News

IT & Infrastructure

Physical risk to hyperscale cloud regions. Early March reporting described drone strikes that reportedly damaged data centre facilities tied to a major cloud provider in the Middle East. Customer-facing impact was not limited to a single AZ: control-plane and management functions were stressed, and public status pages documented elongated recovery windows. That pattern matters for anyone who treats “cloud” as an abstract utility: the same region can simultaneously host production, logging pipelines, identity federation endpoints, and backup orchestration. When several of those layers share fate in one geography, failover exercises on paper diverge sharply from what operations teams experience under real constraints (staffing, vendor queues, cross-border connectivity).

What operators are re-testing. Beyond classic RTO/RPO checks, teams are revisiting dependency maps: which SaaS tools, certificate authorities, and DNS delegations implicitly assume that a given region stays reachable. Compliance narratives are also under pressure—regulators and insurers increasingly ask not only whether backups exist, but whether restores were proven recently against realistic degradation scenarios.

Cybersecurity

Cisco Secure Firewall Management Center and long-horizon exploitation. March coverage called attention to CVE-2026-20131, a Cisco Secure Firewall Management Center issue tied to in-the-wild activity and, in some reporting chains, association with Interlock ransomware deployment. The uncomfortable detail is duration: adversaries reportedly operated through the management plane for weeks before broad patch guidance landed. That reinforces two defensive habits—treating management interfaces as tier-zero assets (strict network segmentation, jump hosts, break-glass accounts) and correlating firewall telemetry with identity and endpoint signals so that “quiet” management-plane abuse does not live only in siloed logs.

AI as an amplifier, not a new vulnerability class. Research discussed in the same period described generative tooling lowering the time cost of malware iteration and phishing refinement. The underlying failure modes remain familiar: over-privileged service accounts, weak remote access, and gaps in outbound filtering. The shift is velocity—defenders get less calendar time between a novel technique appearing in forums and seeing it in commodity campaigns.

Webdesign & Frontend

Platform CSS vs. framework glue. March continued the multi-year trend of the browser carrying layout and component logic that teams once patched in JavaScript. Container queries, scoped cascading, and :has() reduce the need for resize observers and prop-drilling just to keep cards aligned. For product teams, the payoff is smaller bundles and fewer hydration mismatches; the trade-off is a higher baseline expectation that everyone on the team understands modern CSS rather than delegating all styling decisions to a single UI library.

Tooling catches up with complexity. DevTools updates emphasised tracing layout thrash and animation scheduling—problems that become visible only once an app ships on mid-range hardware. That matters because performance regressions increasingly arrive from innocuous refactors (nested flex, implicit subgrid) rather than obvious algorithmic mistakes.

Domain News & DNS

ICANN’s 2026 gTLD round mechanics. ICANN board action on the 2026 Base Registry Agreement and continued evaluation of registry service providers set the schedule for how new strings move from application to delegation. For brands and registrars, the operational work is less about the press release and more about sunrise policies, claims services, and how defensive registrations interact with budget.

Name collision and the long tail of implicit resolution. Parallel work on name collision highlights strings that could resolve unexpectedly in older embedded systems or captive portals. The issue is not theoretical for applicants: choosing a “clean” brand string still requires checking whether millions of devices will suddenly try to reach a host they assumed was non-existent.

Thread through the month: March 2026 juxtaposed physical and digital concentration risk (cloud regions and management planes), accelerating offensive tooling (AI-assisted workflows), a maturing CSS platform that rewards depth over hacks, and DNS policy steps whose impact will play out over years rather than weeks.

AI-powered attacks on firewalls. Amazon reported that a Russian-speaking threat actor used commercial AI tools (including Claude and DeepSeek) to compromise more than 600 organisations across 55 countries in about five weeks by targeting widely deployed FortiGate firewalls. With limited prior technical skill, the attacker used AI for reconnaissance, code generation and scaling operations—demonstrating how AI is lowering the bar for large-scale intrusions.

PromptSpy: first Android malware using generative AI at runtime. Researchers identified PromptSpy as the first known Android malware that uses generative AI (Google’s Gemini) at runtime to adapt persistence and behaviour to different devices. The development highlights a shift towards AI-driven, context-aware malware that can adjust to its environment.

Attacks now four times faster. Palo Alto Unit 42’s 2026 Global Incident Response Report found that attacks have accelerated sharply: the fastest breaches now move from initial access to data exfiltration in about 72 minutes. AI is being used across reconnaissance, phishing, scripting and execution. Identity weaknesses were involved in nearly 90% of investigated breaches; 87% of intrusions touched multiple attack surfaces.

