Forbidden Hyena is now using AI-generated code to deploy the BlackReaperRAT against Russian energy & retail sectors. By leveraging AI-generated PowerShell scripts and a new custom Trojan—BlackReaperRAT—this group has transitioned from ideological protests to sophisticated corporate extortion.
Read More: https://www.security.land/ai-crafted-chaos-the-rise-of-forbidden-hyena-and-the-blackreaperrat/
#SecurityLand #CyberSecurity #Russia #ForbiddenHyena #AI #Ransomware #CriticalInfrastructure
New York introduces cybersecurity regulations for water treatment facilities.
• Incident reporting required
• OT must be separated from IT networks
• MFA and strong credential policies mandated
• Monitoring required for large plants
Source: https://statescoop.com/water-wastewater-new-york-cybersecurity-regulations/
Follow TechNadu for cybersecurity updates.
Poland investigates Iran links behind cyberattack on nuclear facility – POLITICO
The nuclear center said in a statement that “all safety systems operated according to procedures.” A reactor is…
#NewsBeep #News #BreakingNews #breakingnews #Conflict #Criticalinfrastructure #cybersecurity #Energy #Energyinfrastructure #Energysecurity #hackers #Iran #NetworkSecurity #nuclearpower #Poland #Research #safety #WarinIran
https://www.newsbeep.com/430872/
Thursday, March 12, 2026
Russia's Sochi under unprecedented 24-hour mass Ukrainian drone attack -- Russia strikes Zaporizhzhia with guided bombs, injuring 13, including children -- Russia blames UK for Storm Shadow strike on military plant, threatens 'new level' escalation, destruction -- Russian drone hits civilian bus in Kherson, injuring 10 ... and morehttps://activitypub.writeworks.uk/2026/03/thursday-march-12-2026/
Iran just named Google, Amazon, and Microsoft as "legitimate targets" for a 2026 "infrastructure war." Get ready: commercial tech is the new battlefield.
https://thepixelspulse.com/posts/the-evolving-geopolitical-tech-threats-2026/
#israel #lebanon #iran : #war / #middlewast / #civilianpopulation / #uno
„The conflict in the #MiddleEast continues, with strikes and counter-strikes across the region & the #humanitariantoll mounting. UN agencies warn that rising #civiliancasualties, #massdisplacement – particularly in Lebanon – & #damage to #criticalinfrastructure are deepening the crisis, while #disruptions to shipping & #energy routes risk driving up global prices & worsening food#insecurity.“
🚰 Water and wastewater utilities depend on complex cyber-physical systems to deliver essential services, but traditional IT-centric security approaches don’t address the unique risks in these environments.
Discover how CPS Exposure Management helps utilities gain visibility into assets, prioritize risk based on operational impact, and strengthen resilience across #water and #wastewater systems.
📄 Read here: https://claroty.com/resources/white-papers/cps-exposure-management-for-water-wastewater-systems
#ExposureManagement #WaterSecurity #CriticalInfrastructure #OTSecurity #CyberPhysicalSystems
Alright team, it's been a pretty packed week in cyber, with some notable breaches, a deep dive into nation-state TTPs, critical vulnerabilities under active exploitation, and some interesting discussions around AI's role in both attack and defence. Let's get into it:
Recent Cyber Attacks or Breaches 🚨
- The FBI is probing a breach of its unclassified systems, which reportedly contained "law enforcement sensitive information" related to wiretapping and foreign intelligence surveillance warrants, including PII of investigation subjects. This follows previous compromises of US law enforcement wiretapping systems by Chinese state-backed actors.
- Chinese EV charger manufacturer ELECQ suffered a ransomware attack on its AWS cloud platform, leading to the encryption and copying of customer databases containing names, email addresses, phone numbers, and home addresses. No financial data was compromised, and charging devices were unaffected.
- Ericsson Inc. disclosed a data breach affecting employees and customers, including SSNs and financial info for thousands, due to a hack on one of its service providers. This highlights persistent supply chain risks, even if no data misuse has been confirmed yet.
- The ShinyHunters threat actor claims to be actively exploiting misconfigured Salesforce Experience Cloud platforms, targeting the `/s/sfsites/aura` API endpoint to steal data. Salesforce attributes this to customer misconfigurations, not a platform vulnerability, and has issued guidance to restrict guest user permissions.
- Two popular Chrome extensions, "QuickLens" and "ShotBird," turned malicious after ownership transfer, enabling code injection and data theft by stripping security headers, injecting JavaScript from C2, and delivering fake browser updates leading to credential harvesting. This highlights a critical extension supply chain risk.
- The FBI is warning of phishing attacks impersonating US city and county planning/zoning officials, targeting businesses and individuals applying for land-use permits. Attackers use publicly available info to craft convincing emails, demanding fraudulent fees via wire transfer, P2P, or cryptocurrency.
