Threat Intelligence: March 9, 2026
Start your week with a fresh dose of the latest cybersecurity news, trends, and potential threats that can impact you and our industry.
Check out what’s trending below, tune into the top incidents this week in the podcast above, and scroll down for helpful cybersecurity resources you can bookmark.
Threat actors are increasingly abusing trust in developer ecosystems and emerging technologies. The OpenClaw malware campaign shows how attackers can weaponize search results and legitimate platforms such as GitHub to distribute malware. By impersonating popular AI tools and repositories with large developer communities, attackers increase the likelihood that victims will execute malicious installers without suspicion. Organizations should monitor software supply chains and encourage verification of code sources and hashes before installation.
Nation-state espionage activity remains persistent and geographically diverse. Multiple campaigns this week involved state-aligned actors including China-linked UAT-9244 targeting telecom infrastructure in South America, North Korea’s APT37 expanding espionage tooling, and Pakistan-linked APT36 targeting Indian government networks using malware disguised as AI utilities. These operations highlight continued strategic targeting of telecommunications providers, government agencies, and policy organizations to enable surveillance and intelligence collection.
Social engineering continues to drive initial compromise across both targeted and mass campaigns. Spear-phishing lures in the BadPaw campaign used credible government-themed messages related to border crossings, while large-scale tech-support spam campaigns deployed remote access malware. Additionally, the HungerRush extortion emails demonstrate attackers leveraging brand recognition and fear tactics to pressure victims, even when no breach occurred.
Credential exposure and sensitive data mismanagement remain high-impact risk factors. The theft of $48 million in cryptocurrency following exposure of a wallet seed phrase demonstrates how a single leaked secret can result in immediate financial loss. Similarly, breaches affecting Madison Square Garden and LexisNexis highlight continued targeting of organizations storing large volumes of personally identifiable information (PII), increasing downstream risks such as identity theft and fraud.
Operational disruption attacks against public infrastructure continue to pose risk. The malware incident affecting Cumberland County, New Jersey, disrupted government phone systems, including communications tied to emergency services. Even when data theft is not confirmed, such incidents highlight how cyberattacks can directly impact service availability and public-sector operations.
To learn more about these trends and other important cyber events in the past week, check out the full report below.
Find this helpful? Share this report with others.
Have questions or comments? Reach out to the team.
Resources:
Check out our Cyber Threat Index, a monthly aggregation of trends and threats around the globe.
Our Cyber Threat Attack Map tracks the top attacks of the day.
Read our blogs to learn more about our cutting-edge research.
Learn more about who we are here.