Mar 20, 2026

===Email1 Summary===

Subject: Srsly Risky Biz: Successful War Leaves Iran With One Option, Cyber

– Iran’s cyber retaliation against US and Israeli strikes has been limited but may escalate.

– Iranian hacking group Handala claimed responsibility for a wiper attack on Stryker, a medical device company, in retaliation for US bombing in Iran.

– Iranian hackers face suppression due to targeted military strikes and government internet blocks.

– Cyber capabilities are resilient as they require less industrial capacity and supply chains compared to nuclear or missile programs.

– Iran may invest more in cyber operations post-war as a cost-effective means of power projection.

– Meta announced the removal of end-to-end encrypted direct messages on Instagram, citing low uptake and safety concerns.

– President Trump’s phone number is publicly known and he gives vague answers to confuse intelligence gathering.

– Notable positive news includes Linux Foundation grants for open source security and Meta’s crackdown on scams.

– Risky Business sponsor interview discusses an increase in email attacks using Zoom invites.

===Email2 Summary===

Subject: DarkSword turns iPhone hacking into a mass-scale, drive-by threat

– Newly identified iPhone exploit “DarkSword” silently compromises iOS devices via infected websites.

– Targets iOS 18 and earlier, potentially affecting hundreds of millions.

– Linked to Russian cyber espionage and financial cybercrime campaigns in Ukraine, Saudi Arabia, Turkey, Malaysia.

– DarkSword is “fileless,” uses JavaScript and legitimate processes to steal sensitive data including passwords and crypto wallets.

– US Cybersecurity Agency (CISA) urges organizations to secure Microsoft Intune after Iran-linked attack on Stryker.

– Stryker’s cyberattack delayed surgeries; systems being restored.

– Hacker “Internet Yiff Machine” breached police tip platform P3 Global Intel stealing 93GB of data.

– Federal reviewers found Microsoft Government Cloud security insufficiently documented; nevertheless authorized with warnings.

– FBI confirmed purchasing Americans’ location data from commercial sources.

– Cloudflare appeals a fine for not complying with Italy’s piracy blocking law.

– Meta internal AI agent mistakenly exposed sensitive data to unauthorized employees.

– Marquis data breach affected 670,000 people due to ransomware attack linked to state-sponsored hackers.

– Hackers released Nova Scotia legislator’s personal images after ransom refusal.

– Iranian group defaced Orthodox Jewish news site.

– LeakNet and Interlock ransomware groups using social engineering and zero-day exploits to compromise victims.

– Nordstrom customers received cryptocurrency scam emails.

– US robotics leaders seek federal support to compete with China.

– Senate drafts AI regulation framework aiming to unify state laws.

– Okta launches tool for AI agent discovery and governance.

– Intoxalock driver breathalyzer devices disabled by cyberattack.

– Venture funding news: Xbow $120M, RunSybil $40M, Raven $20M.

– Mississippi Belhaven University restores systems post cyber incident.

– Threat report: suspected cyberattack on China’s National Supercomputing Center.

===Email3 Summary===

Subject: Security that allows productivity? It exists.

– Webinar from 1Password and DataScan about enforcing security best practices without slowing business.

– Focus on automating access and credential policies, empowering self-remediation, enabling secure BYOD, and balancing security and productivity.

– Related blog posts on AI agent security and case study on Canva scaling securely.

===Email4 Summary===

Subject: DarkSword exploit chain compromises iOS devices | The CyberWire 3.19.26s

– DarkSword iOS exploit chain compromises devices visiting infected sites silently.

– It exploits multiple vulnerabilities to break sandbox and gain privileged access.

– Effective mainly on devices running iOS 18 or earlier.

– The exploit code was carelessly left exposed, enabling easy replication.

– Ubiquiti patches a critical path-traversal vulnerability in UniFi Network Application allowing account takeover.

– CISA advises securing Microsoft Intune accounts after the Stryker attack which used Intune’s “wipe” command to erase devices.

– Microsoft Intune security recommendations include least privilege, phishing-resistant MFA, privileged access hygiene, and admin approval.

– RSAC 2026 conference announced for March 23-26 in San Francisco.

===Email5 Summary===

Subject: Iran Readied Cyber Capabilities for Response Prior to Epic Furys

– Iran prepared cyberattack capabilities in anticipation of the conflict known as Epic Furys.

– CISA warns of exploits targeting SharePoint vulnerabilities.

– Cisco firewall zero-day exploited in ransomware attacks.

– Several cybersecurity startups announce funding rounds ($20M for 1stProtect and Raven, $375M for Cloaked).

– Marquis data breach impacted 672,000 individuals.

– Aura disclosed a data breach of 900,000 records.

– Hacker interview and intelligence on Russian APT exploiting Zimbra vulnerability.

– Discussions on SOC-level rigor in social vetting and advanced vulnerability management.

– Upcoming sponsored webinar on deploying CIS Controls and Benchmarks.

– Recent significant cyber events include Iranian hackers using stolen credentials in Stryker breach, Apple security improvements, EU cyber sanctions, and AI-related cybersecurity risks.

– Industry investment in open source security totals $12.5 million.

Stay Well!