Cyble Research & Intelligence Labs recorded 702 ransomware attacks globally in March 2026, with Qilin, Akira, and three other groups accounting for over 56% of activity. The month also saw 54 major data breach and leak incidents, 20 compromised access sale listings on underground forums, and active exploitation of critical CVEs affecting Cisco, F5, Microsoft SharePoint, and Langflow AI. Emerging threats included AI-augmented offensive operations using CyberStrikeAI against Fortinet devices across 55 countries, and North Korean actors distributing RAT malware via 26 malicious npm packages. Most targeted sectors included Professional Services, Manufacturing, Government, Healthcare, and Retail. Key recommendations include prioritizing KEV remediation, strengthening MFA, monitoring dark web forums, and improving backup resilience.
Table of contents
Quick SummaryRansomware Activity Remained the Dominant ThreatCompromised Access Market ExpandedData Breaches and Leak Markets Remained ActiveExploited Vulnerabilities Accelerated RiskEmerging Strategic Threat DevelopmentsConclusionKey RecommendationsSort: