Mar 05, 2026

Email 1:

Subject: Risky Bulletin: Cyber Command conducted cyberattacks ahead of Iran strikes

Summary: The Pentagon disclosed that US Cyber Command and US Space Command initiated cyber operations to disrupt Iranian defenses prior to a joint US-Israeli military strike, which resulted in the assassination of Iran’s leader Ali Khamenei and about 50 top officials. Israeli cyber units also played a significant role, including hacking Tehran’s traffic cameras to track high-value targets and jamming mobile towers around Khamenei to prevent warnings. Despite missile responses by Iran, no major cyber counterattacks have been observed, partly due to internet outages caused by strikes on Iranian infrastructure. While hacktivist groups have expressed support on both sides, Iranian cyber offensive capabilities appear diminished. The newsletter also covers recent cybersecurity incidents such as LexisNexis and CIG breaches, developments in government policies, and details on new malware threats and cyber espionage campaigns.

Email 2:

Subject: The Iran war has a cyber story. It’s not the one you’re reading

Summary: This newsletter challenges media narratives that anticipate or report a significant Iranian cyber retaliation following recent military strikes. It highlights that verified Iranian cyber activity is remarkably low, with active hacking groups reduced from over 130 to just 17, and mostly limited to minor disruptions like DDoS and website defacements. Experts argue that Iran’s cyber capabilities have been exaggerated in part due to vendors promoting security products. Actual cyber operations in the conflict so far have been led by US and Israeli forces, with Iran largely offline because of destroyed infrastructure. The piece stresses fact-based reporting on the cyber dimension, emphasizing that the primary cyber offensives are not from Iran.

Email 3:

Subject: Securing Fragile OT in an Exposed Worlds

Summary: An upcoming live webinar on March 10th hosted by SecurityWeek will explore the challenges of securing operational technology (OT) environments as they increasingly connect with IT networks, exposing legacy, previously isolated systems to new threats. The webinar promises to provide practical insights into modern OT vulnerabilities, the limitations of traditional scanning, and strategies to manage patchless, fragile assets securely. Key topics include identifying exploited OT protocols such as MODBUS and DNP3, and techniques to discover and fingerprint OT assets without disrupting operations. Additional webinars and summits related to cybersecurity will also be offered in March and May 2026.

Email 4:

Subject: A possible US-developed exploit framework surfaces in global iOS attacks | The CyberWire 3.4.26s

Summary: Researchers have uncovered an iOS exploit framework called “Coruna,” believed to have been originally developed by the US government and leaked into the wild, now used by criminal groups and foreign espionage actors. It has compromised at least 42,000 devices using multiple exploit chains and advanced techniques, including mitigation bypasses. The toolkit is reported to be employed by China-based cybercriminals and Russian actors targeting Ukrainians. The briefing also covers recent pro-Iranian hacktivist DDoS attacks on Middle Eastern entities, a critical vulnerability in FreeScout allowing full server compromise, and significant funding news for cybersecurity startup UpGuard. Upcoming events like the RSA Conference 2026 and detailed threat updates are included.

Email 5:

Subject: 2FA Phishing Platform Dismantled in Global Takedowns

Summary: SecurityWeek reports on the successful global takedown of the Tycoon 2FA phishing platform, a sophisticated tool used for stealing two-factor authentication credentials. The newsletter highlights other major cybersecurity developments, including a new LexisNexis data breach, Zurich’s $11 billion acquisition of Beazley to expand cyberinsurance capabilities, and ongoing phishing campaigns. It features expert insights on risks boards should not ignore, challenges of AI-assisted software development, and a live webinar focusing on protecting fragile OT environments. Additional topics cover Android zero-day patches, new research on tracking vehicles via tire pressure sensors, and updates on corporate cybersecurity investments and incidents.

Stay Well!