March 2, 2026 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Mar 2, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

00:42 [MALWARE] They Had You at Hellow2003
Kroll Threat Intelligence (TI) has identified a multi OS malware campaign operated via a GitHub account that shifted from “mahesh97m” to “hellow2003” and was later wiped at commit 16935c4. Prior to the wipe, the repository contained cross platform downloaders, victim logs, executables and password protected archives; Kroll TI preserved the contents before removal.

03:28 [VULNERABILITY] Critical Cisco SD-WAN Zero-day exploited since 2023
Cisco has disclosed a critical zero-day vulnerability in its Catalyst SD-WAN products specifically an authentication bypass flaw (CVE-2026-20127) affecting both the SD-WAN Controller (formerly vSmart) and SD-WAN Manager (formerly vManage). This flaw allows a remote, unauthenticated attacker to bypass authentication and obtain administrative access by sending crafted requests to an exposed controller.

05:47 [MALWARE] CVE-2023-20118 Continues to Deliver POLAREDGE Infections
CVE-2023-20118 may have been reported and remediated back in 2023, however Sekoia reports that threat actors continue to abuse CVE to deliver botnet implants and webshells to edge devices. The vulnerability affects several Cisco Small Business Router models via web management interfaces.

09:04 [RANSOMWARE] Lazarus Group Adopts Medusa Ransomware for Healthcare Attacks
North Korea’s Lazarus group has begun using Medusa ransomware in financially motivated attacks, targeting a Middle Eastern organization and attempting to breach a U.S. healthcare provider. Medusa, active since 2023, has claimed over 366 victims.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.