Intelligence Insights: March 2026

Highlights from February: Red Canary’s monthly prevalence report notes ScreenConnect topping the list due to phishing-delivered remote access misuse (sometimes via other RMM tools), a four-way tie for second including ClearFake and Scarlet Goldfinch which use drive-by and paste-and-run techniques, and appearances by infostealers such as Atomic Stealer, MacSync Stealer, and Vidar; the report emphasizes delivery TTPs (phishing, paste-and-run, RMM abuse) and relative prevalence across customer environments.