zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – March 21, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – March 21, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on March 20, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Phishing Attack Impersonates Major Brands to Target C-Level Executives

What we know:

  • A cybersecurity company has reportedly intercepted a sophisticated phishing attack that impersonated major technology and financial companies.
  • The phishing attempt was aimed at the company’s C-level executives to lead them to a page requesting their credentials.

New GlassWorm Campaign Found in 433 Compromised Code Repos

What we know:

  • The GlassWorm supply chain malware has been found in 433 compromised components in March 2026.
  • Researchers described it as a new campaign targeting hundreds of packages, repositories, and extensions on software development platforms.
  • The malware is designed to steal crypto wallets, credentials, and compromise developer environments.

SocksEscort Residential Proxy Network Disrupted for Enabling Large-Scale Criminal

What we know:

  • Law enforcement has disrupted the SocksEscort proxy network, which allegedly compromised 369,000 routers and Internet of Things (IoT) devices and sold access to over 35,000 proxy nodes.
  • Researchers previously disrupted the network in 2023, but operators later rebuilt the infrastructure and resumed infections using AVRecon malware.

Tags: tlp:green