- Dutch intelligence agencies have warned of a "large-scale" Russian cyber campaign targeting Signal and WhatsApp accounts of government officials, journalists, and military personnel globally. Attackers use social engineering to trick victims into sharing security codes or abuse the "linked devices" feature, bypassing end-to-end encryption.
- LastPass has alerted users to a new phishing campaign using display name spoofing and fake internal email threads to impersonate LastPass and direct victims to imitation SSO pages to harvest credentials. Users are reminded LastPass will never ask for their master password.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/09/ransomware_crooks_hit_ev_charger/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ericsson-us-discloses-data-breach-after-service-provider-hack/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/
📰 The Hacker News | https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-attacks-impersonating-us-city-county-officials/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/09/dutch_spies_say_russian_cybercrims/
New Threat Research on Threat Actors/Groups, Ransomware, Malware, or Techniques and Tradecraft 🛡️
- CL-UNK-1068, a Chinese-speaking threat actor, has been conducting cyber-espionage against critical infrastructure sectors across South, Southeast, and East Asia since 2020. They use custom malware, open-source tools, and living-off-the-land binaries, gaining initial access via web server exploitation and web shells, then moving laterally for credential theft and data exfiltration.
- The Pakistan-aligned threat actor Transparent Tribe is leveraging AI-powered coding tools to generate "vibe-coded" malware in niche programming languages (Nim, Zig, Crystal) to target Indian government entities and embassies. This approach allows them to flood target environments with disposable, polyglot binaries, enhancing evasion.
- The Iranian hacking group MuddyWater (aka Seedworm) has targeted US companies, including banks, airports, and non-profits, as well as an Israeli software firm, in a campaign that intensified after US-Israel military strikes on Iran. This activity aligns with a broader trend of hacktivist-fueled cyberattacks and wiper campaigns.
- A Russian national, Evgenii Ptitsyn, has pleaded guilty in a US federal court for his role in the Phobos ransomware operation, which extorted over $39 million from more than 1,000 public and private entities globally. This conviction highlights ongoing international law enforcement efforts to disrupt ransomware ecosystems.
💡 Dark Reading | https://www.darkreading.com/threat-intelligence/chinese-cyber-threat-critical-asian-sectors
📰 The Hacker News | https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html
📰 The Hacker News | https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/
Vulnerabilities, Exploits, and Zero-Days ⚠️
- A high-severity buffer over-read vulnerability (CVE-2026-21385, CVSS 7.8) in Qualcomm's Graphics component, affecting Android devices, is under "limited, targeted exploitation" in the wild. This flaw can lead to memory corruption and arbitrary code execution.
- Google has detailed "Coruna" (aka CryptoWaters), a powerful exploit kit featuring five full iOS exploit chains and 23 exploits, targeting Apple iPhones running iOS versions 13.0 to 17.2.1. The kit's evolution is noteworthy, starting as a commercial surveillance tool and later repurposed by Russian espionage and Chinese financial actors.
- Microsoft Azure CTO Mark Russinovich demonstrated how Anthropic's Claude Opus 4.6 AI successfully decompiled 40-year-old Apple II machine code and identified security vulnerabilities, including "silent incorrect behavior." Anthropic's Red Team previously warned that Claude Opus 4.6 found high-severity vulnerabilities, some decades-old, in well-tested codebases like Firefox (22 new bugs, 14 high-severity).
📰 The Hacker News | https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html
📰 The Hacker News | https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/09/claude_legacy_code_vulns/
📰 The Hacker News | https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html
Threat Landscape Commentary 🌍
- Ransomware attacks are increasingly frequent and impactful, with over 5,600 publicly disclosed incidents worldwide in 2024, costing an average of $2.73 million per incident and sometimes human lives. Former FBI and CISA leaders advocate for the administration's National Cyber Strategy, stressing the need for sustained, focused government-industry collaboration, prioritising critical sectors for resilience, and holding cryptocurrency exchanges accountable.
- Agentic AI is poised to deliver exponential productivity gains but simultaneously expands attack surfaces and scales attacker capabilities, creating an "AI arms race" in cybersecurity. While 88% of organisations are already using AI-driven remediation, concerns remain about trust in AI decisions and AI's own security risks.
- The ongoing US-Iran conflict marks a significant shift, with the cyber domain playing a central and openly acknowledged role, unlike previous military engagements. This highlights the increasing integration of cyber capabilities into modern warfare and its direct impact on geopolitical conflicts.
