From the Iranian war front,

• Industrial Cyber reports,
  • “Following its recent cybersecurity incident, medical technology giant Stryker said it found no indication of ransomware or malware. As the investigation progressed, alongside Palo Alto Networks’ Unit 42 and other experts, the company determined that the threat actor used a malicious file to execute commands, enabling them to conceal activity within its systems. The file was not capable of spreading, either within or outside the environment.
  • “Our internal teams continue to work around the clock with external partners to make meaningful progress on our restoration efforts. We are grateful for the partnership and collaboration with government agencies and industry partners,” Stryker wrote in its latest update. “We believe the incident is contained, and we are prioritizing restoration of systems that directly support customers, ordering and shipping. Our internal teams, in partnership with third-party experts, reacted quickly to not only regain access but to remove the unauthorized party from our environment.”
  • “The update noted that, most importantly, the investigation has not identified any malicious activity directed towards customers, suppliers, vendors, or partners.” * * *
  • “Resecurity warns that the Iran conflict has rapidly evolved into a multi-domain confrontation where kinetic military operations are tightly integrated with cyber, electronic, and information warfare, marking a shift in how modern conflicts unfold. The analysis highlights sustained missile and drone strikes occurring alongside coordinated cyber campaigns driven by state-linked actors and proxy groups targeting critical infrastructure, enterprises, and government systems. This convergence is expected to persist, with cyber operations increasingly used to disrupt services, gather intelligence, and amplify geopolitical impact, even as physical hostilities continue across the region.”
    
• MedTech Dive adds,
  • “Stryker has restored most manufacturing sites and critical lines roughly two weeks after the company suffered a cyberattack.
  • “The company is working with its global manufacturing sites as “operations steadily improve towards full capacity,” a spokesperson said in a statement emailed to MedTech Dive. Stryker is making “strong progress” on restoring underlying systems that support production and fulfillment.
  • “Stryker’s electronic ordering system, which was shut down due to the attack, has been restored for customers. The Portage, Michigan-based company is “working as quickly and safely as possible to reconcile orders, manufacture products and deliver to our customers so they can continue to provide seamless patient care,” the spokesperson said.
  • “The spokesperson declined to comment on whether Stryker has a timeline for full restoration of its operations, and whether the financial and material impact on the company is yet known.”

• Cybersecurity Dive relates,
  • “An Iran-linked ransomware group targeted an unnamed U.S. healthcare provider in the lead-up to the Iran war, according to a report Tuesday [March 24] from Halcyon. 
  • “Tracked under the name Pay2Key, the group gained access to a compromised administrative account for several days and then encrypted the account. 
  • “Forensics investigators, which included Halcyon and Beazley Security, found no evidence that data was stolen. This marks a departure from the group’s previous attacks. Researchers suggest the attacker may have changed tactics to focus more on destruction rather than pure extortion. 
  • “Also, the threat group appears to have shifted its attention toward the U.S. after historically targeting Israeli systems.” 

From the cybersecurity policy and law enforcement front,

• Cybersecurity Dive reports,
  • “Members of Congress and their staffs are eagerly awaiting the Trump administration’s plan for implementing its new cybersecurity strategy and want more regular updates on how the government is helping critical infrastructure organizations guard against new Iran-linked hacking threats.
  • “Staffers from the House Homeland Security Committee and the House Oversight Committee discussed those and other cybersecurity issues during a panel at the RSAC 2026 Conference here on Tuesday [March 24].
  • “While the Democratic and Republican staffers sometimes took different approaches to the issues, they agreed on the need for more details about the strategy and about efforts to counter Iran-linked cyberattacks.”
• and
  • “The program that underpins the entire global vulnerability-fixing ecosystem is in danger of either collapsing or fading into irrelevance without major changes, according to one of the program’s leaders.
  • “I don’t think we can afford to continue at the pace [and] with the tools that we currently have in order to make real progress. We’re just gonna be left in the dust,” Katie Noble, a board member for the Common Vulnerabilities and Exposures (CVE) Program, said during a panel at the RSAC 2026 Conference here on Tuesday [March 24].” * * *
  • “Through a network of affiliated organizations, the CVE Program vets vulnerability reports and assigns each flaw a unique CVE number, which helps researchers, businesses, government agencies and information-sharing groups track the flaws and understand their impact. The program is widely considered a crown jewel of the cybersecurity community. But its fate is uncertain after the nonprofit MITRE Corporation, which runs the program, almost lost crucial federal funding last year.
  • “On top of those logistical woes, the broader CVE ecosystem is also reeling from the dramatic AI-powered increase in the number of vulnerability reports flowing into software vendors and open-source platforms.”

• Cyberscoop adds,
  • “Four former National Security Agency directors shared varying concerns about a lack of earnest and widespread response to growing threats in cyberspace during a discussion at the RSAC 2026 Conference on Tuesday.
  • “Accelerating threats posed by artificial intelligence, China and cybercriminals at large are testing the country’s resolve and determination to foster meaningful public-private collaboration, the former commanders of U.S. Cyber Command said. 
  • “While the four-star military officials remain confident in the country’s resources and people committed to defending the nation from cyberattacks, they voiced unease about challenges that could upend technological dominance and diminish a collective response to serious intrusions. 
  • “I think we’ve become numb to it,” retired Gen. Paul Nakasone said. “We continue to see these different intrusions, and intrusions have gotten to a size that the scale is just incredible to me.”
• and
  • “A year-long effort to strengthen cybersecurity and modernize tech at U.S. intelligence agencies has led to policy standards for using AI to bolster cyber defenses, a shared repository of all apps that have undergone a cybersecurity review and more, the Office of the Director of National Intelligence announced Thursday [March 26].
  • “An unclassified summary of cyber and tech modernization work under the first year of DNI Tulsi Gabbard’s stewardship states that the office has expanded the automation of threat hunting across intelligence community networks. (The Cybersecurity and Infrastructure Security Agency conducts threat hunting across federal civilian agencies.)
  • The ODNI also has developed a zero-trust strategy that shifts “to a data-centric security model that protects information regardless of location or network,” according to the summary.
  • “Over the past year, we have taken meaningful steps to begin fulfilling that responsibility through the largest IC-wide technology investment and modernization effort in history,” Gabbard said in a news release. “President Trump’s Intelligence Community is moving faster and more decisively on cybersecurity modernization and investments in IT than ever before, delivering stronger defenses, greater efficiency, and real cost savings for the American people.”   

