Friday Wrap Up: 6 March 2026
Happy Friday, security professionals! 🔐
This week in cybersecurity served up everything from drone strikes on cloud data centers (yes, physical ones) to hackers tapping FBI wiretap systems, AI assistants getting hijacked, and your car’s tire sensors moonlighting as surveillance tools.
Nation-state actors from China, North Korea, and Iran were all running active campaigns. Critical vulnerabilities hit Android, Cisco firewalls, and iOS — while global law enforcement struck back, dismantling Tycoon 2FA, seizing LeakBase, and arresting a $46M crypto thief in Saint Martin (the vacation vibes did not help).
The Friday Wrap Up has the full breakdown — scroll down for the details your weekend threat briefing needs. ☕
#Ransomware #DataBreach #Malware #AI #CyberSecurity #ThreatIntelligence #FWU #fridaywrapup #InfoSec
Major Cyberattacks & Incidents
This week’s headline incidents ranged from drone strikes on cloud infrastructure to a jaw-dropping breach of FBI surveillance systems — buckle up.
🏛️ Hackers breached an FBI network used to manage wiretaps and foreign intelligence surveillance warrants, raising serious concerns about a potential state-sponsored intrusion into critical law enforcement systems. (Published on 6-Mar-2026, CSO Online). Read More
💥 Drone strikes damaged four Amazon Web Services data centers across the UAE and Bahrain, triggering widespread cloud outages across dozens of services and spotlighting the physical vulnerability of critical cloud infrastructure. (Published on 3-Mar-2026, BleepingComputer). Read More
🏥 A breach at the University of Hawaii Cancer Center exposed SSNs, driver’s licenses, voter records, and health data for 1.2 million individuals. (Published on 3-Mar-2026, SecurityWeek). Read More
⚔️ Iran and allied threat actors launched targeted cyberattacks against U.S. and Israeli infrastructure in retaliation for military operations, seeking to cause economic and physical disruption. (Published on 3-Mar-2026, Dark Reading). Read More
💰 A U.S. government contractor’s son was arrested in Saint Martin for allegedly stealing over $46 million in cryptocurrency from the U.S. Marshals Service. (Published on 5-Mar-2026, BleepingComputer). Read More
Espionage & Nation-State Activity
China, North Korea, and Iran were all active this week — a full geopolitical sweep with new tools and fresh targets.
🕵️ The FBI warns that Chinese espionage group Salt Typhoon remains an active and broad threat to U.S. telecom infrastructure and both private and public sectors, well beyond its high-profile 2024 campaign. (Published on 19-Feb-2026, CyberScoop). Read More
🇰🇵 North Korea’s Contagious Interview campaign published 26 malicious npm packages masquerading as developer tools, using Pastebin as a dead-drop C2 resolver to deploy a cross-platform Remote Access Trojan. (Published on 2-Mar-2026, The Hacker News). Read More
🧱 Threat actors leveraged open-source AI platform CyberStrikeAI to conduct automated attacks against Fortinet FortiGate appliances across 55 countries, signaling a troubling new chapter in AI-assisted exploitation at scale. (Published on 3-Mar-2026, The Hacker News). Read More
🇮🇷 Iran’s MuddyWater APT deployed a new “Dindoor” backdoor against U.S. banks, airports, non-profits, and the Israeli branch of a U.S. software company as regional tensions spill further into cyberspace. (Published on 6-Mar-2026, Infosecurity). Read More
Malware & Phishing Campaigns
Threat actors got creative this week — from fake conference platforms to poisoned search results and repurposed monitoring tools turned spy software.
🎣 A phishing campaign uses a fake Google Account security page to deliver a PWA app that steals MFA codes, harvests crypto wallet addresses, and proxies attacker traffic through the victim’s browser. (Published on 2-Mar-2026, BleepingComputer). Read More
📹 Fake Zoom and Google Meet pages trick Windows users into installing Teramind, a legitimate employee monitoring tool repurposed by attackers for covert surveillance via phishing links and fake update prompts. (Published on 2-Mar-2026, Hackread). Read More
🔍 Bing search results pointed users to malicious GitHub repositories disguised as OpenClaw installers that silently deployed malware instead of the legitimate AI development tool. (Published on 6-Mar-2026, Malwarebytes). Read More
💬 Cybercriminals are rapidly embracing Telegram to sell corporate access, malware-as-a-service subscriptions, and stolen credential logs, transforming the messaging platform into a fast-moving underground marketplace. (Published on 4-Mar-2026, Hackread). Read More
Vulnerabilities & Patches
From zero-click helpdesk exploits to nation-state-grade iOS chains and your car’s tire sensors, this week made clear that attack surfaces keep expanding.
