THE Cybersecurity Reading List for the week of 2 March 2026 surveys a slate of threat intelligence pieces from GTIG, including UNC1069’s targeting of the cryptocurrency sector with new tooling and AI-enabled social engineering, and reflections on distillation, experimentation and integration of AI for adversarial use.
It also highlights Infoblox Threat Intel’s piece on compromised routers, DNS and a TDS hidden in Aeza Networks, praised as one of the best DNS investigation posts for showing how to recreate the attack. The Record reports leaked technical documents that show China rehearsing cyberattacks on neighbours’ critical infrastructure, a topic linked to Joe Slowik’s CYBERWARCON talk.
GitLab Threat Intelligence reveals North Korean tradecraft across fraudulent enterprise IT workers and the Contagious Interview campaign, while Symantec/Carbon Black Threat Hunter Team notes the Lazarus Group’s collaboration with Medusa ransomware. The roundup also points to CrowdStrike’s 2026 Global Threat Report as heavy on AI, and mentions PulseBeat02’s yt-media-storage tool as a method for encoding data into lossless video for exfiltration.