TL;DR

• [Threat Actors] Iran-aligned Seedworm operators are actively positioned inside multiple US networks during heightened geopolitical tensions, likely preparing for data theft with potential to escalate to selective disruption.
• [Vulnerabilities] Rapid KEV additions plus large March patch drops (Microsoft, Android, VMware) are compressing disclosure-to-exploitation windows, especially for internet-facing management and ITSM surfaces.
• [Mobile / Cloud] High-end exploit capability is diffusing: the Coruna iOS chains and accelerating cloud “scan → exploit → exfil” patterns point to broader, faster, and more destructive campaigns, with growing emphasis on anti-forensics and backup targeting.

AlphaHunt

Stop doomscrolling, start decisioning. We chewed through the muck so your team doesn’t have to. → Subscribe!

Like this? Forward this to a friend!

(Have feedback? Did something resonate with you? Did something annoy you? Just hit reply! :))

Current Stories

TL;DR

• [Geopolitics / APT] Iran-aligned Seedworm activity is reported inside multiple US orgs; operators are positioned for theft or disruption amid heightened Iran-related tensions this week. (2026-03-05)

• [Mobile / Exploit Kits] “Coruna” iOS exploit chains are assessed as proliferating beyond niche use; the key risk this week is capability diffusion toward broader, financially motivated targeting. (2026-03-03)

• [Vulnerabilities] CISA added multiple KEV entries across widely deployed products; treat this as a “known exploited + short patch window” week for exposed enterprise management stacks. (2026-03-03 to 2026-03-09 adds)

• [Patching] Microsoft’s March 2026 release notes cover a large batch of CVEs; combined with KEV movement, this is a high-likelihood patch-gap exploitation window. (2026-03-10)

• [Policy] A new US Executive Order targets cyber-enabled fraud and scam ecosystems; expect more coordinated disruption, sanctions, and enforcement pressure that can shift actor tradecraft and infrastructure. (2026-03-06)

References

• (2026-03-05) Seedworm APT group activity following U.S. and Israeli military strikes on Iran

• (2026-03-05) Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company

• (2026-03-03) Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

• (2026-03-03) iVerify Details First Known Mass iOS Attack

• (2026-03-09) Known Exploited Vulnerabilities Catalog

• (2026-03-10) March 2026 Security Updates Release Notes

• (2026-03-06) Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens

• (2026-03-06) Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens

• (2026-03-09) Android Security Bulletin—March 2026

• (2026-03-09) Pixel Update Bulletin—March 2026

• (2025-04-07) About the security content of iOS 17 and iPadOS 17

• (2026-03-05) VMware Aria Operations 8.18.6 Release Notes

AlphaHunt Converge - Plug in your Flight Crew

Get intelligence where it counts. No dashboards. No detours. AlphaHunt Converge teases out your intent, reviews the results and delivers actionable intel right inside Slack. We turn noise into signal and analysts into force multipliers.

Anticipate, Don’t Chase.

Plug it In!

Emerging Stories, Forecasts, Detection Opportunities and References...