United States
Federal Bureau of Investigation
Reports indicate that the February 17 cyber incident involving the Federal Bureau of Investigation (FBI) — linked to a suspected China-backed intrusion — has now been classified as a “major incident” posing risks to U.S. national security.
On February 17, the agency identified abnormal log activity on an internal system containing data related to domestic surveillance orders, including pen register and trap-and-trace information. These tools collect metadata about communication patterns and unauthorized access could allow attackers to identify who is under FBI surveillance.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have not issued a public statement. Under federal data security laws, a breach is designated a “major incident” when it involves the compromise of sensitive information that could harm national security, foreign relations, the economy, civil liberties or public health.
SourceHow it could affect your business
State-backed threat actors increasingly target critical infrastructure and sensitive government systems to gain strategic intelligence. Organizations working with government agencies must strengthen their defenses to avoid becoming indirect entry points for such attacks. Implementing strict access controls, continuous monitoring and a zero-trust approach can help reduce exposure and detect suspicious activity early.
North America
Hasbro
American toy and entertainment giant Hasbro has been forced to take some systems offline following a cyberattack and warned it may take several weeks to fully resolve the incident.
Hasbro, which owns major brands such as Transformers, Peppa Pig, Nerf and Dungeons & Dragons, detected the intrusion on March 28 and took affected systems offline as a precaution. In a filing with the U.S. Securities and Exchange Commission on April 1, the company said it has activated business continuity plans to continue taking orders, shipping products and maintaining key operations during the disruption.
The company has not publicly disclosed the nature of the attack or confirmed whether it has received any communication from the threat actors, including potential ransom demands.
SourceHow it could affect your business
As cyberthreats grow in frequency and complexity, organizations must have a robust business continuity and disaster recovery (BCDR) strategy in place. This ensures they can recover quickly from disruptions and continue business operations without prolonged downtime or service impact.
North America
Cisco
Cisco reportedly suffered a cyberattack after threat actors used stolen credentials from a recent Trivy supply chain attack to breach its internal development environment and steal source code.
The incident stems from a supply chain attack targeting Trivy, an open-source vulnerability scanner, where attackers compromised its GitHub pipeline to distribute credential-stealing malware through official releases and GitHub Actions. Reports indicate that attackers leveraged the malicious GitHub Action to access Cisco’s build and development environment, affecting multiple systems, including developer and lab workstations.
As part of the breach, several AWS keys were reportedly stolen and used to carry out unauthorized activities across a limited number of Cisco AWS accounts. Cisco has since isolated affected systems, initiated reimaging processes and begun rotating credentials across impacted environments.
SourceHow it could affect your business
Supply chain attacks can have widespread impact, as compromising a trusted tool or dependency can expose multiple organizations and environments at once. To reduce risk, organizations should tightly control third-party integrations, enforce code integrity checks and continuously monitor build pipelines and access credentials for unusual activity.
North America
F5
F5 released security updates to address a critical vulnerability in BIG-IP Access Policy Manager (APM) that is reportedly being actively exploited in the wild.
More than 14,000 F5 BIG-IP APM instances remain exposed online, with attackers exploiting the remote code execution flaw tracked as CVE-2025-53521, which carries a CVSS score of 9.8. The vulnerability allows specially crafted traffic to trigger remote code execution when an access policy is enabled on a virtual server. Initially classified as a denial-of-service issue, it was reclassified as a critical RCE flaw following new findings in March 2026.
Users and administrators of affected systems have been advised to update to the latest versions immediately to mitigate the risk of exploitation.
SourceHow it could affect your business
Unpatched vulnerabilities provide attackers with an easy entry point into organizational networks. Implementing automated patch management helps ensure critical updates are applied quickly and consistently, reducing exposure to known exploits and minimizing the risk of large-scale compromise.
Asia & Pacific
Nissan
The ransomware group Everest revealed new details about its breach of the automobile giant Nissan, including alleged negotiation logs, escalating pressure on the company to pay a ransom.
In January 2026, the group threatened to leak 900 GB of Nissan’s internal data unless a ransom was paid, giving the company five days to respond. With no payment made, the attackers have now released additional details about the breach, including information related to their negotiations with the company.
The group claims to possess daily full database dumps spanning six years, including customer data from Nissan Financial Services, repair records, dealer employee information, wholesale invoices and internal business reports.
SourceHow it could affect your business
As ransomware threats continue to escalate, organizations must strengthen their defenses to prevent operational and data loss. Paying a ransom and trusting attackers to keep their word is not a viable strategy, as data can still be leaked or misused. Proactive threat monitoring and encrypted, regularly tested backups are critical for detecting attacks early and enabling recovery without relying on ransom payments.