• Tech Target shares a boatload of other insights from the RSAC conference.

• Federal News Network tells us,
  • “The Trump administration is prioritizing ensuring the government leads on adopting artificial intelligence for cyber defense, according to a top Office of Management and Budget official.
  • “The use of “AI-enabled cyber tools” is specifically called out in the new national cybersecurity strategy. The White House’s top cyber official has said the administration will launch a series of pilot programs to harden government networks under the new strategy.
  • White House officials in recent weeks convened a roundtable featuring “representatives from industry as well as agencies who are at the cutting edge of cyber defense, to talk about how we can really operationalize AI for cyber defense,” Nick Polk, branch director for cybersecurity within OMB’s Office of the Chief Information Officer, said during a Thursday webinar hosted by the Digital Government Institute.
  • “This is something where we have really decided that we want to take the mantle and have the government lead in this space,” Polk added.”
• and
  • “The Cybersecurity and Infrastructure Security Agency, after a year of workforce reductions that has left CISA’s ranks depleted, is planning to recruit more than 300 people in the coming months.
  • “The cyber agency is also loosening restrictions around flexible work schedules for its employees.
  • “Acting CISA Director Nick Andersen announced those plans in a March 23 email to staff. Andersen said Department of Homeland Security headquarters had approved CISA’s “critical hire list,” including 329 “mission critical hires” throughout the agency.
  • “During the ongoing government shutdown, CISA will only be hiring for “excepted” positions, Andersen added. Roughly two-thirds of CISA’s staff is currently furloughed due to the DHS shutdown.“

• Per a National Institute of Standards and Technology news release,
  • “NIST has released two new CSF 2.0 quick-start guides, adding to an expanding portfolio of available implementation resources offering tailored pathways for different audiences to engage with the CSF 2.0. The two new resources include:
    • “Final Version: NIST Special Publication (SP) 1308, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide
    • “Open for Public Comment: NIST SP 1347 Initial Public Draft (ipd), CSF 2.0 Informative References Quick-Start Guide

• Cybersecurity Dive informs us,
  • “The Federal Communications Commission on Monday said it will no longer approve imported routers for consumer use without government review. 
  • “An interagency body convened by the White House determined that consumer-grade routers made outside the U.S. present an unacceptable risk to national security, according to FCC officials. 
  • “The Trump administration’s 2025 National Security Strategy says the U.S. should not be dependent on an outside power for core components considered vital to the nation’s economy or defense.”

• Cyberscoop points out,
  • “An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday.
  • “Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering for his alleged role with RedLine. Infostealers thieve billions of user credentials such as passwords annually.”

• Security Week adds,
  • “Russian cybercriminal Ilya Angelov, known online as ‘Milan’ and ‘Okart’, has been sentenced to two years in federal prison for his role in the administration of a botnet used to facilitate ransomware attacks, the DOJ announced on Tuesday [March 24].
  • “According to the DOJ, Angelov was part of a threat group tracked by the FBI as Mario Kart, and by the cybersecurity community as TA-551, Shathak, Gold Cabin, Monster Libra, G0127, and ATK236.
  • “The charges against Angelov stem from activities he engaged in between 2017 and 2021, during which his cybercrime group built a botnet by distributing malware via spam email attachments.” * * *
  • “Angelov’s sentencing comes shortly after the DOJ announced that another Russian national, Aleksei Volkov, has been sentenced to 81 months in prison for his role in ransomware attacks.” 

• The Wall Street Journal notes,
  • “Global hackers are getting better at drawing lessons from online crime busts to build more resilient operations, posing a dilemma for law-enforcement officials.
  • “The problem, known as tactical exposure, is expected to deepen amid calls by the White House for more aggressive action against cybercrime and a recent wave of takedowns and disruptions of cybercrime networks and platforms.”

From the cybersecurity vulnerabilities and breaches front,

• CISA added three known exploited vulnerabilities to its catalog this week.
  • March 25, 2026
    • CVE-2026-33017 Langflow Code Injection Vulnerability
      • Bleeping Computer discusses this KVE here.
  • March 26, 2026
    • CVE-2026-33634. Aqua Security Trivy Embedded Malicious Code Vulnerability
      • CyberPress discusses this KVE here.
  • March 27, 2026
    • CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability
      • Help Net Security discusses this KVE here.

• Cybersecurity Dive reports,
  • “A sophisticated China-nexus threat actor has embedded digital sleeper cells into the networks of telecom firms in multiple countries, according to a report released Thursday from cybersecurity firm Rapid7.
  • “The adversary, tracked as Red Menshen, has used a stealthy, Linux-based implant called BPFdoor that is designed to function within the operating system kernel.
  • “The goal is to run an espionage campaign against critical industry segments and government agencies, maintaining a long-term presence inside these networks, Rapid7 researchers said. ‘There are similarities to campaigns previously launched by other China-nexus actors, including Volt Typhoon and Salt Typhoon, but the mechanisms have evolved and the strategic objectives of these attacks have a longer tail.”
• and
  • “The evolving threat landscape has placed identity governance at the center of cybersecurity, according to a pair of reports released this week, meaning that organizations should prioritize identity management as a way to protect sprawling computer networks from under-the-radar intrusions.
  • “Cloudflare’s report, released Wednesday, and PwC’s report, released Tuesday, both emphasize the need for companies to do a better job of monitoring user behavior and scanning for suspicious network activity.
  • “The rise of AI only makes identity governance even more important, researchers wrote, as the technology helps hackers improve their impersonation tactics.”
• and
  • “Security researchers warn that a critical vulnerability in Citrix NetScaler products might lead to a wave of exploitation that could rival the 2023 CitrixBleed crisis. 
  • “Citrix on Monday [March 23] disclosed an insufficient input validation flaw in NetScaler ADC and NetScaler Gateway application-delivery products, tracked as CVE-2026-3055, with a severity score of 9.3. 
  • “Citrix also disclosed a race condition flaw, tracked as CVE-2026-4368, in the same products. That vulnerability has a severity score of 7.7.
  • “The input validation flaw can allow an attacker to leak sensitive information, similar to the original CitrixBleed flaw, which led to a wave of high profile data theft and ransomware attacks. 
  • “NetScalers are critical solutions that have been continuously targeted for initial access into enterprise environments,” Benjamin Harris, founder and CEO of watchTowr, told Cybersecurity Dive.”

