From the Iranian War front,

• The Wall Street Journal reminds us,
  • “Iran pulled off likely the most significant wartime cyberattack against the U.S. in history, leveraging its hacking powers to cause major disruptions at a global medical-equipment firm that struggled to bring itself back online in recent days.
  • “The attack brought a conflict that until now had been largely confined to the Gulf region to the American homeland and offered a preview of the potential for how Iran may broaden its response to the U.S. and Israeli military campaign.
  • “Stryker, the Michigan-based firm hit in the hack, said it experienced “global disruption” and quickly contained it. The company said it believed the incident had been limited to its internal Microsoft systems. The company added that some hospitals may be experiencing temporary pauses in transmissions of medical data, but that its connected products “are not impacted and are safe to use.” Microsoft hasn’t commented on the hack.”

• The American Hospital Association News adds,
  • “The Cybersecurity and Infrastructure Security Agency [CISA] March 18 released an alert urging U.S. organizations to harden their endpoint management systems following the March 11 cyberattack against Stryker, a U.S.-based medical technology and supply firm. The attack impacted the company’s Microsoft environment, and Stryker said there was no indication of ransomware or malware. The CISA alert provides various recommendations and resources, as well as best practices for securing Microsoft Intune.”
    
• Cybersecurity Dive informs us,
  • “The Department of Justice on Thursday [March 19] said four domains used for Iranian-backed hacking and intimidation of political opponents have been taken down in a court-ordered operation. 
  • “Two of the domains were connected to Handala, the state-linked threat group that authorities confirmed was behind the hack of Stryker, a Michigan-based medical technology giant. 
  • “A partially redacted FBI affidavit did not specifically identify Stryker by name, but the details of the attack match with the circumstances of the same incident.” * * *
  • “The sites were part of a larger effort by Iran’s Ministry of Intelligence and Security (MOIS) to intimidate dissidents, conduct malicious attacks, target Israelis and conduct violent attacks against journalists, according to court records. 
  • “Federal authorities obtained a seizure warrant Thursday, according to the FBI affidavit filed Thursday at U.S. District Court in Maryland.
  • “The FBI seizure is not expected to have a major impact on Handala’s ability to conduct attacks, said the Foundation for the Defense of Democracies (FDD).”  

• Bleeping Computer offers “a five-step playbook to stop Iranian wiper campaigns before they spread.”

From the cybersecurity policy and law enforcement front,

• Politico reports,
  • “The White House offered additional immigration enforcement concessions to Democrats Friday evening [March 20] as border czar Tom Homan met a second time with a bipartisan group of senators seeking to end the Homeland Security shutdown, according to lawmakers who attended.
  • “Leaving the private meeting, Republican senators said they hope Democrats respond over the weekend to the Trump administration’s bolstered proposal of immigration enforcement changes meant to address Democratic demands for funding DHS.”

• The Wall Street Journal adds,
  • “March 27 is a make-or-break day for TSA officers.
  • “If Congress leaves that day for a scheduled two-week recess without reaching a deal to fund the Transportation Security Administration, officers are set to miss more than a month of paychecks.” 

• Cybersecurity Dive lets us know,
  • “The Trump administration will make sure that new AI technologies are secure by design, a senior U.S. official said on Tuesday. [March 17]
  • “What we are working for in my lane is to ensure that the technical security is not seen as a barrier to that innovation, but is seen as a fundamental piece of the ability to scale it and move it as quickly as possible,” National Cyber Director Sean Cairncross said at an event hosted by the McCrary Institute for Cyber and Critical Infrastructure Security.”
  • “Cairncross addressed the audience in Washington two weeks after the Trump administration released its cybersecurity strategy, a short, high-level document that discussed critical infrastructure protection, emerging technologies and digital deterrence. Cairncross said the government wanted to work closely with the U.S. companies that operate important online infrastructure, including to counter foreign adversaries — but he stressed that the government would be the one conducting offensive operations.”

• Per a March 12 FBI news release,
  • “The Federal Bureau of Investigation (FBI) is publishing this Public Service Announcement (PSA) to raise awareness of residential proxies, the risks they pose, and steps the public can take to safeguard their devices from becoming part of a residential proxy network. Cyber threat actors use residential proxies to facilitate illicit activities, while obfuscating their true identities and locations by routing internet traffic through home and small business internet networks.”

• Per a NIST news release,
  • “The Domain Name System (DNS) plays an integral role in every organization’s security posture by translating domain names into IP addresses. It can serve as an enforcement point for enterprise security policy and an indicator of potential malicious activity on a network. A disruption or attack against the DNS can impact an entire organization.
  • “NIST Special Publication (SP) 800-81r3 (Revision 3), Secure Domain Name System (DNS) Deployment Guide, describes the different roles of DNS and gives recommendations for protecting the integrity, availability, and confidentiality of DNS services, including:
    • “The role DNS plays in supporting a zero trust architecture, such as serving as both a policy enforcement point (PEP) and a source of information when evaluating access requests
    • “The role of hosting DNS information (authoritative DNS), including guidance on protecting the integrity and authenticity of DNS information using DNSSEC
    • “The role of recursive DNS, including guidance on protecting the confidentiality of client DNS queries.”

• Cyberscoop reports,
  • “Three American men were sentenced Friday [March 20] for crimes they committed in furtherance of North Korea’s vast scheme to get operatives hired at U.S. companies, the Justice Department said.
  • “The trio — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — pleaded guilty in November to wire fraud conspiracy for providing U.S. identities to remote North Korean IT workers.”
• and
  • “A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday [March 19].
  • “Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data, including sensitive employee and compensation information, which he used to extort his employer, according to court records. Curry ultimately made off with approximately $2.5 million from the victim organization in January 2024.
  • “The insider attack underscores immeasurable risks companies accept when employees, or contractors placed in roles by a third-party recruitment company, as was the case with Curry, are allowed to access sensitive data on a company-owned laptop. Officials did not name the company.”
• and
  • “Authorities seized infrastructure powering four botnets that hijacked a combined three million devices and launched more than 300,000 DDoS attacks collectively, the Justice Department said Thursday [March 19].
  • The botnets — Aisuru, Kimwolf, JackSkid and Mossad — enabled operators to sell access to the infected devices for various cybercrimes. The aftermath spanned thousands of attacks, including some demanding extortion payments from victims, officials said.

