Mar 06, 2026

Subject: Srsly Risky Biz: The Four Hour Cyber War on Iran

Sender: risky-biz@ghost.ioD

Summary:

– The US-Israeli coordinated cyber and space operations disrupted Iranian communications and sensor networks in the opening hours of war, blinding Iran’s ability to respond effectively.

– Real-time intelligence from compromised traffic cameras and “deeply penetrated” mobile networks enabled precise targeting during the assassination of Iran’s supreme leader Ali Khamenei.

– The Iranian regime responded with a country-wide internet blackout about four hours into the strikes, limiting the effectiveness of further cyber operations.

– Cyber operations also included psychological warfare by sending push notifications via a popular prayer app urging Iranian citizens and army personnel to resist the regime.

– AI-powered cybercrime is accelerating threat actor workflows, making phishing more effective and targeted, with faster lateral movement and data exfiltration inside victim networks.

– Defenders should focus on basic cybersecurity hygiene, especially phishing-resistant MFA, to counter these evolving AI-enhanced threats.

– Additional news includes declining ransomware payments despite more attacks, and legal action against spyware executives and extremist hacking groups.

Subject: Conflicting accounts emerge over Plankey’s departure from DHS, future as CISA head

Sender: info@metacurity.comD

Summary:

– Conflicting reports about Sean Plankey’s departure from DHS and status as CISA nominee: social media reports say he was fired and escorted out; Plankey claims voluntary departure to clear conflicts of interest.

– DHS did not comment on personnel matters; acting leadership instability at CISA continues amid political and confirmation challenges.

– Law enforcement disrupted Tycoon2FA phishing platform, seizing 330 domains used to bypass MFA, involved in attacks on ~100,000 organizations worldwide.

– FBI and Europol shut down Leakbase cybercriminal forum, with 13 arrests in multiple countries, targeting stolen credentials and exploits linked to attacks on government and US infrastructure.

– A criminal network trafficking war-displaced Ukrainian women was dismantled involving money laundering via online gambling.

– Russian national pleaded guilty for administering Phobos ransomware-as-a-service, extorting over $39 million.

– US lawmakers urge government to assess threat from decades-old TEMPEST side-channel attacks exploiting physical signals from devices to steal sensitive data.

– Israel Defense Forces struck Iranian cyberwarfare HQ in Tehran amid ongoing internet blackout in Iran.

– Cisco warns of actively exploited vulnerabilities in Catalyst SD-WAN Manager and Secure Firewall software, urging immediate patching.

– Restaurant tech provider HungerRush confirmed a breach with extortion emails sent from legitimate addresses, but disputes claims of broad data theft.

– LastPass alerts users about active phishing campaign impersonating support, aiming to steal master passwords.

Subject: State of Agentic AI Adoption: Is your governance keeping up?

Sender: news@securityweek.comD

Summary:

– Snyk’s 2026 State of Agentic AI Adoption report analyzes AI integration in enterprise software codebases across 500+ early adopters.

– Key findings include:

* 1 in 5 organizations deploy autonomous AI agent frameworks in production.

* System-level AI footprint is three times larger than model-only counts, revealing an AI visibility gap.

* AI adoption, complexity, and risk benchmarks vary notably by industry, with in-depth insights for healthcare, financial services, and technology sectors.

– The report emphasizes the importance of comprehensive governance to manage the risks posed by widespread agentic AI deployment.

Subject: Law enforcement disrupts Tycoon 2FA phishing-as-a-service platform | The CyberWire 3.5.26s

Sender: editor@newsletter.n2k.comD

Summary:

– Europol-led operation dismantled the Tycoon2FA phishing-as-a-service platform by seizing 330 domains, historically responsible for 62% of Microsoft-observed phishing attacks by mid-2025.

– Microsoft and multiple cybersecurity partners supported the takedown with infrastructure seizure across various European countries.

– A separate multinational law enforcement action shut down the Leakbase cybercrime forum with 13 arrests across 14 countries; leaked stolen credentials and exploits had enabled widespread unauthorized access.

– Cisco issued warnings about active exploitation of two recently patched Catalyst SD-WAN vulnerabilities that allow privilege escalation and arbitrary file overwrite, recommending urgent software updates.

– Sponsored messages highlight upcoming RSAC 2026 Conference, Booz Allen’s autonomous threat detection solution, and Glean’s AI security framework.

Subject: Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

Sender: news@securityweek.comD

Summary:

– SecurityWeek reports discovery of the nation-state iOS exploit kit ‘Coruna’ used in global attacks targeting enterprises.

– Google reports half of the 90 exploited zero-day vulnerabilities in 2025 targeted enterprises, underlining increased risk.

– Russian ransomware operator guilty plea in US, multiple Cisco SD-WAN vulnerabilities continue to be exploited, and Reclaim Security raised $20 million to accelerate vulnerability remediation.

– The Leakbase cybercrime forum has been shut down, and several critical enterprise networking flaws were patched by Cisco.

– The ‘AirSnitch’ Wi-Fi attack demonstrates that client isolation might give a false sense of security.

– Other coverage includes rising Iran cyber hacktivist activity amid low state-sponsored attacks and significant moves in cyberinsurance and AI security funding.

Stay Well!