Threat Briefing: March 20, 2026

In 2026, cyber threats increasingly exploit identity and platform trust. Attackers are targeting non-human identities—API keys, session tokens, AI credentials—at scale, while turning trusted platforms into attack vectors. Recent incidents range from compromised Microsoft Intune access triggering mass device wipes to DNS-based sandbox escapes undermining AI agent environments.

Advanced exploitation is also spreading into mobile, with Russian-linked actors deploying iOS exploit kits enabling large-scale surveillance and financial theft. Elsewhere, weaponized search ads and legitimate AI services are facilitating prompt-injection and data-exfiltration through everyday workflows.

The message is clear: identity protection, privilege management, and AI security are no longer optional—they’re foundational to modern defense.

• NHI Theft Surges as Attackers Target API Keys and AI Credentials – SpyCloud’s 2026 Identity Exposure Report documents a sharp rise in non-human identity (NHI) theft, with exposed API keys up 23% year-over-year, totaling 18.1 million, alongside 6.2 million compromised AI tool credentials. Phishing surged 400% YoY, yielding 28.6 million stolen records (half corporate), while session hijacking produced 8.6 billion stolen cookies and artifacts. Enterprises must move beyond traditional defenses as cloud and AI adoption continues to expand the attack surface. Hack Read
• CISA Warns: Secure Intune After Stryker Breach – Following a cyberattack that wiped systems at medical technology firm Stryker, CISA is urging organizations to harden their Microsoft Intune environments. The agency is directing teams to follow Microsoft’s own hardening guidance for endpoint management tools—a proactive step given the vulnerabilities this incident exposed. Bleeping Computer
• DarkSword iOS Exploit Kit Tied to Russian Actors – Researchers have uncovered DarkSword, a new iOS exploit kit suspected to be Russian-developed and potentially affecting up to 270 million iPhone users on iOS 18 or earlier. Unlike financially-focused predecessors, DarkSword combines espionage and theft, extracting passwords and crypto wallet data via WebKit exploits, and targets users across Ukraine, Saudi Arabia, Turkey, and Malaysia. Notably, the kit incorporates AI-generated code, lowering the barrier for deploying sophisticated mobile exploits. Cyberscoop
• AWS Bedrock “Sandbox” Leaks via DNS –BeyondTrust researchers found that AWS Bedrock’s sandbox, marketed as fully isolated, permits outbound DNS queries, enabling covert data exfiltration and remote command execution through DNS tunneling. AWS acknowledged the behavior but deemed it intended functionality, declining to patch it. Security teams should treat DNS egress as a meaningful risk vector in any AI execution environment. CSO Online
• Claude AI Weaponized via Malicious Google Ads –Researchers revealed “Claudy Day,” a prompt-injection attack chain exploiting weaknesses in Claude AI’s chat initiation flow. Attackers embed hidden commands inside Google Ads using an open redirect vulnerability, silently directing the AI to exfiltrate sensitive user data to attacker-controlled accounts. The core injection flaw has since been patched, but the incident highlights the need for tighter security controls around AI interfaces. Hack Read