From the cybersecurity breaches and vulnerabilities front,

• Cyberscoop reports,
  • “Russian intelligence-affiliated hackers have gained access to thousands of users’ messaging apps with a global phishing campaign, the FBI and the Cybersecurity and Infrastructure Security Agency warned in a public service announcement on Friday [March 20].
  • “The high-value targets they’re pursuing include current and former U.S. government officials, political figures, military personnel and journalists, the two agencies said in the joint PSA about the hackers’ attempts to infiltrate commercial messaging applications (CMAs).
  • “The U.S. alert comes on the heels of an earlier warning from Dutch authorities, who said last week that Russian hackers were “engaged in a large-scale global attempt” to take over WhatsApp and Signal accounts. The Dutch warning likewise followed a similar warning from Germany in February.
  • “The U.S. agencies emphasized that the hackers had not been able to bypass end-to-end encryption, instead manipulating users into giving up access. The scheme involves hackers posing as Signal help personnel, then inviting them to click a link or provide verification codes or account personal identification number.”
• and
  • “Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti’s UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files.
  • “The path-traversal vulnerability — CVE-2026-22557 — affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released patches for the defect in a security advisory Wednesday.
  • “As of this morning, we have not observed any public proof-of-concept exploits or confirmed reports of exploitation in the wild,” Matthew Guidry, senior product detection engineer at Censys, told CyberScoop.
  • “However, because this is a path-traversal vulnerability, the technical complexity for an attacker is typically lower than memory-corruption or buffer-overflow bugs,” he added. “Given that the CVSS 10 rating implies low attack complexity, we anticipate that once the specific vulnerable endpoint is identified, exploitation will be trivial to automate.”

• CISA added nine known exploited vulnerabilities (KVEs) to its catalog this week.
  • March 16, 2026
    • CVE-2025-47813. Wing FTP Server Information Disclosure Vulnerability
      • Security Week discusses this KVE here.
  • March 18, 2026
    • CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
      • Bleeping Computer discusses this KVE here.
  • March 18, 2026 (not a typo — two separate KVE notices in one day)
    • CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
      • Security Week discusses this KVE here.
  • March 19, 2026
    • CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
      • Cybersecurity Dive, Cyberscoop, Bleeping Computer, and AWS Security Blog discuss this more urgent KVE.
  • March 20, 2026
    • CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerability
    • CVE-2025-32432 Craft CMS Code Injection Vulnerability
    • CVE-2025-43510 Apple Multiple Products Improper Locking Vulnerability
    • CVE-2025-43520 Apple Multiple Products Classic Buffer Overflow Vulnerability
    • CVE-2025-54068 Laravel Livewire Code Injection Vulnerability
      • The Hacker News discusses the Apple KVEs here.
      • Craft CMS discusses its KVE here.
      • NIST discusses the Laravel KVE here.

• Cybersecurity Dive reports,
  • “North Korea’s remote IT worker schemes rely heavily on Western collaborators, an elaborate hierarchy of roles and the extensive use of an open-source messaging application, IBM and the cybersecurity vendor Flare said in a report published on Wednesday.
  • “The new research details the tactics and technologies that North Korean operatives use to trick companies into hiring them and fly under the radar while they funnel their salaries to Pyongyang.
  • “Flare and IBM said the report could help businesses improve their ability to root out North Korean operatives posing as legitimate employees.”
• and
  • “Threat groups are increasingly targeting critical infrastructure for malicious attacks by using direct access to cyber-physical systems, according to a report released Wednesday by Claroty, a firm that specializes in industrial security. 
  • “These attackers, which often are state-sponsored or hacktivist groups, are abusing virtual network protocol in a majority of cases to gain remote access to exposed internet-facing assets. 
  • “In two-thirds of the tracked incidents, attackers are compromising human-machine interfaces or supervisory control and data acquisition systems, which are used to control various industrial processes in factories and other operational technology environments.” 

From the ransomware front,

• The Record reports on March 17,
  • “A prominent ransomware gang has taken credit for a devastating attack on the biggest hospital in Mississippi and a large county in New Jersey. 
  • “The Medusa ransomware operation, which experts believe is run out of Russia, said recently it was behind the cyberattack on the University of Mississippi Medical Center (UMMC).” * * *
  • “The hospital fully reopened on March 2, and the Medusa ransomware gang claimed the attack last Thursday, demanding an $800,000 ransom. The hackers threatened to leak data stolen from the hospital by March 20.  
  • “A UMMC spokesperson declined to comment on the ransom threat.   
  • “Experts believe the Medusa operation is based in Russia due to its avoidance of targets in Commonwealth of Independent States, its Russian-language forum activity and the use of Cyrillic script in operational tools.” 

• Cyberscoop adds,
  • “Ransomware remains a scourge that shows some signs of relenting, but incident responders and threat hunters are busier than ever as more financially-motivated attackers lean exclusively on data theft for extortion.
  • “Attacks that only involve data theft for extortion may not be more prevalent than traditional ransomware when attackers encrypt systems, but momentum is moving in that direction, Genevieve Stark, head of cybercrime intelligence at Google Threat Intelligence Group, told CyberScoop.
  • “When you look at the actors in the English-speaking underground, those actors are almost all just focusing on data-theft extortion right now,” Stark added. This includes groups like Scattered Spider, ShinyHunters, Clop and other groups that have been responsible for some of the largest and farthest-reaching attacks over the past few years.
  • “Google Threat Intelligence Group’s research report on ransomware, which it shared exclusively and discussed with CyberScoop prior to release, underscores how the evolution and spread of cybercrime can cloud a collective understanding of ransomware, or attacks that use malware to encrypt or lock systems.” 

