All The Cybersecurity News You Need To Know This Month | March 2026
With cyber threats continuing to evolve, it’s vital to stay ahead of the curve. From supply-chain vulnerabilities to major breaches, here’s the key cybersecurity news you need to stay ahead this month.
Global Highlights
An AI agent broke into McKinsey’s internal chatbot and exposed 46.5 million chat messages and ~728,000 sensitive files. AI systems are becoming high-value targets—the gap between AI adoption and AI security is playing out in real time.
Cyber extortion overtakes traditional attack methods: a new threat reporting shows cyber extortion is now the most common attack type, overtaking business email compromise. Attackers are shifting to models that maximise payout. Expect more data theft and ransom combos, not just encryption.
Healthcare cyber risk continues to escalate globally. Healthcare remains a prime target due to the value of medical data and operational disruption potential. This sector blends high-value data and low tolerance for downtime, making it a persistent ransomware magnet.
Recent breaches include the exposure of ~1.2 million records in France’s national bank account database. Large-scale data exposure isn’t slowing, and the pattern remains consistent: credential theft → mass data access → downstream fraud risk.
Geopolitical cyber risk is spilling into the private sector, with cyberwarfare increasingly targeting civilian companies and infrastructure, including manufacturing and supply chains. Cyber risk is no longer just criminal, it’s geopolitical. Even “non-target” organisations can become collateral damage.
North American Highlights
A ransomware campaign linked to the Medusa group is actively targeting U.S. critical infrastructure sectors, including healthcare, education, and manufacturing. Authorities (FBI + CISA) warn that the group uses phishing and exploits unpatched vulnerabilities to gain access. These attacks are becoming increasingly industrialised via ransomware-as-a-service models, lowering the barrier to entry for attackers and increasing attack frequency.
A major ransomware attack hit U.S.-based dialysis provider DaVita, disrupting operations and raising concerns about patient data exposure. Healthcare continues to be one of the most targeted sectors due to legacy systems and the high cost of downtime. These incidents are no longer just data breaches—they directly impact real-world service delivery.
Canadian government agencies are warning of increased cyber threats from state-sponsored actors targeting critical infrastructure, particularly in energy and telecommunications. As geopolitical tensions rise, Canada is seeing a growing overlap between national security threats and enterprise cyber risk.
A cyberattack on Canadian telecom giant Telus is under investigation after hackers claimed to have stolen hundreds of terabytes of sensitive data, including personal information, call records, and internal systems data. While Telus says operations remain unaffected, the incident is linked to a broader pattern of attackers leveraging compromised cloud credentials and supply-chain access points to move laterally across systems.
U.S. regulators are increasing pressure on organisations to strengthen cybersecurity disclosures and incident reporting, with the SEC continuing to enforce stricter breach reporting timelines. Cybersecurity is now firmly a board-level and regulatory issue, not just an IT concern.
AI-driven phishing attacks are accelerating across North America, with threat actors using generative AI to craft highly personalised and convincing campaigns at scale. Credential theft remains the dominant initial access vector, even as organisations invest in MFA and awareness training.
Automotive and mobility ecosystems are becoming part of the cyber-risk landscape, with breaches impacting systems tied to vehicle operations and customer data. As vehicles become more connected, the attack surface expands beyond traditional IT environments into embedded and operational systems.
The threat landscape is evolving fast. How organisations respond—and how quickly—will define their resilience. Staying ahead means continuously rethinking how risk is identified, managed, and embedded across your organization.