UAE thwarts large-scale AI cyberattack. The UAE said it foiled a major AI-driven cyberattack aimed at government digital systems and critical infrastructure, described as having a “terrorist nature.” The incident underscores the use of AI in state-level and high-impact offensive operations.

Cisco critical SD-WAN vulnerability exploited since 2023. Cisco disclosed that attackers have been exploiting a critical vulnerability (CVSS 10.0) in its Catalyst SD-WAN products since at least 2023, affecting large enterprise and critical infrastructure networks. The U.S. and allied governments urged immediate patching. The case shows how long-lived unpatched infrastructure can be weaponised.

Web development: Signals and framework shifts. In frontend development, Signals-based architectures gained ground in early 2026: Angular 20, Vue 4 and SolidJS adopted them for performance. React relied on the React Compiler and Server Components to reduce bundle sizes. Webpack published a 2026 roadmap with native CSS support and a universal compilation target (Node, Bun, Deno, browsers). Astro 6.0 shipped with a Vite-powered dev server and improved non-Node runtimes such as Cloudflare Workers.

In short: February 2026 was dominated by AI in both defence and offence—from automated firewall exploitation and adaptive Android malware to faster breach timelines and state-level attacks. Critical infrastructure and identity remain key targets. On the developer side, Signals, build-tool evolution and runtime diversity continued to shape the landscape.

48 million Gmail credentials exposed. In late January 2026, security researcher Jeremiah Fowler reported an unprotected database containing roughly 48 million Gmail usernames and passwords (about 96 GB of data) leaked online. The set appears to be a compilation of past breaches and infostealer logs rather than a new Google breach. The incident underscores the risk of credential stuffing and the need to use unique passwords and two-factor authentication for webmail.

LastPass phishing campaign (Jan 19–22). An active phishing campaign targeted LastPass users with emails claiming scheduled maintenance and urging recipients to back up their vault within 24 hours. After LastPass disrupted the first wave, a second wave appeared around 22 January with updated links. Anyone using a password manager should avoid following such links from email and should open the service only via the official site or app.

"Reprompt" attack on Microsoft Copilot. Researchers disclosed a method to steal data from Microsoft Copilot by hiding malicious prompts in URL parameters. A single click could hijack an authenticated session and exfiltrate chat history and other sensitive data. Microsoft addressed the issue in its January 2026 Patch Tuesday release; there was no confirmed in-the-wild exploitation. Users are advised to keep Windows and Office updated and to be cautious with Copilot links from untrusted sources.

RedVDS criminal infrastructure disrupted. Microsoft's Digital Crimes Unit took action against RedVDS, a virtual desktop provider used by threat actors for business email compromise (BEC), mass phishing, account takeovers, and financial fraud across sectors including legal, healthcare, and education. The takedown reduces capacity for large-scale mail-based and credential-abuse campaigns that affect the general public.

SharePoint-based AiTM and BEC campaign. Microsoft Defender documented a multi-stage adversary-in-the-middle (AiTM) phishing and BEC campaign targeting energy-sector organisations. Attackers abused SharePoint file-sharing to deliver phishing payloads and used inbox rules for persistence. The pattern highlights how legitimate collaboration and email services are abused for credential theft and underscores the importance of verifying shared links and sender identity.

Instagram 17.5 million user records leaked. On 7 January 2026, approximately 17.5 million Instagram user records (usernames, emails, phone numbers, partial addresses) appeared on BreachForums, stemming from a 2024 API exposure. The leak triggered a wave of unsolicited password-reset emails to users. Anyone who received unexpected reset or login alerts in January should assume their contact data may be in criminal hands and should review account security and reuse of the same email or password elsewhere.

CIRO phishing incident. A phishing attack against the Canadian Investment Regulatory Organisation (CIRO) led to the exposure of income data for about 750,000 Canadian investors on 20 January 2026. The case is a reminder that high-value targets (regulators, financial services) are frequently abused for both direct theft and follow-on phishing against individuals.

In short: January 2026 was marked by large credential leaks (Gmail, Instagram), targeted phishing (LastPass, CIRO), abuse of collaboration and AI tools (SharePoint, Copilot), and the disruption of a major criminal desktop provider (RedVDS). For the general public, the main takeaways are to avoid password-manager and login links from email, to use unique passwords and 2FA, to apply January 2026 patches, and to treat unexpected reset or "urgent" emails with scepticism.