• eSecurity Planet explains,
  • “Why BYOD Is the Favored Ransomware Backdoor.
  • “80% of ransomware attacks come from unmanaged devices. Explore how BYOD could be ransomware’s favored method and how to protect against attacks.”
• and
  • “Ransomware’s Opening Play: Target Identity First
  • “Ransomware attackers now target identity systems like Active Directory first. Learn how identity resilience can help you prevent and recover from attacks.”

From the cybersecurity defenses front,

• Cyberscoop asks,
  • “Can Zero Trust survive the AI era?
  • “As AI increases the speed of cyber attacks, governments and businesses must weigh the tradeoffs that come with deploying semi-autonomous AI agents to stop them.”

• Cybersecurity Dive adds,
  • “Corporate cybersecurity leaders believe AI will be essential to their missions, but, so far, few are seeing big gains from agentic security products, according to a new EY survey.
  • “With AI governance dominating C-suite agendas, the survey released on Thursday found that companies are making progress in integrating risk management frameworks into their operations, even if those ways of thinking have yet to fully permeate corporate cultures.
  • “The survey findings prompted EY to make four high-level recommendations to businesses still deciding how to adopt and use AI for cybersecurity.”

• The ISACA Blog considers,
  • “A report by the Neuro-rights Foundation examined the privacy practices of around 30 compelling consumer neuro-technology companies and found that more than 90% relied on vague safeguarding language with no concrete protection of consumers’ neural data. Researchers at Bitbrainreported the possibility of neural signals being captured by attackers using man in the middle attacks, with modified information being readily re-injected since applications do not check the devices they are connected to.
  • “The enterprise security perimeter has now moved beyond networks and terminals into the brain itself as thoughts become potential attack vectors.”

• Here is a link to Dark Reading’s CISO Corner.

From the Iran War front,

• Dark Reading reports,
  • “Iranian state intelligence has been utilizing the cybercriminal underground to upgrade and provide cover for its offensive cyber activity.
  • “Iran’s Ministry of Intelligence and Security (MOIS) has long used hacktivism as a cover when it carries out cyberattacks. On March 11, for example, a wiper attack struck the Fortune 500 medical technology company Stryker. It was claimed by “Handala,” a group that positions itself as a pro-Palestine hacktivist operation, evidently itching to contribute to the ongoing US-Iran war. In fact, it’s a front for Void Manticore, an advanced persistent threat (APT) run out of Iran’s MOIS.
  • “This isn’t a new strategy. What is new, according to recent research from Check Point, is that MOIS hackers have been working with the real cybercriminals they’re pretending to be. Void Manticore, for example, has made the commercial infostealer Rhadamanthys a core element of its attack chains. Other MOIS entities have been linked to cybercrime clusters, even collaborating with ransomware-as-a-service (RaaS) operations.
  • Organizations need to be aware of this, says Sergey Shykevich, threat intelligence group manager at Check Point, “because there can be a case where a SOC or CISO will see something in their network that they associate with cybercrime activity [and label it] of low risk. And in reality, it will be an Iranian threat actor who will be able to execute destructive activities.”
    
• The Wall Street Journal tells us on March 12,
  • “Stryker said a cyberattack related to the Iranian conflict is still disrupting its operations, including order processing, manufacturing and shipping.
  • “Stryker experienced a global disruption to its Microsoft systems following a cyberattack Wednesday, which resulted in the company asking 56,000 employees to disconnect from all networks and avoid turning on company devices.
  • “The hackers behind the attack said they were retaliating on behalf of Iran, The Wall Street Journal reported Wednesday.
  • “On Thursday, Stryker said operations were still disrupted, but it doesn’t believe its patient-related services or connected products have been impacted.”

• Security Week adds,
  • “Stryker is a Fortune 500 company that specializes in the manufacturing of surgical equipment, orthopedic implants, and neurotechnology. Headquartered in Michigan, the company employs approximately 56,000 people and reported over $25 billion in revenue for 2025. Its critical role in the healthcare supply chain makes it an essential partner for hospitals worldwide.”
  • “The Iran-linked hacker group named Handala has taken credit for the attack, claiming to have struck an “unprecedented blow” to the company.”
• and
  • Like other ideologically motivated hackers, profit is not Handala’s goal, according to Ismael Valenzuela, vice president of threat intelligence at the cybersecurity company Arctic Wolf.
  • “What distinguishes this group is its clear focus on data destruction rather than financial extortion,” he said in an email.
    
• Cybersecurity Dive points out,
  • “Stryker said the cyberattack that hit the company this week has disrupted its manufacturing and shipping operations.
  • “The medtech company released the information Thursday night [March 12] in a statement posted to its website. Stryker did not detail the attack’s impact on its systems, but wrote in the statement that the incident has caused disruptions to order processing, manufacturing and shipping.
  • “However, we are working diligently to restore our systems and above all, we are committed to ensuring our customers can continue to deliver seamless patient care,” the company said.
  • Stryker maintained that the incident is contained to its internal Microsoft environment, and there is no malware or ransomware detected.”

From the cybersecurity policy and law enforcement front,

• Federal News Network reports,
  • “U.S. Cyber Command and the National Security Agency have a new permanent leader. The Senate has confirmed Gen. Joshua Rudd to serve as the next director of CYBERCOM and NSA. The two organizations have been without a permanent leader since April, when President Donald Trump fired Gen. Timothy Haugh from the role. Some Democratic lawmakers objected to Rudd’s nomination, citing his lack of cyber experience needed to immediately step into the dual leadership position. Sen. Ron Wyden (D-Ore.) said that when it comes to U.S. cybersecurity, “there is simply no time for on-the-job learning.” It’s not clear when Rudd will be sworn in.”
• and
  • “The Cybersecurity and Infrastructure Security Agency (CISA) is postponing meetings with industry on a forthcoming cyber incident reporting rule due to the ongoing Department of Homeland Security shutdown.
  • “The shutdown is also “likely” to delay the final Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rule, CISA confirmed today [March 9].
  • “In a notice posted to its website, CISA said it won’t be able to hold planned town halls on CIRCIA due to the lapse in appropriations. The town halls were scheduled for today, March 9, through early April.”

