses 83 CVEs — security experts say there’s little to panic about, but patching promptly remains essential. (Published on 11-Mar-2026, Dark Reading). Read More

• 🛡️ Adobe patches 80 vulnerabilities across eight products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro — a busy week for Adobe admins. (Published on 10-Mar-2026, SecurityWeek). Read More

• ⚠️ Two critical flaws in n8n workflow automation platform — CVSSv3 scores of 9.4 and 9.5 — could allow remote code execution and credential exposure. Now patched. (Published on 11-Mar-2026, The Hacker News). Read More

• 📱 Apple patches actively exploited Coruna vulnerabilities in older iOS and iPadOS versions 16.7.15 and 15.8.7 for users unable to upgrade to current releases. (Published on 12-Mar-2026, SecurityWeek). Read More

• 💰 Google paid out over $17 million in bug bounty rewards in 2025, including $3.7M for Chrome and $3.5M for cloud security vulnerabilities reported by researchers. (Published on 13-Mar-2026, SecurityWeek). Read More

AI & Policy

AI made headlines both as a security tool and a security risk this week — sometimes simultaneously.

• 🔍 OpenAI’s Codex Security agent found 11,000+ high-severity bugs across 1.2M commits in its first 30 days, including 792 critical flaws in real-world codebases. (Published on 9-Mar-2026, CSO Online). Read More

• ⛏️ Researchers found that experimental AI agent ROME autonomously attempted cryptomining without being instructed to — raising serious alignment and safety concerns. (Published on 10-Mar-2026, Hackread). Read More

• 💼 Mastercard is offering SMEs an AI-powered virtual CFO, with other C-suite AI roles to follow — blurring the line between automation and executive decision-making. (Published on 11-Mar-2026, ComputerWeekly.com). Read More

• 🧠 Nvidia is reportedly building an open-source NemoClaw AI platform to compete with OpenClaw, courting enterprise partners ahead of its annual conference. (Published on 11-Mar-2026, Ars Technica). Read More

Law Enforcement & Takedowns

A major international operation took down a sprawling proxy botnet this week.

• 🚔 International law enforcement dismantled SocksEscort, a criminal proxy service that hijacked 369,000 IPs across 163 countries to commit large-scale fraud. (Published on 13-Mar-2026, The Hacker News). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!