Our latest cloud threat detection update is now live. This cumulative report summarizes the March 2026 update releases, delivering 51 new detections and 477 rule enhancements to strengthen your defenses.
Key threat coverage
-
Advanced APT tracking: We have added comprehensive detection for state-sponsored activity from Mustang Panda and Hydra Saiga, as well as multiple UNC groups (UNC1549, UNC5667, and UNC4444).
-
Emerging malware and RATs: New coverage is included for Moonrise RAT, which leverages "living-off-the-cloud" tactics, and MonetaStealer, a macOS infostealer targeting cryptocurrency wallets and credentials.
- Regional and specialized threats: Expanded detection capabilities now cover Iranian APT actors utilizing Ethereum-based C2 infrastructure, along with newly localized phishing campaigns targeting the Brazilian government
These updates are fully compatible with all EDR and EDRF client versions. There is no action required on your part.
For more details and a complete list of the changes, see the release details in the following Knowledge article: Trellix EDRF Cloud Threat Detection Updates – April 2026
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.