🤫 CyberScoop | https://cyberscoop.com/national-cyber-strategy-ransomware-prioritization-op-ed/
💡 Dark Reading | https://www.darkreading.com/application-security/auto-remediation-agentic-ai
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/09/kettle_2026_episode_01_iran_war/
Regulatory Issues or Changes ⚖️
- Europol, in coordinated operations, has successfully dismantled Tycoon2FA, a dominant phishing-as-a-service (PhaaS) platform responsible for 62% of Microsoft-blocked phishing attempts, and LeakBase, a vast stolen data marketplace with over 142,000 registered users. These takedowns represent significant wins against the cybercrime ecosystem.
- Dutch national police have launched a novel "Game Over?!" campaign, giving 100 alleged scammers less than two weeks to surrender or face public shaming through unblurred photos on roadside ads and TV. This aggressive tactic aims to identify suspects, deter new recruits, and combat a surge in fake police/bank employee scams.
- Microsoft Teams is rolling out a new feature in May 2026 that will automatically tag third-party bots in meeting lobbies, requiring explicit admission by organisers. This enhancement aims to prevent malicious or unrecognised non-human participants from accidentally joining meetings, giving organisers full control and improving security.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/
📰 The Hacker News | https://thehackernews.com/2026/03/europol-led-operation-takes-down-tycoon.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/09/dutch_police_fraud_shaming/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-tag-third-party-bots-in-meeting-lobbies/
Government Staffing or Program Changes 🏛️
- National Cyber Director Sean Cairncross detailed upcoming initiatives for the Trump administration's cyber strategy, including an "interagency cell" to confront malign hackers through diplomatic efforts, arrests, and cyber offense. The strategy also involves pilot programs for critical infrastructure security tailored to specific industries and states, and a review of regulations like the SEC's incident disclosure rule.
- Cairncross emphasised better information sharing with industry, a call for private sector resource dedication, and plans for a cybersecurity academy, foundry, and accelerator to address workforce gaps and innovation.
🤫 CyberScoop | https://cyberscoop.com/national-cyber-director-trump-cyber-strategy-interagency-cell-critical-infrastructure-pilots/
Crypto Flows to Sanctioned Entities 💰
- Chainalysis research reveals that sanctioned entities conducted $154 billion worth of cryptocurrency transactions in 2025, a 694% year-over-year increase, with $104 billion going to sanctioned entities and the rest to illicit addresses. The ruble-backed A7A5 stablecoin alone processed $93.3 billion, serving as a crucial bridge for Russian businesses to access global markets despite sanctions.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/
#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #Phishing #AI #DataBreach #IncidentResponse #LawEnforcement #CriticalInfrastructure #SupplyChainSecurity
Britain's £180 million gamble on atomic clocks
#CriticalInfrastructure #Timing #UKTech #Resilience #AusNews
DATE: March 6, 2026 at 03:44PM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
@ISMG_News Editors: Cyber Spillover Looms in #Iran-US Conflict for #Healthcare and other #CriticalInfrastructure Sectors https://t.co/My9ec7QaNw
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Cisco's SD-WAN Crisis Deepens as More Flaws Fall Under Active Attack
Iran-Linked Hackers Already Embedded in US Critical Infrastructure
#Cybersecurity #Iran #CriticalInfrastructure #AusNews #Malware #InfoSec
Securing the backbone of industry requires more than just standard IT knowledge—it demands specialized OT/ICS Cybersecurity expertise. 🛡️⚙️
📞 Contact Us to Enroll:
🌐 Website: www.theevolvedge.com
📧 Email: info@theevolvedge.com
📱 Call: +91 9311805027 | +91 9871191929
#OTCybersecurity #ICSSecurity #IndustrialCybersecurity #CriticalInfrastructure #TheEvolveEdge #CyberSecurityTraining #SCADA #InfoSec #TechTraining #InfrastructureProtection #CyberAware
Operational resilience stress test: physical strikes on AWS facilities.
Two UAE data centers directly struck, one Bahrain facility damaged. Structural and power impacts confirmed, fire suppression triggered secondary water damage.
Architectural implications:
• Regional redundancy can absorb single-facility failure
• Multi-zone impact increases capacity strain
• Physical concentration risk remains under-modeled
• Geopolitical targeting of critical infrastructure is evolving
AWS regions are segmented into availability zones, physically separated yet within limited geographic proximity.
Risk reality:
Cloud is distributed — not dematerialized.
Security and resilience teams should evaluate:
- Cross-region active-active configurations
- Conflict-zone dependency exposure
- Infrastructure concentration mapping
- Real-time migration readiness
Is physical conflict integrated into your threat model?
Engage below.
Follow TechNadu for infosec, infrastructure resilience, and geopolitical tech risk intelligence.
Repost to inform your network.
#Infosec #CloudSecurity #AWS #CriticalInfrastructure #GeopoliticalRisk #DisasterRecovery #BusinessContinuity #CyberResilience #CloudRisk #DigitalInfrastructure #ThreatModeling