• Cyberscoop relates,
  • “Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti’s UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files.
  • “The path-traversal vulnerability — CVE-2026-22557 — affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released patches for the defect in a security advisory Wednesday [March 25].
  • “As of this morning, we have not observed any public proof-of-concept exploits or confirmed reports of exploitation in the wild,” Matthew Guidry, senior product detection engineer at Censys, told CyberScoop.
  • “However, because this is a path-traversal vulnerability, the technical complexity for an attacker is typically lower than memory-corruption or buffer-overflow bugs,” he added. “Given that the CVSS 10 rating implies low attack complexity, we anticipate that once the specific vulnerable endpoint is identified, exploitation will be trivial to automate.”

From the ransomware front,

• The Bangor Daily News reports,
  • “The Maine mental health agency AMHC was the subject of a ransomware attack this month allegedly perpetrated by a Russia-based cybercrime group. 
  • “Qilin, which analysts have cited as the world’s leading ransomware threat, added the Presque Isle-based healthcare organization to a list of victims on its dark web data leak site Tuesday, according to screenshots and reports posted by more than a dozen websites and groups that track ransomware. 
  • “AMHC is the largest behavioral healthcare provider for a large swath of rural Maine, operating in Aroostook, Hancock and Washington counties. It has more than 350 employees and over 5,500 clients between 27 service locations, according to its website. 
  • “The organization acknowledged the attack in a statement to the Bangor Daily News Wednesday, saying that it “recently experienced a network disruption,” and that it had partnered with “cyber incident specialists” to investigate.”

• Dark Reading relates,
  • “Ransomware is not only growing, threat actors are also accelerating the pace of their attacks by using offensive tools to exploit valid credentials and hit targets with speed and precision. 
  • “The practice has undergone big changes over the past five years. Initially, attacks focused on encrypting data; now, threat actors threaten to extract it to pressure victims into paying. Double-extortion tactics quickly shifted to triple-extortion threats to expose stolen data. Threat actors also transitioned from extorting companies to contacting victims directly — whatever it takes to rake in the cash.
  • “The latest shift is all about speed. Ransomware actors discovered methods to bypass endpoint detection and response (EDR) tools, and they’re increasingly using artificial intelligence (AI) to steal data more quickly. 
  • “Halcyon’s 2026 Method Survey Report reveals that while 98% of organizations use EDR tools for ransomware defense, only 25% “actually trust it to defend against today’s evolving ransomware threat.” Additionally, 78% of surveyed participants say AI made ransomware attacks more effective. Conversely, only 6% believe the tools have improved their own defenses.”  

• CSO adds,
  • “In 2025, attacker dwell time rose, voice phishing topped email phishing, and threat actors increasingly targeted backup and identity systems, according to Mandiant’s latest incident response data.
  • “Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems organizations rely on to recover from breaches.
  • “The report, based on more than 500,000 hours of incident response engagements in 2025, finds that attackers are compressing key phases of the attack lifecycle, even as median dwell time increased to 14 days, up from 11 days the previous year.
  • “In addition, it reveals a change in tactics. Voice phishing accounted for 11% of initial infection vectors, making it the second most common entry point after exploits, which led at 32%. Email phishing declined to 6%, down from 14% the year before, reflecting a move toward more interactive social engineering. Together, the trends point to a shift in both how quickly attacks unfold and what attackers are trying to achieve once inside.”

• Tech Radar explains why stolen credentials continue to work even when multi-factor authentication is in place.

• Cybersecurity Dive tells us,
  • “Businesses need to think carefully about when they publicly blame a threat actor for a cyberattack, lest they invite unwanted consequences, experts said at a panel at the RSAC 2026 Conference here on Tuesday.
  • “The rush to attribute is a risky one,” Megan Stifel, the chief strategy officer at the Institute for Security and Technology, a cybersecurity think tank, said during a panel discussion.
  • “Brett Callow, a ransomware expert and senior adviser at FTI Consulting who advises cyberattack victims, called attribution “extremely risky” because “you are bringing third parties into the discussion, and those third parties may very well respond.”

From the cybersecurity defenses front,

• Cyberscoop reports,
  • “Google is accelerating its timeline for migrating its products to quantum resistant encryption to 2029, the latest sign that tech leaders are worried that they haven’t been aggressive enough in planning for a post-quantum future.
  • “In a blog posted Wednesday [March 25], vice president of security engineering Heather Adkins and senior staff cryptology engineer Sophie Schmieg said that Google and other tech companies have observed faster than expected advances in several quantum fields.
  • “This new timeline reflects migration needs for the PQC era in light of progress on quantum computing hardware development, quantum error correction, and quantum factoring resource estimates,” Adkins and Schmieg wrote.
  • “Google is replacing outdated encryption across their devices, systems and data with new algorithms vetted by the National Institute for Standards and Technology. Those algorithms, developed over a decade by NIST and independent cryptologists, are designed to protect against future attacks from quantum computers.”

• Cybersecurity Dive relates,
  • “Businesses hoping AI can automate away their security woes should think again, because the technology isn’t a cure-all and is actually introducing new risks, experts warned at the RSAC 2026 Conference here.
  • “We’re seeing advantages [with AI for defense], but we’re also seeing a lot of hiccups as we figure out how to get there,” Adam Pennington, who oversees MITRE’s ATT&CK framework, said during a panel about how AI is changing the push-and-pull between attackers and defenders.
  • “Security teams are using AI in a lot of the same ways as hackers, Pennington said, especially rapid code-writing. “There does need to be some caution, though, in using it directly in defense,” he said. “False positives have always been a problem in trying to apply machine learning and AI to defense.”
  • “The warnings from Pennington and others on the panel come as businesses rush to purchase AI security services, often with seemingly little regard for their efficacy or tradeoffs.”