• Cyberscoop relates,
  • “The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.
  • “The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.
  • “Sure, that’s part of it, but that’s not all of it,” he said at an event hosted by USTelecom. It will include diplomatic efforts, arrests and more, he said. “As President Trump has made clear, he expects results, and he’s empowered the team under him to go get them.
  • “A series of pilot programs will be catered to specific critical infrastructure industries in specific states, such as water in Texas and beef in South Dakota, Cairncross said. Different sectors operate at more or less mature levels, he said.”

• Cybersecurity Dive tells us,
  • “Inconsistent definitions, overly burdensome information demands and duplicative requirements are some of the problems that U.S. businesses face in dealing with cybersecurity regulations, according to a recent Government Accountability Office report.
  • “Critical infrastructure organizations want federal agencies to work together to streamline their rules, according to the March 5 summary of a GAO panel discussion with infrastructure representatives.
  • “Businesses recommended several possible solutions to the regulatory sprawl, including agencies converging on common definitions of key terms.”
• and
  • “The federal government should prioritize interoperable, risk-based standards as it develops security guidance for agentic AI systems, major businesses told the National Institute of Standards and Technology.
  • “NIST’s Center for AI Standards and Innovation is exploring ways to help AI companies and their customers protect agents from tampering or abuse, and as part of that project, it sought public comments through Monday evening. More than 930 organizations and individuals submitted comments, according to the docket, including a group of powerful industry trade groups: the American Bankers Association and the Bank Policy Institute, the software group BSA and the tech industry juggernaut TechNet.”

• Cyberscoop informs us,
  • “41-year-old South Florida man is accused of conducting at least 10 ransomware attacks and helping accomplices extort a combined $75.25 million in ransom payments while he was working as a ransomware negotiator for DigitalMint. 
  • “Five of Angelo John Martino III’s alleged victims hired DigitalMint, which assigned Martino to conduct ransomware negotiations on their clients’ behalf — putting him in a position to play both sides, as the criminal responsible for the attack and the lead negotiator for his alleged victims, according to federal court records unsealed Wednesday.
  • “Martino allegedly obtained an affiliate account on ALPHV, also known as BlackCat, and conspired with other former cybersecurity professionals to break into victims’ networks, steal and encrypt data, and extort companies for ransoms over a six-month period in 2023.
  • “Martino was an unnamed co-conspirator in an indictment filed in November 2025 against Kevin Tyler Martin, another former ransomware negotiator at DigitalMint, and Ryan Clifford Goldberg, a former manager of incident response at Sygnia. Goldberg and Martin pleaded guilty in December to participating in a series of ransomware attacks and are scheduled for sentencing April 30.”
• and
  • “Authorities from multiple countries dismantled SocksEscort, a residential proxy network cybercriminals used to commit large-scale fraud, claiming access to about 369,000 IP addresses since 2020, the Justice Department said Thursday.
  • “Europol, which aided the investigation alongside various law enforcement agencies, Lumen’s Black Lotus Labs and the Shadowserver Foundation, said the malicious proxy service compromised routers and IoT devices in 163 countries. Officials said the proxy network’s payment platform received about $5.8 million from its customers.
  • “The globally coordinated action, dubbed Operation Lightning, took down and seized 34 domains and 23 servers in seven countries. U.S. officials froze a combined $3.5 million in cryptocurrency allegedly linked to the botnet that was created from infected devices.
  • “Cybercrime thrives on anonymity,” Catherine De Bolle, executive director at Europol, said in a statement. “Proxy services like SocksEscort provide criminals with the digital cover they need to launch attacks, distribute illegal content and evade detection.”

From the cybersecurity breaches and vulnerabilities front,

• MedTech Dive reports,
  • “Intuitive Surgical was hit by a cybersecurity phishing incident that compromised customer and employee data.
  • “Information was obtained from an employee’s compromised access into Intutive’s internal business administrative network, the surgical robotics firm said in a statement posted to its website. An unauthorized third party accessed information including customer business and contact information, as well employee and corporate data.
  • “The statement was posted on Thursday [March 12], an Intuitive spokesperson said in an email to MedTech Dive.
  • “When the incident was discovered, the company activated its incident response protocols and secured all affected applications.”

• Bleeping Security adds,
  • “Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.
  • “As the world’s largest coffeehouse chain, Starbucks has over 380,000 employees (also known as partners) and operates nearly 41,000 locations across 88 countries.
  • “In data breach notification letters filed with Maine’s Attorney General and sent to affected employees on Tuesday, the company says that it discovered the incident on February 6.

• Cyberscoop relates,
  • “Threat hunters and a collection of unconfirmed victims are responding to a series of attacks targeting Salesforce customers, which the vendor disclosed in a security advisory Saturday [March 7]. 
  • “Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations,” the company said in the alert.
  • “The campaign marks the third widespread attack spree targeting Salesforce customers in about six months. 
  • “The number of victims ensnared by the latest attacks is unverified, but ShinyHunters, the threat group asserting responsibility for the attacks, claims about 100 companies have already been impacted.”
• and
  • “A maximum-severity vulnerability in pac4j, an open-source library integrated into hundreds of software packages and repositories, poses a significant security threat, but has thus far received scant attention.
  • “The defect in the Java security engine, which handles authentication across multiple frameworks, has not been exploited in the wild since code review firm CodeAnt AI published a proof-of-concept exploit last week. The company discovered the vulnerability and privately reported it to pac4j’s maintainer, which disclosed the defectand released patches for affected versions of the library within two days.
  • “Some researchers told CyberScoop they are concerned about the vulnerability — CVE-2026-29000 — because it affects a widely deployed Java security engine that attackers can exploit with relative ease.
  • “A threat actor only needs to access a server’s public RSA key to attempt exploitation,” researchers at Arctic Wolf Labs said in an email. 