📧 A maximum-severity zero-click flaw in the FreeScout helpdesk platform (Mail2Shell) enables unauthenticated remote code execution, allowing complete server takeover without any user interaction. (Published on 4-Mar-2026, BleepingComputer). Read More
📱 Google’s March Android update patches 129 vulnerabilities — the largest single-month count since April 2018 — including an actively exploited Qualcomm zero-day. (Published on 2-Mar-2026, CyberScoop). Read More
🔥 Cisco disclosed two maximum-severity flaws in its Secure Firewall Management Center software that could allow remote unauthenticated attackers to gain root access and execute arbitrary code. (Published on 5-Mar-2026, CyberScoop). Read More
🍎 Google’s GTIG identified Coruna, a sophisticated iOS exploit kit featuring five full exploit chains and 23 vulnerabilities targeting iOS versions 13 through 17.2.1 — though it’s ineffective against current iOS. (Published on 4-Mar-2026, The Hacker News). Read More
🚨 CISA added vulnerabilities from the nation-state-grade Coruna iOS exploit kit to its Known Exploited Vulnerabilities catalog, covering 23 flaws spanning iOS 13 through 17.2.1. (Published on 6-Mar-2026, SecurityWeek). Read More
🚗 IMDEA Networks researchers found that unencrypted tire pressure sensor signals from Toyota and Mercedes vehicles can be exploited to covertly track drivers’ locations and map daily routines — with no current regulatory protection. (Published on 4-Mar-2026, Hackread). Read More
AI Security
AI tools are quickly becoming both prime targets and active weapons — this week’s stories span vulnerable browser assistants, agentic exploits, and AI-powered attack platforms.
🤖 A critical, now-patched flaw in the widely adopted AI agent tool OpenClaw highlights how rapid developer adoption continues to outpace security review, leaving AI-powered workflows exposed. (Published on 2-Mar-2026, Dark Reading). Read More
🔮 A vulnerability in Chrome allowed malicious extensions to hijack the Gemini Live AI assistant, enabling attackers to spy on users and exfiltrate files. Google has since patched the flaw. (Published on 2-Mar-2026, SecurityWeek). Read More
🗝️ Researchers uncovered PleaseFix vulnerabilities in Perplexity’s Comet AI browser that allow zero-click calendar invites to trigger AI agents into stealing 1Password credentials and personal files. (Published on 5-Mar-2026, Hackread). Read More
Law Enforcement & Takedowns
Global coalitions fought back hard this week, dismantling phishing platforms, seizing underground forums, and arresting those who prey on the most vulnerable.
🛡️ A Microsoft-led global coalition seized 330 domains powering the Tycoon 2FA phishing-as-a-service platform, with the alleged creator named in a civil complaint. (Published on 4-Mar-2026, CyberScoop). Read More
🗄️ FBI and Europol seized LeakBase, a major cybercrime forum with over 142,000 members that traded stolen credentials and hacking tools, in a coordinated international operation. (Published on 5-Mar-2026, The Hacker News). Read More
👮 Europol’s Project Compass dismantled the 764 Network, an online group exploiting minors, resulting in 30 arrests and the rescue of victims — with investigators warning the operation is far from over. (Published on 3-Mar-2026, Hackread). Read More
Policy & Geopolitics
The digital and political worlds continued to collide, with one app store decision signaling a new chapter in U.S.-China tech decoupling.
🇺🇸 Apple removed all ByteDance-owned apps from the U.S. App Store following TikTok’s operational transfer, cutting off U.S. users from the company’s Chinese application ecosystem entirely. (Published on 6-Mar-2026, Ars Technica). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!