• Dark Reading adds,
  • “Organizations may want to think twice before consulting with AI models on software dependency decisions.
  • “New research from Sonatype found that “frontier” models (defined as the most advanced AI models available at a given moment) often generate faulty or fabricated recommendations for software dependencies, which spells trouble for organizations that lean on AI for upgrade and patching guidance. 
  • “Sonatype’s research team analyzed 36,870 unique dependency upgrade recommendations across Maven Central, npm, PyPI, and NuGet between June and August 2025. In all, the DevSecOps company studied a total of 258,000 recommendations generated by seven AI models from Anthropic, OpenAI, and Google.”

• Here is a link to Dark Reading’s CISO Corner.

From the Iranian War front,

• The Wall Street Journal reminds us,
  • “Iran pulled off likely the most significant wartime cyberattack against the U.S. in history, leveraging its hacking powers to cause major disruptions at a global medical-equipment firm that struggled to bring itself back online in recent days.
  • “The attack brought a conflict that until now had been largely confined to the Gulf region to the American homeland and offered a preview of the potential for how Iran may broaden its response to the U.S. and Israeli military campaign.
  • “Stryker, the Michigan-based firm hit in the hack, said it experienced “global disruption” and quickly contained it. The company said it believed the incident had been limited to its internal Microsoft systems. The company added that some hospitals may be experiencing temporary pauses in transmissions of medical data, but that its connected products “are not impacted and are safe to use.” Microsoft hasn’t commented on the hack.”

• The American Hospital Association News adds,
  • “The Cybersecurity and Infrastructure Security Agency [CISA] March 18 released an alert urging U.S. organizations to harden their endpoint management systems following the March 11 cyberattack against Stryker, a U.S.-based medical technology and supply firm. The attack impacted the company’s Microsoft environment, and Stryker said there was no indication of ransomware or malware. The CISA alert provides various recommendations and resources, as well as best practices for securing Microsoft Intune.”
    
• Cybersecurity Dive informs us,
  • “The Department of Justice on Thursday [March 19] said four domains used for Iranian-backed hacking and intimidation of political opponents have been taken down in a court-ordered operation. 
  • “Two of the domains were connected to Handala, the state-linked threat group that authorities confirmed was behind the hack of Stryker, a Michigan-based medical technology giant. 
  • “A partially redacted FBI affidavit did not specifically identify Stryker by name, but the details of the attack match with the circumstances of the same incident.” * * *
  • “The sites were part of a larger effort by Iran’s Ministry of Intelligence and Security (MOIS) to intimidate dissidents, conduct malicious attacks, target Israelis and conduct violent attacks against journalists, according to court records. 
  • “Federal authorities obtained a seizure warrant Thursday, according to the FBI affidavit filed Thursday at U.S. District Court in Maryland.
  • “The FBI seizure is not expected to have a major impact on Handala’s ability to conduct attacks, said the Foundation for the Defense of Democracies (FDD).”  

• Bleeping Computer offers “a five-step playbook to stop Iranian wiper campaigns before they spread.”

From the cybersecurity policy and law enforcement front,

• Politico reports,
  • “The White House offered additional immigration enforcement concessions to Democrats Friday evening [March 20] as border czar Tom Homan met a second time with a bipartisan group of senators seeking to end the Homeland Security shutdown, according to lawmakers who attended.
  • “Leaving the private meeting, Republican senators said they hope Democrats respond over the weekend to the Trump administration’s bolstered proposal of immigration enforcement changes meant to address Democratic demands for funding DHS.”

• The Wall Street Journal adds,
  • “March 27 is a make-or-break day for TSA officers.
  • “If Congress leaves that day for a scheduled two-week recess without reaching a deal to fund the Transportation Security Administration, officers are set to miss more than a month of paychecks.” 

• Cybersecurity Dive lets us know,
  • “The Trump administration will make sure that new AI technologies are secure by design, a senior U.S. official said on Tuesday. [March 17]
  • “What we are working for in my lane is to ensure that the technical security is not seen as a barrier to that innovation, but is seen as a fundamental piece of the ability to scale it and move it as quickly as possible,” National Cyber Director Sean Cairncross said at an event hosted by the McCrary Institute for Cyber and Critical Infrastructure Security.”
  • “Cairncross addressed the audience in Washington two weeks after the Trump administration released its cybersecurity strategy, a short, high-level document that discussed critical infrastructure protection, emerging technologies and digital deterrence. Cairncross said the government wanted to work closely with the U.S. companies that operate important online infrastructure, including to counter foreign adversaries — but he stressed that the government would be the one conducting offensive operations.”

• Per a March 12 FBI news release,
  • “The Federal Bureau of Investigation (FBI) is publishing this Public Service Announcement (PSA) to raise awareness of residential proxies, the risks they pose, and steps the public can take to safeguard their devices from becoming part of a residential proxy network. Cyber threat actors use residential proxies to facilitate illicit activities, while obfuscating their true identities and locations by routing internet traffic through home and small business internet networks.”

• Per a NIST news release,
  • “The Domain Name System (DNS) plays an integral role in every organization’s security posture by translating domain names into IP addresses. It can serve as an enforcement point for enterprise security policy and an indicator of potential malicious activity on a network. A disruption or attack against the DNS can impact an entire organization.
  • “NIST Special Publication (SP) 800-81r3 (Revision 3), Secure Domain Name System (DNS) Deployment Guide, describes the different roles of DNS and gives recommendations for protecting the integrity, availability, and confidentiality of DNS services, including:
    • “The role DNS plays in supporting a zero trust architecture, such as serving as both a policy enforcement point (PEP) and a source of information when evaluating access requests
    • “The role of hosting DNS information (authoritative DNS), including guidance on protecting the integrity and authenticity of DNS information using DNSSEC
    • “The role of recursive DNS, including guidance on protecting the confidentiality of client DNS queries.”