• CISA added six known exploited vulnerabilities to its catalog this week.
  • March 9, 2026
    • CVE-2021-22054 Omnissa Workspace ONE Server-Side Request Forgery
    • CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
    • CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
      • The Hacker News discusses these KVEs here.
  • March 11, 2026
    • CVE-2025-68613 n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
      • Bleeping Computer discusses this KVE here.
  • March 13, 2026
    • CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability
    • CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability
      • Vulert discusses these KVEs here.

• Cybersecurity Dive points out,
  • “Prolific cybercrime gangs have begun using AI to help them generate malware, signaling a “fundamental shift of dynamics” in the threat environment, IBM’s X-Force threat intelligence team said in a report published on Thursday [March 12].
  • “The malware, which IBM called Slopoly, is “relatively unspectacular” but nonetheless a harbinger of a coming future in which automated code development can rapidly accelerate the hacking life cycle, according to the report.
  • “IBM linked the malware to Hive0163, a group of hackers who have used the Interlock ransomware in several recent major attacks.”

• Dark Reading notes,
  • “Exploitation of user-managed cloud software has overtaken credential abuse as the method by which most attackers gain initial access to cloud resources.
  • “In its semi-annual “Cloud Threat Horizons Report,” Google found attacks on user-managed software applications — such as the the React2Shell attack targeting a flaw in React Server Components — bested software vulnerabilities to become the most frequently exploited vector for initial access. Overall, “software-based entry,” which includes exploiting software vulnerabilities such as remote code execution (RCE) flaws, accounted for about 44% of all initial-access activity in Google Cloud, the company stated in the report.
  • “The shift is likely due to the company’s focus on secure-by-default strategies and cloud users taking measures to shrink the stolen credentials and misconfiguration attack surfaces, says Crystal Lister, a security adviser in the Office of the CISO at Google Cloud.
  • “As defenders address some of the initial, enduring cloud hygiene issues, attackers are being forced to focus on more sophisticated, automated paths,” she says. “It isn’t necessarily that companies are cutting corners, but rather that the defensive perimeter has moved. Attackers are now targeting the third-party user-managed software running on top of the cloud rather than the cloud infrastructure itself.”

From the ransomware front,

• Spiceworks explains “why encrypted backups may fail in an AI-driven ransomware era.” Check it out.

• Healthcare IT News tells us how to stop ransomware disruption with better planning.
  • “Lessons from a LockBit ransomware attack can keep healthcare organizations running when faced with a cyberattack, said Zachary Lewis, CIO and CISO at University of Health Sciences and Pharmacy, in his HIMSS26 Cyber Forum keynote.”

• Two former federal government cybersecurity officials, writing in Cyberscoop, point out,
  • “We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it.
  • “Hackers have cut their attack timelines from weeks to hours while the government spreads resources too thin. We need to stop pretending we can protect everything and start focusing on what would hurt us most.”

From the cybersecurity business and defenses front,

• Cybersecurity Dive reports,
  • “Google on Wednesday said it completed a $32 billion agreement to buy Wiz, a leading cloud and AI security platform, marking one of the largest-ever acquisitions in the cybersecurity market. 
  • “The deal will allow Google to provide a comprehensive security offering to both government and enterprise customers operating across multicloud environments. 
  • “Wiz works across the leading cloud providers, including Amazon Web Services, Microsoft Azure and Oracle Cloud. 
  • “The platform will continue to operate under its own brand name, while providing a broad range of services through its integration with Google Cloud.”

• Security Week relates,
  • “OpenAI announced this week that it’s in the process of acquiring AI security company Promptfoo.
  • “Financial terms of the acquisition have not been disclosed, but Promptfoo has raised more than $23 million and was reportedly valued at $86 million (based on PitchBook data) following an $18.4 million Series A funding round in July 2025.
  • “Promptfoo has developed a security and evaluation platform designed to systematically test LLMs and AI agents. * * *
  • “Once it completes the acquisition, OpenAI plans to integrate Promptfoo’s capabilities into its Frontier platform, which enterprises use to build and operate AI coworkers.  
  • “Promptfoo brings deep engineering expertise in evaluating, securing, and testing AI systems at enterprise scale. Their work helps businesses deploy secure and reliable AI applications, and we’re excited to bring these capabilities directly into Frontier,” said Srinivas Narayanan, CTO of B2B Applications at OpenAI.”

• Cyberscoop tells us,
  • “Artificial intelligence may be enhancing cyber threats, but the defensive approach to those AI-amplified attacks remains the same, a top FBI official said Tuesday.
  • “We have seen actors both criminal and nation-state, they’re absolutely using AI to their advantage,” said Jason Bilnoski, deputy assistant director at the FBI’s cyber division. “But the way attacks unfold have not changed. Cyberattacks still follow basic steps. It just becomes an incredible speed now.”
  • “The best way to deal with those attacks is to implement all the traditional defenses, like those the FBI has been emphasizing as part of its Operation Winter SHIELD media campaign, he said.
  • “Don’t worry about the speed and capability” of AI attacks, Biloski said at a Billington Cybersecurity conference. “If you’re focused on the basics, it’ll help prevent the actual intrusion from occurring.
  • “It’s a message that the acting director of the Cybersecurity and Infrastructure Security Agency, Nick Andersen, also shared at the conference. Sophisticated attackers are out there, he said, but the agency’s recent binding operational directive for federal agencies to get rid of unsupported edge devices was a way of shoring up basic vulnerabilities.”
    
• Dark Reading informs us,
  • “In the latest installment of our monthly “Reporters’ Notebook” video series, Dark Reading’s Tara Seals, TechTarget Search Security’s Sharon Shea, and Cybersecurity Dive’s Dave Jones discuss cybersecurity concerns around the just-concluded Winter Olympics in Milan-Cortina (and the upcoming 2026 FIFA World Cup), with an eye to what these global sports events can teach everyday businesses about incident-response preparation.” 

• Tech Target points out how to choose the best mobile hotspot for remote work.
  • “Organizations that support remote work should understand how personal hotspots and dedicated hotspot devices differ. Compare these mobile hotspot options.”

• Here’s a link to Dark Reading’s CISO Corner.

