Weekly CMMC compliance news, NIST 800-171 updates, and threat intelligence for Houston defense contractors. Expert guidance from a Certified CMMC Assessor.

CMMC News & 2026 Compliance Updates | PSY Logistics Houston

PSY Logistics Threat Intel
March 02, 20264 min read

PSY Logistics Technology Partners

🔴 Monday Threat Intelligence Briefing

March 2, 2026 | Weekly Kickoff Edition

Happy Monday, cybersecurity community. Here’s what you need on your radar this week — especially if you’re a Defense Industrial Base contractor, maritime operator, or anyone managing compliance under CMMC, NIST 800-171, or USCG 33 CFR 101 Subpart F.

⚡ Emerging Threats

New APT Group Breaches 70 Government & Critical Infrastructure Orgs Across 37 Countries

Palo Alto Networks has disclosed an Asia-based cyberespionage group (TGR-STA-1030 / UNC6619) that compromised 70 government and critical infrastructure organizations spanning 37 countries over the past year. Their toolset includes phishing kits, custom malware, Linux rootkits, and web shells. Between November and December 2025, the group conducted active reconnaissance against government infrastructure in 155 countries. DIB Relevance: Defense contractors and government subcontractors should review network segmentation and monitor for unusual tunneling or proxy activity.

Nation-State Actors Leveraging AI for Reconnaissance & Malware Development

Google’s Threat Intelligence Group confirmed that APT groups from China, Iran, Russia, and North Korea are actively using AI platforms for target reconnaissance, phishing content generation, and even embedding LLM API calls into malware (dubbed HONESTCUE). Iranian APT42 has been observed using AI to craft social engineering personas targeting specific individuals. DIB Relevance: AI-enhanced spearphishing is making targeted attacks against defense contractors more convincing and scalable.

Singapore Ousts China-Linked APT (UNC3886) from Telecom Infrastructure

Singapore’s Cyber Security Agency disclosed on February 9 that the China-nexus group UNC3886 exploited a zero-day in perimeter firewalls and deployed rootkits for persistent, undetected access to telecom infrastructure. A U.S. Senate letter in February 2026 also flagged Salt Typhoon’s targeting of over 200 U.S. organizations across 80 countries, with continued presence inside U.S. telecom networks.

🛡️ Exploits in the Wild — Patch Now

CISA KEV Highlights (February 2026):

• CVE-2026-2441 — Google Chrome CSS use-after-free (CVSS 8.8). Actively exploited in the wild for heap corruption via crafted HTML pages. Patch Chrome immediately.

• CVE-2026-22769 — Dell RecoverPoint for VMs hard-coded credentials vulnerability. Unauthenticated remote attackers can gain root-level persistence. Emergency patch deadline was Feb 21.

• CVE-2026-25108 — Soliton FileZen OS command injection. Active exploitation confirmed with reports of ransomware deployment in Japan. Federal agencies must mitigate by March 17.

• CVE-2026-1731 — BeyondTrust RS/PRA OS command injection. Unauthenticated RCE leading to system compromise, data exfiltration, and service disruption.

• 6 Microsoft Windows CVEs — Including Windows Shell, MSHTML, Office Word, and Remote Desktop Services vulnerabilities. All confirmed actively exploited.

• CVE-2026-20700 — Apple multiple buffer overflow vulnerability added to KEV.

📋 Breach Watch

Conduent (Safepay Ransomware) — 25 million individuals impacted. Compromised data includes SSNs, medical information, and health insurance details. Conduent services 600+ government agencies and major enterprises. This is a supply chain wake-up call.

KPMG Netherlands (Nova Ransomware) — Nova group claims 500 GB of exfiltrated data with a 10-day ransom ultimatum. KPMG denies compromise; investigation ongoing.

Malaysia Airlines (Qilin Ransomware) — Passenger booking data, employee files, vendor contracts, and internal communications compromised.

Brightspeed Telecom (Crimson Collective) — Over 1 million residential customer records compromised including names, emails, phone numbers, and service addresses.

Sedgwick Government Solutions (TridentLocker) — Federal risk management and claims services subsidiary breached. 3.4 GB of sensitive data stolen. DIB contractors using Sedgwick should assess downstream exposure.

🎯 This Week’s Action Items for CISOs

1. Patch Chrome, Edge, and all Chromium browsers for CVE-2026-2441 immediately.

2. Review Microsoft February Patch Tuesday updates — six actively exploited CVEs demand priority deployment.

3. Audit supply chain vendor exposure — especially if your organization uses Conduent, Sedgwick, or BeyondTrust products.

4. Validate DMARC/SPF configurations — Microsoft confirmed threat actors are exploiting misconfigured spoof protections in phishing-as-a-service operations (Tycoon2FA).

5. DIB contractors: Review NIST 800-171 AC/SI controls — nation-state targeting of defense supply chains is intensifying. Ensure your SSP and POA&M reflect current threat landscape.

6. Maritime operators: Confirm 33 CFR 101 Subpart F alignment — with increased port and infrastructure targeting, your Cybersecurity Plan should be current.

Need help turning intelligence into action?

PSY Logistics Technology Partners helps Defense Industrial Base contractors and maritime operators achieve compliance and build real resilience through CMMC assessments, vCISO services, and threat-driven security programs.

📧 [email protected] | 🌐 psylogistics.com

#CyberSecurity #ThreatIntelligence #CMMC #NIST800171 #DefenseIndustrialBase #MaritimeCybersecurity #vCISO #InfoSec #CISOLife #IncidentResponse #RansomwareDefense #PSYLogistics

CMMC compliance 2026CMMC Level 2 requirementsCMMC assessment Houstondefense contractor cybersecurityCMMC certified assessorcybersecurity threat intelligence DIBCMMC gap assessmentmaritime cybersecurity complianceDFARS 252.204-7021
Back to Blog