• Cyberscoop reports,
  • “Three American men were sentenced Friday [March 20] for crimes they committed in furtherance of North Korea’s vast scheme to get operatives hired at U.S. companies, the Justice Department said.
  • “The trio — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — pleaded guilty in November to wire fraud conspiracy for providing U.S. identities to remote North Korean IT workers.”
• and
  • “A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday [March 19].
  • “Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data, including sensitive employee and compensation information, which he used to extort his employer, according to court records. Curry ultimately made off with approximately $2.5 million from the victim organization in January 2024.
  • “The insider attack underscores immeasurable risks companies accept when employees, or contractors placed in roles by a third-party recruitment company, as was the case with Curry, are allowed to access sensitive data on a company-owned laptop. Officials did not name the company.”
• and
  • “Authorities seized infrastructure powering four botnets that hijacked a combined three million devices and launched more than 300,000 DDoS attacks collectively, the Justice Department said Thursday [March 19].
  • The botnets — Aisuru, Kimwolf, JackSkid and Mossad — enabled operators to sell access to the infected devices for various cybercrimes. The aftermath spanned thousands of attacks, including some demanding extortion payments from victims, officials said.

From the cybersecurity breaches and vulnerabilities front,

• Cyberscoop reports,
  • “Russian intelligence-affiliated hackers have gained access to thousands of users’ messaging apps with a global phishing campaign, the FBI and the Cybersecurity and Infrastructure Security Agency warned in a public service announcement on Friday [March 20].
  • “The high-value targets they’re pursuing include current and former U.S. government officials, political figures, military personnel and journalists, the two agencies said in the joint PSA about the hackers’ attempts to infiltrate commercial messaging applications (CMAs).
  • “The U.S. alert comes on the heels of an earlier warning from Dutch authorities, who said last week that Russian hackers were “engaged in a large-scale global attempt” to take over WhatsApp and Signal accounts. The Dutch warning likewise followed a similar warning from Germany in February.
  • “The U.S. agencies emphasized that the hackers had not been able to bypass end-to-end encryption, instead manipulating users into giving up access. The scheme involves hackers posing as Signal help personnel, then inviting them to click a link or provide verification codes or account personal identification number.”
• and
  • “Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti’s UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files.
  • “The path-traversal vulnerability — CVE-2026-22557 — affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released patches for the defect in a security advisory Wednesday.
  • “As of this morning, we have not observed any public proof-of-concept exploits or confirmed reports of exploitation in the wild,” Matthew Guidry, senior product detection engineer at Censys, told CyberScoop.
  • “However, because this is a path-traversal vulnerability, the technical complexity for an attacker is typically lower than memory-corruption or buffer-overflow bugs,” he added. “Given that the CVSS 10 rating implies low attack complexity, we anticipate that once the specific vulnerable endpoint is identified, exploitation will be trivial to automate.”

• CISA added nine known exploited vulnerabilities (KVEs) to its catalog this week.
  • March 16, 2026
    • CVE-2025-47813. Wing FTP Server Information Disclosure Vulnerability
      • Security Week discusses this KVE here.
  • March 18, 2026
    • CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
      • Bleeping Computer discusses this KVE here.
  • March 18, 2026 (not a typo — two separate KVE notices in one day)
    • CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
      • Security Week discusses this KVE here.
  • March 19, 2026
    • CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
      • Cybersecurity Dive, Cyberscoop, Bleeping Computer, and AWS Security Blog discuss this more urgent KVE.
  • March 20, 2026
    • CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerability
    • CVE-2025-32432 Craft CMS Code Injection Vulnerability
    • CVE-2025-43510 Apple Multiple Products Improper Locking Vulnerability
    • CVE-2025-43520 Apple Multiple Products Classic Buffer Overflow Vulnerability
    • CVE-2025-54068 Laravel Livewire Code Injection Vulnerability
      • The Hacker News discusses the Apple KVEs here.
      • Craft CMS discusses its KVE here.
      • NIST discusses the Laravel KVE here.

• Cybersecurity Dive reports,
  • “North Korea’s remote IT worker schemes rely heavily on Western collaborators, an elaborate hierarchy of roles and the extensive use of an open-source messaging application, IBM and the cybersecurity vendor Flare said in a report published on Wednesday.
  • “The new research details the tactics and technologies that North Korean operatives use to trick companies into hiring them and fly under the radar while they funnel their salaries to Pyongyang.
  • “Flare and IBM said the report could help businesses improve their ability to root out North Korean operatives posing as legitimate employees.”
• and
  • “Threat groups are increasingly targeting critical infrastructure for malicious attacks by using direct access to cyber-physical systems, according to a report released Wednesday by Claroty, a firm that specializes in industrial security. 
  • “These attackers, which often are state-sponsored or hacktivist groups, are abusing virtual network protocol in a majority of cases to gain remote access to exposed internet-facing assets. 
  • “In two-thirds of the tracked incidents, attackers are compromising human-machine interfaces or supervisory control and data acquisition systems, which are used to control various industrial processes in factories and other operational technology environments.” 

From the ransomware front,

• The Record reports on March 17,
  • “A prominent ransomware gang has taken credit for a devastating attack on the biggest hospital in Mississippi and a large county in New Jersey. 
  • “The Medusa ransomware operation, which experts believe is run out of Russia, said recently it was behind the cyberattack on the University of Mississippi Medical Center (UMMC).” * * *
  • “The hospital fully reopened on March 2, and the Medusa ransomware gang claimed the attack last Thursday, demanding an $800,000 ransom. The hackers threatened to leak data stolen from the hospital by March 20.  
  • “A UMMC spokesperson declined to comment on the ransom threat.   
  • “Experts believe the Medusa operation is based in Russia due to its avoidance of targets in Commonwealth of Independent States, its Russian-language forum activity and the use of Cyrillic script in operational tools.” 

• Cyberscoop adds,
  • “Ransomware remains a scourge that shows some signs of relenting, but incident responders and threat hunters are busier than ever as more financially-motivated attackers lean exclusively on data theft for extortion.
  • “Attacks that only involve data theft for extortion may not be more prevalent than traditional ransomware when attackers encrypt systems, but momentum is moving in that direction, Genevieve Stark, head of cybercrime intelligence at Google Threat Intelligence Group, told CyberScoop.
  • “When you look at the actors in the English-speaking underground, those actors are almost all just focusing on data-theft extortion right now,” Stark added. This includes groups like Scattered Spider, ShinyHunters, Clop and other groups that have been responsible for some of the largest and farthest-reaching attacks over the past few years.
  • “Google Threat Intelligence Group’s research report on ransomware, which it shared exclusively and discussed with CyberScoop prior to release, underscores how the evolution and spread of cybercrime can cloud a collective understanding of ransomware, or attacks that use malware to encrypt or lock systems.” 

