On March 31, 2026, the popular JavaScript HTTP client library Axios (over 300 million weekly downloads) was compromised in a sophisticated supply chain attack. The attacker hijacked an official maintainer account and published malicious versions containing a hidden dependency that deployed cross-platform Remote Access Trojans (RATs).

CVE-2026-3055 is a critical (CVSS 9.3) vulnerability in Citrix NetScaler ADC/Gateway that can leak sensitive memory due to an out‑of‑bounds read in SAML authentication flows. It is exploitable only when the appliance is configured as a SAML Identity Provider, and active reconnaissance has been observed. Urgently patch to fixed builds, monitor /cgi/GetAuthMethods and /saml/login probing, and apply temporary WAF/segmentation controls.

On March 2026, Lockheed Martin became the victim of a sophisticated cyberattack carried out by the Handala hacker group, an Iranian-linked hacktivist organization connected to Tehran's Ministry of Intelligence and Security (MOIS). The breach targeted 28 senior American engineers working on military projects in Israel, resulting in data exfiltration and extortion attempts.

On March 24, 2026, Python package litellm (versions 1.82.7 and 1.82.8) was compromised in a sophisticated supply chain attack by threat actor TeamPCP, linked to LAPSUS$. The campaign began March 19 with the Trivy tooling breach and spread through npm, GitHub Actions, Checkmarx KICS, and PyPI. Malicious packages were live for two hours, potentially impacting millions, targeting developer and AI environments rich in secrets but poorly monitored.

The Canadian mining and natural resources sector faces a severe cybersecurity crisis. MM-ISAC reports cyberattacks tripled from 10 in 2023 to 30 in 2024. Converging IT and OT systems have heightened vulnerabilities, with 73% of incidents targeting OT (up from 49% last year). This report combines insights from government agencies, industry groups, and law firms to deliver actionable intelligence for mining executives and cybersecurity professionals.

Canada’s energy sector faces rapidly escalating cyber threats combining IT attacks—phishing, ransomware, business‑email‑compromise—with advanced OT‑focused campaigns. Studies reveal major security gaps in OT environments, more critical vulnerabilities in energy devices, and rising activity from nation‑state and criminal actors exploiting them. Reliance on interconnected control systems, remote monitoring, and cloud collaboration expands the attack surface, leaving the sector highly exposed to extortion, espionage, and sabotage.

The Canadian transportation sector – encompassing marine, rail, aviation, and road freight – is facing an increasingly sophisticated and multi‑vector cyber threat landscape.

Canada’s aviation sector is increasingly viewed as a high‑value target due to its critical infrastructure status and the digital transformation of operations (e.g., advanced avionics, cloud‑based training).

This report analyzes 96 CVEs released in March 2026, prioritized by criticality (CVSS base score), exploitability status, and network accessibility.

Storm-2372 is a sophisticated nation-state threat actor, with moderate to high confidence of Russian origin, that has been conducting an advanced device code phishing campaign against Microsoft 365 environments since August 2024. This threat actor exploits legitimate Microsoft OAuth 2.0 authentication flows to steal user credentials and bypass multi-factor authentication (MFA), gaining persistent access to organizational resources across government, NGO, IT services, defense, telecommunications, healthcare, education, and energy sectors in Europe, North America, Africa, and the Middle East.