From the Iran War front,

• Security Week reports,
  • “The Iranian APT MuddyWater has hacked into the networks of several organizations in the US, including an aerospace and defense contractor, Broadcom’s Symantec and Carbon Black threat hunting team reports.
  • “The threat actor has been present in the environments of an airport, a bank, a non-governmental organization operating in the US and Canada, and a software company with a presence in Israel.
  • “According to the Broadcom experts, the APT’s activity has continued “in recent days following US and Israeli military strikes on Iran that have sparked conflict in the region”.

• Cybersecurity Dive adds,
  • “Pro-Russia threat actors have formed a loose coalition with Iran-nexus hacking groups in response to the bombing campaign launched by the U.S. and Israel on Iran. 
  • “The groups began working together Monday under the #OpIsrael campaign, with a focus on targeting critical infrastructure and exfiltration of data, according to researchers at Flashpoint.” * * *
  • “Researchers at Palo Alto Networks Unit 42 estimate that about 60 threat actors, including Iran-nexus and Russia-aligned groups, might be involved in various levels of hacking activity since the bombing campaign began.”  

• The American Hospital Association News tells us,
  • “The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated cyber actors who may target U.S. devices and networks due to geopolitical tensions. The fact sheet explains how cyber actors often exploit targets with unpatched or outdated software with known common vulnerabilities or passwords.  
  • “In the context of the ongoing conflict with Iran, it is particularly important to ensure that we are implementing cybersecurity measures to defend against the known tactics used by Iranian state-sponsored hackers or pro-Iranian hackers acting independently,” said John Riggi, AHA national advisor for cybersecurity and risk. “Besides seeking to exploit common vulnerabilities and default passwords, they also target internet-connected operational technology and industrial control systems. These systems may be present in hospitals in the form of HVAC, water, life-safety and building automation systems. It is recommended that cyber teams closely coordinate with facilities and building engineers to identify internet-facing OT and ICS systems, assess the need for internet connectivity and ensure they are patched and secure.”

From the cybersecurity policy and law enforcement front,

• The Wall Street Journal reports,
  • “The Trump administration published its new cyber strategy Friday [March 6], framing digital security in the context of broader geopolitical issues and promising to incentivize the private sector to identify and disrupt cyber adversaries.
  • “Compared with the Biden administration’s 2023 National Cybersecurity Strategy, which ran more than 35 pages and detailed dozens of policy initiatives, the new document is far shorter at five pages and sets out broad principles for future policy decisions and priorities.”

• Cyberscoop adds,
  • “The strategy “calls for unprecedented coordination across government and the private sector to invest in the best technologies and continue world-class innovation, and to make the most of America’s cyber capabilities for both offensive and defensive missions,” the White House said in a statement accompanying its release.”
  • “Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud.”
    
• The Congress did not resolve the Department of Homeland Security shutdown this week.

• Fedscoop reports,
  • “The Department of Homeland Security is undergoing an overhaul of its IT and information security leadership, with multiple sources telling FedScoop there is a broad realignment underway at the department to replace key technology leaders.
  • “FedScoop has learned that at least two DHS officials are being replaced: Chief Information Security Officer Hemant Baidwan and Deputy CISO Amanda Day. 
  • “The reorg among IT officials comes as other leadership is changing at the department. President Donald Trump announced Thursday that Secretary of Homeland Security Kristi Noem will be leaving the position at the end of March. Trump has nominated Sen. Markwayne Mullin, R-Okla, as her replacement.

• Cybersecurity Dive adds,
  • “The confirmation prospects for Sean Plankey, President Donald Trump’s nominee to lead the Cybersecurity and Infrastructure Security Agency, have dimmed further following Plankey’s unceremonious departure from a job at the Department of Homeland Security.
  • “Security personnel escorted Plankey out of a DHS facility on Monday, a person familiar with the matter told Cybersecurity Dive, confirming an incident first reported by CBS News. Plankey announced on Wednesday that he had left his job as a senior Coast Guard adviser to DHS Secretary Kristi Noem, but he framed his departure as a voluntary one intended to help him focus on his nomination to serve as CISA director.”

•  Per an HHS news release,
  • “Today [March 5], the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced a settlement with MMG Fusion, LLC (MMG), a Maryland software company, concerning potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. MMG is a business associate as it receives protected health information (PHI) from HIPAA covered entities and its software is used to communicate directly with patients of covered entities.” * * *
  • “The settlement resolves an investigation that OCR initiated in March 2023 after receiving a complaint concerning an unreported security incident at MMG, and the posting of PHI on the dark web. OCR’s investigation determined that in December 2020, an unauthorized actor infiltrated MMG’s information system and accessed PHI [of 15 million people], including names, phone numbers, mailing addresses, email addresses, dates of birth, and dates and times of medical appointments.” * * *
  • “The resolution agreement and corrective action plan may be found at https://www.hhs.gov/sites/default/files/ocr-mmg-fusion-hipaa-agreement.pdf [PDF, 264 KB].”

• Cybersecurity Dive informs us,
  • “An international coalition led by Microsoft and Europol has taken down the operations of Tycoon 2FA, a notorious phishing-as-a-service platform that helped cyber criminals gain access to millions of email accounts across the globe. 
  • “Microsoft obtained a court order from the U.S. District Court from the Southern District of New York to seize 330 active domains used to back the core infrastructure of Tycoon 2FA.
  • “Taking this infrastructure offline cuts off a major pipeline for account takeovers and helps protect people and organizations from follow-on attacks such a data theft, ransomware, business email compromise and financial fraud,” Steve Masada, assistant general counsel at Microsoft’s Digital Crimes Unit, said in a blog post published Wednesday.” 