• eSecurity Planet explains,
  • “Why BYOD Is the Favored Ransomware Backdoor.
  • “80% of ransomware attacks come from unmanaged devices. Explore how BYOD could be ransomware’s favored method and how to protect against attacks.”
• and
  • “Ransomware’s Opening Play: Target Identity First
  • “Ransomware attackers now target identity systems like Active Directory first. Learn how identity resilience can help you prevent and recover from attacks.”

From the cybersecurity defenses front,

• Cyberscoop asks,
  • “Can Zero Trust survive the AI era?
  • “As AI increases the speed of cyber attacks, governments and businesses must weigh the tradeoffs that come with deploying semi-autonomous AI agents to stop them.”

• Cybersecurity Dive adds,
  • “Corporate cybersecurity leaders believe AI will be essential to their missions, but, so far, few are seeing big gains from agentic security products, according to a new EY survey.
  • “With AI governance dominating C-suite agendas, the survey released on Thursday found that companies are making progress in integrating risk management frameworks into their operations, even if those ways of thinking have yet to fully permeate corporate cultures.
  • “The survey findings prompted EY to make four high-level recommendations to businesses still deciding how to adopt and use AI for cybersecurity.”

• The ISACA Blog considers,
  • “A report by the Neuro-rights Foundation examined the privacy practices of around 30 compelling consumer neuro-technology companies and found that more than 90% relied on vague safeguarding language with no concrete protection of consumers’ neural data. Researchers at Bitbrainreported the possibility of neural signals being captured by attackers using man in the middle attacks, with modified information being readily re-injected since applications do not check the devices they are connected to.
  • “The enterprise security perimeter has now moved beyond networks and terminals into the brain itself as thoughts become potential attack vectors.”

• Here is a link to Dark Reading’s CISO Corner.

From the Iran War front,

• Dark Reading reports,
  • “Iranian state intelligence has been utilizing the cybercriminal underground to upgrade and provide cover for its offensive cyber activity.
  • “Iran’s Ministry of Intelligence and Security (MOIS) has long used hacktivism as a cover when it carries out cyberattacks. On March 11, for example, a wiper attack struck the Fortune 500 medical technology company Stryker. It was claimed by “Handala,” a group that positions itself as a pro-Palestine hacktivist operation, evidently itching to contribute to the ongoing US-Iran war. In fact, it’s a front for Void Manticore, an advanced persistent threat (APT) run out of Iran’s MOIS.
  • “This isn’t a new strategy. What is new, according to recent research from Check Point, is that MOIS hackers have been working with the real cybercriminals they’re pretending to be. Void Manticore, for example, has made the commercial infostealer Rhadamanthys a core element of its attack chains. Other MOIS entities have been linked to cybercrime clusters, even collaborating with ransomware-as-a-service (RaaS) operations.
  • Organizations need to be aware of this, says Sergey Shykevich, threat intelligence group manager at Check Point, “because there can be a case where a SOC or CISO will see something in their network that they associate with cybercrime activity [and label it] of low risk. And in reality, it will be an Iranian threat actor who will be able to execute destructive activities.”
    
• The Wall Street Journal tells us on March 12,
  • “Stryker said a cyberattack related to the Iranian conflict is still disrupting its operations, including order processing, manufacturing and shipping.
  • “Stryker experienced a global disruption to its Microsoft systems following a cyberattack Wednesday, which resulted in the company asking 56,000 employees to disconnect from all networks and avoid turning on company devices.
  • “The hackers behind the attack said they were retaliating on behalf of Iran, The Wall Street Journal reported Wednesday.
  • “On Thursday, Stryker said operations were still disrupted, but it doesn’t believe its patient-related services or connected products have been impacted.”

• Security Week adds,
  • “Stryker is a Fortune 500 company that specializes in the manufacturing of surgical equipment, orthopedic implants, and neurotechnology. Headquartered in Michigan, the company employs approximately 56,000 people and reported over $25 billion in revenue for 2025. Its critical role in the healthcare supply chain makes it an essential partner for hospitals worldwide.”
  • “The Iran-linked hacker group named Handala has taken credit for the attack, claiming to have struck an “unprecedented blow” to the company.”
• and
  • Like other ideologically motivated hackers, profit is not Handala’s goal, according to Ismael Valenzuela, vice president of threat intelligence at the cybersecurity company Arctic Wolf.
  • “What distinguishes this group is its clear focus on data destruction rather than financial extortion,” he said in an email.
    
• Cybersecurity Dive points out,
  • “Stryker said the cyberattack that hit the company this week has disrupted its manufacturing and shipping operations.
  • “The medtech company released the information Thursday night [March 12] in a statement posted to its website. Stryker did not detail the attack’s impact on its systems, but wrote in the statement that the incident has caused disruptions to order processing, manufacturing and shipping.
  • “However, we are working diligently to restore our systems and above all, we are committed to ensuring our customers can continue to deliver seamless patient care,” the company said.
  • Stryker maintained that the incident is contained to its internal Microsoft environment, and there is no malware or ransomware detected.”

From the cybersecurity policy and law enforcement front,

• Federal News Network reports,
  • “U.S. Cyber Command and the National Security Agency have a new permanent leader. The Senate has confirmed Gen. Joshua Rudd to serve as the next director of CYBERCOM and NSA. The two organizations have been without a permanent leader since April, when President Donald Trump fired Gen. Timothy Haugh from the role. Some Democratic lawmakers objected to Rudd’s nomination, citing his lack of cyber experience needed to immediately step into the dual leadership position. Sen. Ron Wyden (D-Ore.) said that when it comes to U.S. cybersecurity, “there is simply no time for on-the-job learning.” It’s not clear when Rudd will be sworn in.”
• and
  • “The Cybersecurity and Infrastructure Security Agency (CISA) is postponing meetings with industry on a forthcoming cyber incident reporting rule due to the ongoing Department of Homeland Security shutdown.
  • “The shutdown is also “likely” to delay the final Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rule, CISA confirmed today [March 9].
  • “In a notice posted to its website, CISA said it won’t be able to hold planned town halls on CIRCIA due to the lapse in appropriations. The town halls were scheduled for today, March 9, through early April.”

