Anyone got a CVE-2026-3055-vulnerable box I can throw my attempted detection script against? I mean, it's trivial, but still would like to have more certainty about our boxes NOT being impacted than "I think I understood the watchtowr blog & didn't fuck up" when we get asked if we need to emergency patch tomorrow :neobot_giggle:

March 28, 2026

Cyber Operations

European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.

FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.

CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.

Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.

Information Operations & Foreign Influence

DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.

Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.

Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.

Espionage

UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.

Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.

U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.

Confused by the recent F5 BIG-IP vulnerability alerts? 🚨 We broke down exactly what this legacy appliance is, why its centralized architecture is a massive single point of failure, and how to replace it with sovereign, zero-trust hardware. Read the plain breakdown.
#Ransier_Sentinel

https://thecybermind.co/2026/03/29/threat-intelligence-cve-2025-53521/?utm_source=mastodon&utm_medium=jetpack_social

March 28, 2026

Cyber Operations

European Commission confirms breach of cloud infrastructure. The European Commission disclosed on March 27 that attackers compromised its AWS account hosting the Europa.eu web platform, potentially exfiltrating over 350 GB of data including databases. The Commission stated its internal systems were not affected and that it detected and contained the intrusion on March 24. An investigation is underway to determine the full scope of the breach and affected Union entities are being notified.

FDD analysis warns Iranian cyber operations exploit weakened U.S. defenses. A March 27 report from the Foundation for Defense of Democracies highlights that CISA is operating at roughly 60 percent furlough even as Iranian threat actors escalate attacks on U.S. critical infrastructure. The analysis cites two healthcare-sector incidents in two weeks: a late-February ransomware attack on an unnamed U.S. healthcare provider and the March 11 Handala wiper attack on medical device firm Stryker, which disrupted emergency medical services and hospitals in Maryland.

CISA adds critical F5 BIG-IP vulnerability to exploited catalog. CISA flagged a critical flaw in F5 BIG-IP Access Policy Manager (CVE-2025-53521, CVSS 9.3) as actively exploited, reclassifying it from denial-of-service to remote code execution after new intelligence obtained in March 2026. Separately, a critical Citrix NetScaler vulnerability (CVE-2026-3055, CVSS 9.3) is seeing active reconnaissance activity in the wild.

Handala reconstitutes after FBI domain seizure. On March 20, the DOJ and FBI seized four domains tied to Iran-linked Handala Hack Team, which had been used for psychological operations, extortion messaging, and doxxing. Within approximately one day, Handala restored its online presence and resumed publishing. The group remains one of several Iranian state-aligned collectives operating under the Electronic Operations Room established on February 28, 2026.

Information Operations & Foreign Influence

DNI Gabbard's 2026 Annual Threat Assessment omits foreign election interference. The ODNI released its 2026 Annual Threat Assessment on March 18. Notably, the report omits a section on foreign election interference that had been a consistent feature in prior years. The assessment identifies China, Russia, Iran, and North Korea as persistent cyber and intelligence threats to U.S. government and private-sector networks, and flags AI and quantum computing as critical emerging technology challenges.

Kremlin-aligned Matryoshka network targeted 2026 Winter Olympics. A Russian-linked influence network seeded at least 28 fabricated reports during the 2026 Winter Olympics, impersonating outlets such as CBC and Reuters. AI-enhanced clips falsely portrayed Ukrainian athletes as criminals and cheaters, continuing Moscow's pattern of weaponizing sporting events for narrative advantage.

Iran deploys AI-generated imagery in wartime messaging. Iranian state-affiliated channels have circulated AI-generated imagery to amplify wartime narratives, including a fabricated image of a bloody children's backpack posted by the Iranian embassy in Austria, falsely linked to a strike on a girls' school in Minab.

Espionage

UK espionage trial underway at Old Bailey. Chung Biu "Bill" Yuen and Chi Leung "Peter" Wai are currently on trial in London under the National Security Act 2023, charged with assisting a foreign intelligence service and foreign interference. The trial commenced in early March and is expected to conclude in April.

Three men arrested in UK on suspicion of spying for China. London Metropolitan Police counter-terrorism officers arrested three men on March 4 under the National Security Act 2023. Among those detained was David Taylor, 39, husband of Labour MP Joani Reid and director at Asia House, a London-based think tank. The arrests followed an MI5 espionage alert issued to UK parliamentarians in November warning that Chinese intelligence services were actively recruiting individuals with access to government.

U.S. charges individuals in AI technology diversion and North Korean sanctions evasion. In March 2026, the DOJ charged three individuals with conspiring to unlawfully divert U.S. artificial intelligence technology to China, and separately sentenced three others for facilitating computer access in a North Korean sanctions evasion scheme. The 2026 threat assessment noted that North Korea stole approximately $2 billion via a cryptocurrency heist in 2025 to fund weapons programs.

@offseq

CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine

... which is abandonware last updated in 2011.

⚠️ CRITICAL: CVE-2026-4851 affects CASIANO GRID::Machine (≤0.127). Malicious remote hosts can trigger client-side RCE via unsafe eval() deserialization. Only connect to trusted hosts & review code paths. Details: https://radar.offseq.com/threat/cve-2026-4851-cwe-502-deserialization-of-untrusted-4ee6eb90 #OffSeq #CVE20264851 #Perl #Security

🚨 CVE-2026-5036: HIGH severity stack buffer overflow in Tenda 4G06 (04.06.01.29) enables remote code execution. Exploit code is public — patch or mitigate now. Watch for attacks on /goform/DhcpListClient. https://radar.offseq.com/threat/cve-2026-5036-stack-based-buffer-overflow-in-tenda-210df5d9 #OffSeq #CVE20265036 #RouterSecurity

⚠️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4987-cwe-20-improper-input-validation-in--6438ea07 #OffSeq #WordPress #Vuln #PaymentSecurity

⚠️ CVE-2026-5041 (MEDIUM): Command injection in Chamber of Commerce Membership Mgmt System v1.0 via admin/pageMail.php. High privileges needed, public exploit exists. Input validation & patching advised. https://radar.offseq.com/threat/cve-2026-5041-command-injection-in-code-projects-c-82c5a99c #OffSeq #Vuln #CommandInjection #InfoSec