• Bleeping Computer lets us know,
  • “The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.
  • This seizure action is part of an international joint operation coordinated by Europol, known as “Operation Leak,” that involved law enforcement agencies in 14 countries.
  • On March 3 and 4, the FBI and law enforcement agents shut down LeakBase by seizing two of its domains, posting seizure banners, and warning LeakBase members of the seizure after collecting further evidence.” * * *
  • Today’s [March 4] announcement follows the disruption of RaidForums in 2022 and BreachForums in 2023, two cybercrime marketplaces that preceded it, as well as the BreachForums founder’s conviction and sentencing in 2025.
• and
  • “A U.S. government contractor’s son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin.
  • “The arrest was the result of a joint operation between the FBI and France’s elite Groupe d’Intervention de la Gendarmerie Nationale, FBI Director Kash Patel announced on Thursday.
  • “Last night, John Daghita – a U.S. government contractor who allegedly stole more than $46 million in cryptocurrency from the U.S Marshals Service – was arrested on the island of Saint Martin by the French Gendarmerie’s premier elite tactical unit in a joint operation with the @FBI,” Patel said.”

• Cyberscoop points out,
  • “Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday.
  • “Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He continued leading the cybercrime syndicate until May 2024 when he was arrested in South Korea. Ptitsyn was extradited to the United States in November 2025.
  • “Federal prosecutors dropped multiple charges against Ptitsyn as part of a plea agreement he signed last month. He faces up to 20 years in prison for wire fraud conspiracy.
  • “Ptitsyn agreed to forfeit $1.77 million in assets and is required to pay at least $39.3 million in restitution, representing the full amount of his victims’ losses.

From the cybersecurity breaches and vulnerabilities front,

• The Wall Street Journal reports on March 6,
  • “U.S. investigators believe hackers affiliated with the Chinese government are responsible for a cyber intrusion on an internal Federal Bureau of Investigation computer network that holds information related to some domestic surveillance orders, according to people familiar with the matter.
  • “The scope and severity of the intrusion aren’t known, and the investigation is in its early stages, the people said. Any preliminary conclusions could change as investigators gather more information. 
  • “If China is confirmed to be responsible for the breach, it would signal the latest intrusion by Beijing’s hackers of computer systems related to law-enforcement surveillance orders, which contain highly sensitive material.
  • “A notification sent in recent days to some lawmakers in Congress said the FBI began investigating the matter last month, the people said. The intrusion involved hackers accessing an unclassified system that contains information about the calls and internet activity of criminal suspects and others under government surveillance. Information in the system includes incoming and outgoing calls, IP and website addresses and some routing information, but doesn’t include the contents of calls or digital communication.” 

• Cybersecurity Dive adds,
  • “A total of 90 zero-day vulnerabilities were exploited in the wild in 2025, according to a report released Thursday by Google Threat Intelligence Group.
  • “Of that total, almost half of the exploited vulnerabilities were used against enterprise-grade technology, marking an all-time high. 
  • “Exploitation from state-sponsored groups targeted networking and security tools with a strong emphasis on edge devices, which often lack endpoint detection and response capabilities, according to GTIG researchers. 
  • “China-nexus groups remain the most prolific state-sponsored groups, with a long history of detailed knowledge of vulnerable devices. 
  • “They have a significant zero-day development ecosystem that includes industry, academia, and government,” John Hultquist, chief analyst at GTIG, told Cybersecurity Dive.”

• Bleeping Computer relates,
  • “TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people.
  • “The firm, which has been operating under the Cognizant umbrella since 2014, disclosed that it detected suspicious activity on a web portal on October 2, 2025, and launched an investigation with the help of external cybersecurity experts.
  • “The investigation revealed that unauthorized access began nearly a year before, on November 19, 2024.’ * * *
  • “Affected providers were alerted on December 9, 2025, but customer notification started in early February 2026. According to a filing Maine’s Attorney General submitted today [March 6], the number of exposed individuals is 3,433,965.
  • “TriZetto says that payment card, bank account, or other financial information was not exposed in this incident. Also, the company is not aware of any cases where cybercriminals have attempted to misuse this information.”

• CISA added seven known exploited vulnerabilities to its catalog this week.
  • March 3, 2026
    • CVE-2026-21385 Qualcomm Multiple Chipsets Memory Corruption Vulnerability
    • CVE-2026-22719 Broadcom VMware Aria Operations Command Injection Vulnerability
      • Cybersecurity News discusses the Qualcomm KVE here.
      • Bleeping Computer discusses the VM Aria KVE here.
  • March 5, 2026
    • CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
    • CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
    • CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
    • CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
    • CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
      • The Hacker News discusses the Hikvision and Rockwell KVEs here.
      • Bleeping Computer discusses the Apple KVEs here.

• Cyberscoop adds,
  • “Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices.
  • “The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC) Software, regardless of device configuration, the vendor said.
  • “Cisco disclosed the critical vulnerabilities one week after it warned that attackers have been exploiting a pair of zero-days in Cisco’s network edge software for at least three years. That campaign, which is ongoing, marked the second series of multiple actively exploited zero-days in Cisco edge technology since last spring. 
  • “Both campaigns prompted the Cybersecurity and Infrastructure Security Agency to issue emergency directives months after the attacks were first detected, and both attack sprees were underway for at least a year before they were discovered.” 
• and
  • “Google disclosed one actively exploited zero-day vulnerability Monday, warning that the high-severity defect affecting an open-source Qualcomm display component for Android devices “may be under limited, targeted exploitation.”
  • “The memory-corruption vulnerability — CVE-2026-21385 — which Google’s Androidsecurity team reported to Qualcomm Dec. 18, affects 234 chipsets, Qualcomm said in a security bulletin. Qualcomm said it notified customers of the vulnerability Feb. 2.
  • “Qualcomm declined to say when the earliest known instance of exploitation occurred, how many victims have been directly impacted, and what occurred during the 10-week period between the reporting and public disclosure of the vulnerability. 
  • “We commend the researchers from Google’s Threat Analysis Group for using coordinated disclosure practices,” a Qualcomm spokesperson told CyberScoop. “Fixes were made available to our customers in January 2026. We encourage end users to apply security updates as they become available from device makers.”
• and
  • “North Korean threat groups are using artificial intelligence tools to accelerate and expand the country’s long-running scheme to get remote technical workers hired at global companies for longer durations, Microsoft Threat Intelligence said in a report Friday. 
  • “AI services are empowering North Korean operatives across the attack lifecycle. Attackers have turned AI into a “force multiplier” that bolsters and automates their efforts to conduct research on targets, develop malicious resources, achieve and maintain access, evade detection, and weaponize tools for attacks and post-compromise activities, researchers said.
  • “Microsoft said a trio of groups it tracks as Coral Sleet, Sapphire Sleet and Jasper Sleet are using AI to shorten the time it takes to create digital personas for specific job markets and roles. These groups frequently leverage financial opportunities or interview-themed lures to gain initial access.”