• Cyberscoop relates,
  • “The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.
  • “The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.
  • “Sure, that’s part of it, but that’s not all of it,” he said at an event hosted by USTelecom. It will include diplomatic efforts, arrests and more, he said. “As President Trump has made clear, he expects results, and he’s empowered the team under him to go get them.
  • “A series of pilot programs will be catered to specific critical infrastructure industries in specific states, such as water in Texas and beef in South Dakota, Cairncross said. Different sectors operate at more or less mature levels, he said.”

• Cybersecurity Dive tells us,
  • “Inconsistent definitions, overly burdensome information demands and duplicative requirements are some of the problems that U.S. businesses face in dealing with cybersecurity regulations, according to a recent Government Accountability Office report.
  • “Critical infrastructure organizations want federal agencies to work together to streamline their rules, according to the March 5 summary of a GAO panel discussion with infrastructure representatives.
  • “Businesses recommended several possible solutions to the regulatory sprawl, including agencies converging on common definitions of key terms.”
• and
  • “The federal government should prioritize interoperable, risk-based standards as it develops security guidance for agentic AI systems, major businesses told the National Institute of Standards and Technology.
  • “NIST’s Center for AI Standards and Innovation is exploring ways to help AI companies and their customers protect agents from tampering or abuse, and as part of that project, it sought public comments through Monday evening. More than 930 organizations and individuals submitted comments, according to the docket, including a group of powerful industry trade groups: the American Bankers Association and the Bank Policy Institute, the software group BSA and the tech industry juggernaut TechNet.”

• Cyberscoop informs us,
  • “41-year-old South Florida man is accused of conducting at least 10 ransomware attacks and helping accomplices extort a combined $75.25 million in ransom payments while he was working as a ransomware negotiator for DigitalMint. 
  • “Five of Angelo John Martino III’s alleged victims hired DigitalMint, which assigned Martino to conduct ransomware negotiations on their clients’ behalf — putting him in a position to play both sides, as the criminal responsible for the attack and the lead negotiator for his alleged victims, according to federal court records unsealed Wednesday.
  • “Martino allegedly obtained an affiliate account on ALPHV, also known as BlackCat, and conspired with other former cybersecurity professionals to break into victims’ networks, steal and encrypt data, and extort companies for ransoms over a six-month period in 2023.
  • “Martino was an unnamed co-conspirator in an indictment filed in November 2025 against Kevin Tyler Martin, another former ransomware negotiator at DigitalMint, and Ryan Clifford Goldberg, a former manager of incident response at Sygnia. Goldberg and Martin pleaded guilty in December to participating in a series of ransomware attacks and are scheduled for sentencing April 30.”
• and
  • “Authorities from multiple countries dismantled SocksEscort, a residential proxy network cybercriminals used to commit large-scale fraud, claiming access to about 369,000 IP addresses since 2020, the Justice Department said Thursday.
  • “Europol, which aided the investigation alongside various law enforcement agencies, Lumen’s Black Lotus Labs and the Shadowserver Foundation, said the malicious proxy service compromised routers and IoT devices in 163 countries. Officials said the proxy network’s payment platform received about $5.8 million from its customers.
  • “The globally coordinated action, dubbed Operation Lightning, took down and seized 34 domains and 23 servers in seven countries. U.S. officials froze a combined $3.5 million in cryptocurrency allegedly linked to the botnet that was created from infected devices.
  • “Cybercrime thrives on anonymity,” Catherine De Bolle, executive director at Europol, said in a statement. “Proxy services like SocksEscort provide criminals with the digital cover they need to launch attacks, distribute illegal content and evade detection.”

From the cybersecurity breaches and vulnerabilities front,

• MedTech Dive reports,
  • “Intuitive Surgical was hit by a cybersecurity phishing incident that compromised customer and employee data.
  • “Information was obtained from an employee’s compromised access into Intutive’s internal business administrative network, the surgical robotics firm said in a statement posted to its website. An unauthorized third party accessed information including customer business and contact information, as well employee and corporate data.
  • “The statement was posted on Thursday [March 12], an Intuitive spokesperson said in an email to MedTech Dive.
  • “When the incident was discovered, the company activated its incident response protocols and secured all affected applications.”

• Bleeping Security adds,
  • “Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.
  • “As the world’s largest coffeehouse chain, Starbucks has over 380,000 employees (also known as partners) and operates nearly 41,000 locations across 88 countries.
  • “In data breach notification letters filed with Maine’s Attorney General and sent to affected employees on Tuesday, the company says that it discovered the incident on February 6.

• Cyberscoop relates,
  • “Threat hunters and a collection of unconfirmed victims are responding to a series of attacks targeting Salesforce customers, which the vendor disclosed in a security advisory Saturday [March 7]. 
  • “Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations,” the company said in the alert.
  • “The campaign marks the third widespread attack spree targeting Salesforce customers in about six months. 
  • “The number of victims ensnared by the latest attacks is unverified, but ShinyHunters, the threat group asserting responsibility for the attacks, claims about 100 companies have already been impacted.”
• and
  • “A maximum-severity vulnerability in pac4j, an open-source library integrated into hundreds of software packages and repositories, poses a significant security threat, but has thus far received scant attention.
  • “The defect in the Java security engine, which handles authentication across multiple frameworks, has not been exploited in the wild since code review firm CodeAnt AI published a proof-of-concept exploit last week. The company discovered the vulnerability and privately reported it to pac4j’s maintainer, which disclosed the defectand released patches for affected versions of the library within two days.
  • “Some researchers told CyberScoop they are concerned about the vulnerability — CVE-2026-29000 — because it affects a widely deployed Java security engine that attackers can exploit with relative ease.
  • “A threat actor only needs to access a server’s public RSA key to attempt exploitation,” researchers at Arctic Wolf Labs said in an email. 

• CISA added six known exploited vulnerabilities to its catalog this week.
  • March 9, 2026
    • CVE-2021-22054 Omnissa Workspace ONE Server-Side Request Forgery
    • CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
    • CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
      • The Hacker News discusses these KVEs here.
  • March 11, 2026
    • CVE-2025-68613 n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
      • Bleeping Computer discusses this KVE here.
  • March 13, 2026
    • CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability
    • CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability
      • Vulert discusses these KVEs here.

• Cybersecurity Dive points out,
  • “Prolific cybercrime gangs have begun using AI to help them generate malware, signaling a “fundamental shift of dynamics” in the threat environment, IBM’s X-Force threat intelligence team said in a report published on Thursday [March 12].
  • “The malware, which IBM called Slopoly, is “relatively unspectacular” but nonetheless a harbinger of a coming future in which automated code development can rapidly accelerate the hacking life cycle, according to the report.
  • “IBM linked the malware to Hive0163, a group of hackers who have used the Interlock ransomware in several recent major attacks.”

• Dark Reading notes,
  • “Exploitation of user-managed cloud software has overtaken credential abuse as the method by which most attackers gain initial access to cloud resources.
  • “In its semi-annual “Cloud Threat Horizons Report,” Google found attacks on user-managed software applications — such as the the React2Shell attack targeting a flaw in React Server Components — bested software vulnerabilities to become the most frequently exploited vector for initial access. Overall, “software-based entry,” which includes exploiting software vulnerabilities such as remote code execution (RCE) flaws, accounted for about 44% of all initial-access activity in Google Cloud, the company stated in the report.
  • “The shift is likely due to the company’s focus on secure-by-default strategies and cloud users taking measures to shrink the stolen credentials and misconfiguration attack surfaces, says Crystal Lister, a security adviser in the Office of the CISO at Google Cloud.
  • “As defenders address some of the initial, enduring cloud hygiene issues, attackers are being forced to focus on more sophisticated, automated paths,” she says. “It isn’t necessarily that companies are cutting corners, but rather that the defensive perimeter has moved. Attackers are now targeting the third-party user-managed software running on top of the cloud rather than the cloud infrastructure itself.”

From the ransomware front,

• Spiceworks explains “why encrypted backups may fail in an AI-driven ransomware era.” Check it out.

• Healthcare IT News tells us how to stop ransomware disruption with better planning.
  • “Lessons from a LockBit ransomware attack can keep healthcare organizations running when faced with a cyberattack, said Zachary Lewis, CIO and CISO at University of Health Sciences and Pharmacy, in his HIMSS26 Cyber Forum keynote.”

• Two former federal government cybersecurity officials, writing in Cyberscoop, point out,
  • “We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it.
  • “Hackers have cut their attack timelines from weeks to hours while the government spreads resources too thin. We need to stop pretending we can protect everything and start focusing on what would hurt us most.”

From the cybersecurity business and defenses front,

• Cybersecurity Dive reports,
  • “Google on Wednesday said it completed a $32 billion agreement to buy Wiz, a leading cloud and AI security platform, marking one of the largest-ever acquisitions in the cybersecurity market. 
  • “The deal will allow Google to provide a comprehensive security offering to both government and enterprise customers operating across multicloud environments. 
  • “Wiz works across the leading cloud providers, including Amazon Web Services, Microsoft Azure and Oracle Cloud. 
  • “The platform will continue to operate under its own brand name, while providing a broad range of services through its integration with Google Cloud.”

• Security Week relates,
  • “OpenAI announced this week that it’s in the process of acquiring AI security company Promptfoo.
  • “Financial terms of the acquisition have not been disclosed, but Promptfoo has raised more than $23 million and was reportedly valued at $86 million (based on PitchBook data) following an $18.4 million Series A funding round in July 2025.
  • “Promptfoo has developed a security and evaluation platform designed to systematically test LLMs and AI agents. * * *
  • “Once it completes the acquisition, OpenAI plans to integrate Promptfoo’s capabilities into its Frontier platform, which enterprises use to build and operate AI coworkers.  
  • “Promptfoo brings deep engineering expertise in evaluating, securing, and testing AI systems at enterprise scale. Their work helps businesses deploy secure and reliable AI applications, and we’re excited to bring these capabilities directly into Frontier,” said Srinivas Narayanan, CTO of B2B Applications at OpenAI.”

• Cyberscoop tells us,
  • “Artificial intelligence may be enhancing cyber threats, but the defensive approach to those AI-amplified attacks remains the same, a top FBI official said Tuesday.
  • “We have seen actors both criminal and nation-state, they’re absolutely using AI to their advantage,” said Jason Bilnoski, deputy assistant director at the FBI’s cyber division. “But the way attacks unfold have not changed. Cyberattacks still follow basic steps. It just becomes an incredible speed now.”
  • “The best way to deal with those attacks is to implement all the traditional defenses, like those the FBI has been emphasizing as part of its Operation Winter SHIELD media campaign, he said.
  • “Don’t worry about the speed and capability” of AI attacks, Biloski said at a Billington Cybersecurity conference. “If you’re focused on the basics, it’ll help prevent the actual intrusion from occurring.
  • “It’s a message that the acting director of the Cybersecurity and Infrastructure Security Agency, Nick Andersen, also shared at the conference. Sophisticated attackers are out there, he said, but the agency’s recent binding operational directive for federal agencies to get rid of unsupported edge devices was a way of shoring up basic vulnerabilities.”
    
• Dark Reading informs us,
  • “In the latest installment of our monthly “Reporters’ Notebook” video series, Dark Reading’s Tara Seals, TechTarget Search Security’s Sharon Shea, and Cybersecurity Dive’s Dave Jones discuss cybersecurity concerns around the just-concluded Winter Olympics in Milan-Cortina (and the upcoming 2026 FIFA World Cup), with an eye to what these global sports events can teach everyday businesses about incident-response preparation.” 

• Tech Target points out how to choose the best mobile hotspot for remote work.
  • “Organizations that support remote work should understand how personal hotspots and dedicated hotspot devices differ. Compare these mobile hotspot options.”

• Here’s a link to Dark Reading’s CISO Corner.