• The Hacker News notes,
  • “Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections.
  • “It’s advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand’s real URL. It also lets users choose custom keywords like “login,” “verify,” “security,” or “account,” and integrates URL shorteners such as TinyURL to obscure the destination URL.
  • “It launches a headless Chrome instance – a browser that operates without a visible window – inside a Docker container, loads the brand’s real website, and acts as a reverse proxy between the target and the legitimate site,” Abnormal researchers Callie Baron and Piotr Wojtyla said.”

From the ransomware front,

• The Record reports,
  • “The University of Hawaiʻi Cancer Center said up to 1.2 million people had information leaked as a result of a ransomware attack on its epidemiology division last year. 
  • “Hackers accessed records containing Social Security numbers (SSNs) and driver’s license numbers collected from the Hawaiʻi State Department of Transportation as well as City and County of Honolulu voter registration records from 1998, according to a statement released by the organization last week.” * * *
  • “In January, the university sent a report to the state legislature that said the cyber incident was first discovered on August 31, 2025.” * * *
  • “Naoto Ueno, director of the University of Hawaiʻi Cancer Center, apologized for the incident last week and said the organization was “committed to transparency.” 
  • “The university said the attackers encrypted and likely exfiltrated data, prompting them to notify law enforcement and hire cybersecurity experts to resolve the situation. The cybersecurity firm obtained a decryption tool and secured “an affirmation that any information obtained was destroyed.”  
  • “University officials claimed there is “no evidence that any of the information has been published, shared or misused.” The group responsible for the attack was not identified.”   

• Cybersecurity Dive relates,
  • “Identity has replaced malware as the biggest threat vector opening the door for ransomware attacks, Cloudflare said in an annual threat report published on Tuesday.
  • “Hackers’ increasing use of legitimate credentials, rather than malicious code, is making it harder for defenders to detect and contain their attacks.
  • “Cloudflare’s new report also discussed nation-state threat actors’ behavior and how artificial intelligence is changing attacks.”

• Mobihealth News interviews Scott Doerr, virtual CISO, or vCISO, at Fortified Health Security, [who] previews his upcoming talk at the 2026 HIMSS Global Health Conference & Exposition, where he will discuss how healthcare companies can strengthen their preparedness for ransomware attacks. 

From the cybersecurity business and defenses front,

• Cyberscoop reports,
  • “CrowdStrike Holdings reported record earnings in the fiscal fourth-quarter, defying investor concerns about the rising use of agentic AI potentially curbing demand for cybersecurity software and services. 
  • “The Texas-based cybersecurity company said total revenue grew 23% on a year-over-year basis, to $1.31 billion in the quarter ended Jan. 31. 
  • “Annual recurring revenue, a closely watched metric among cybersecurity companies, grew 24%, to $5.25 billion. 
  • “The results come at a time of growing market anxiety about how AI adoption could render traditional software — including cybersecurity tools — obsolete. CrowdStrike executives acknowledged those larger industry concerns and noted the Q4 performance was a demonstration that certain companies were well-positioned to compete in the new marketplace.” 

• ZDNet adds,
  • “Anthropic, OpenAI, and Google tools can automate code debugging. 
  • “But cybersecurity is too complex a problem for these tools to solve. 
  • “AI’s biggest contribution may be to reduce avoidable software flaws. 

• Healthexec relates,
  • “In January, National Security Agency (NSA), released protocols for the U.S. Department of War to achieve “zero trust” security across the agency, meaning any access to the network must come from something continually inside it. While such a setup would be technically demanding for healthcare, the American Hospital Association (AHA) said it may be time for facilities to start moving in that direction.
  • “Zero trust security would mean radical changes for hospitals, where a countless number of devices have access to networks, including everything from EHRs to medical devices, to tablets and smartphones used for communication.
  • “What the NSA wants the Department of War to adopt is a system where no one gains access to a network from the outside, meaning no logins or passwords. In fact, even systems connected to the network from the inside are not automatically trusted.
  • “In other words, every user, device, and system must continually prove they are allowed access—and access is limited strictly to what’s necessary.
  • “The ethos of zero trust means that it’s assumed even the network itself isn’t safe, hence the continuous verification. Something like a two-factor authentication app displaying a constant active code would be required to log on.”

• The AHA News adds,
  • “The Administration for Strategic Preparedness and Response has released a new cybersecurity module for organizations to conduct risk assessments. The free module, part of ASPR’s web-based Risk Identification and Site Criticality 2.0 Toolkit, allows organizations to identify threats, assess vulnerabilities, determine consequences and criticality, and share findings with stakeholders. Users are guided through a series of questions about their policies and practices, which are scored against the National Institute of Standards and Technology’s Cybersecurity Framework 2.0 and the Department of Health and Human Services’ Cybersecurity Performance Goals. The questions are designed to help organizations identify critical gaps, prioritize investments and inform their decisions on risk mitigation.” 
    
• SC World tells us,
  • “The 2026 Zero Trust World conference kicked off here Wednesday (March 4) with a particularly optimistic keynote by futurist and TV host Jason Silva and also featured a last-minute addition in the form of a talk by former White House CIO Theresa Payton.
  • “But it was the smaller sessions, including a dark-web primer and a live Security Now! podcast broadcast featuring cybersecurity veterans Steve Gibson and Leo LaPorte, that stole the show during the first day of ThreatLocker’s annual user conference.”

• Tech Target explains “how to perform a data risk assessment, step by step.”

• Here’s a link to Dark Reading’s CISO Corner.