War in Iran/Middle East/Gulf and beyond
(Barak Ravid – Axios) President Trump said Wednesday that Israel will not conduct further attacks on Iran’s main natural gas facility. Trump’s comments that seem to be an effort to de-escalate the situation came hours after he green-lit the Israeli strike on the facility that marked a significant escalation in the war. The Israeli Air Force struck a natural gas processing facility in southwestern Iran on Wednesday. – After Iran strikes, Trump says Israel won’t attack Tehran gas fields again
US
(Marc Caputo – Axios) Former counterterrorism official Joe Kent has been under FBI investigation for months on suspicion he leaked classified information, three sources familiar with the case tell Axios. Kent propelled himself into national headlines Tuesday when he resigned his post and blamed Israel for tricking President Trump into launching the Iran war even though it posed “no imminent threat” to the U.S. Immediately after his resignation, administration officials said he had been “a known leaker” and had been cut out of briefings with the president. Semafor reported that Kent, who led the National Counterterrorism Center, had been placed under investigation prior to his resignation, which Axios independently confirmed. One of the sources said Kent was suspected of leaking to Tucker Carlson and another conservative podcaster. That source said the FBI was also examining leaked intel related to Israel and Iran. – FBI investigates ex-US Counterterrorism Center head Kent for alleged leaks
(Stephen Neukam, Hans Nichols – Axios) Plenty of heat and personal vitriol came out in Sen. Markwayne Mullin’s (R-Okla.) hearing to lead the Department of Homeland Security. But little light came through on how to end the DHS shutdown. After weeks of negotiations — and the firing of a Cabinet official — Democrats remain dug in on demands for statutory changes to ICE and Border Patrol. – Mullin testimony doesn’t “close the gap” on DHS shutdown
(Jonathan Greig – The Record) U.S. Senator Markwayne Mullin, the nominee to be secretary of the Department of Homeland Security (DHS), was pressed on whether he plans to restore the thousands of roles that have been slashed at the federal cyber defense agency. Mullin appeared before the Senate Homeland Security committee on Wednesday morning after being nominated by President Donald Trump to replace outgoing secretary Kristi Noem. While much of the hearing focused on the current DHS shutdown that has lasted more than one month, several senators touched on issues related to the Cybersecurity and Infrastructure Security Agency (CISA). – DHS nominee Mullin pressed on restoring CISA staffing | The Record from Recorded Future News
(Martin Matishak – The Record) The top U.S. intelligence official on Wednesday defended omitting foreign threats to elections from the latest assessment of global dangers, as well as her presence during a FBI raid of a Georgia election office earlier this year. In the public portion of an annual briefing on the globe’s greatest security threats, Sen. Mark Warner (VA), the top Democrat on the Intelligence Committee, pressed Director of National Intelligence Tulsi Gabbard about why the report doesn’t mention potential foreign adversary aims to interfere in elections for the first time since 2017. “Are you saying there is no foreign threat to our elections in the midterms this year?” Warner asked. “As I stated in the outset of my remarks, this year’s annual threat assessment matches the prioritization of threats,” Gabbard replied. – US intelligence chief grilled on absence of election threats in security assessment | The Record from Recorded Future News
(Andrew Solender – Axios) Democratic members of the House Oversight Committee stormed out midway through a briefing from Attorney General Pam Bondi enraged and raising the threat of an impeachment or contempt of Congress effort against her. Bondi has emerged as Democrats’ top target for Democrats after the removal of Homeland Security Secretary Kristi Noem, a status that was further solidified on Wednesday. “She is building a record,” Rep. Suhas Subramanyam (D-Va.), an Oversight Committee member, told Axios outside the hearing. “She basically set up a fake hearing under the guise of a briefing, she has defied subpoenas that we’ve put out already and then she has continued to be evasive and combative with us.” – Enraged Democrats threaten Bondi impeachment, contempt after briefing
Cyber (In)Security and Surveillance
(Daryna Antoniuk – The Record) A likely Russia-linked threat actor deployed a sophisticated iPhone hacking tool to target Ukrainian users and steal sensitive data, according to research published on Wednesday. The malware, dubbed DarkSword, allows attackers to break into iPhones with little to no user interaction, extract sensitive data within minutes, and then erase traces of the intrusion, researchers at cybersecurity firm Lookout said. They attributed the activity to a threat actor tracked as UNC6353. Little is known about the group’s infrastructure or broader affiliations, but it has previously targeted victims in Ukraine using the Coruna exploit chain. – Russia-linked hackers use advanced iPhone exploit to target Ukrainians | The Record from Recorded Future News
(Jonathan Greig – The Record) The cyberattack on bank vendor Marquis Software exposed the information of 672,075 people, according to regulatory filings. The company, which provides software that allows financial institutions to communicate with customers, previously warned in November that at least 74 banks, credit unions and financial institutions were impacted by a data breach that occurred in August. At the time, the company did not say how many people were affected. In letters to victims, the company said it discovered the breach on August 14 and notified law enforcement before hiring cybersecurity experts to assist with the recovery. The investigation revealed that the hackers copied files from Marquis Software’s systems. – Bank software vendor Marquis says more than 670,000 impacted by August breach | The Record from Recorded Future News
(Jonathan Greig – The Record) North Korean hackers targeted cryptocurrency e-commerce platform Bitrefill during an attack on March 1, according to a post-mortem from the company published Tuesday. In a lengthy statement, Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses and metadata including IP addresses. Bitrefill is designed to allow people to live off of cryptocurrency, enabling users to buy digital gift cards or pay bills online with it. The company has partnerships with Amazon, Doordash, Apple, Uber, Walmart and more. – Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records | The Record from Recorded Future News
(Phil Muncaster – Infosecurity Magazine) AI and automation helped threat actors to rapidly accelerate attacks in 2025, collapsing the “predictive window” between vulnerability disclosure and exploitation, according to Rapid7. The security vendor’s new 2026 Global Threat Landscape Report is based on Rapid7 MDR incident response investigations and other internal data. It claimed that “what once unfolded over weeks now materializes in days, and in some cases, minutes.” – AI-Enabled Adversaries Compress Time-to-Exploit – Infosecurity Magazine
(Alessandro Mascellino – Infosecurity Magazine) A cryptocurrency scam known as “ShieldGuard” has been dismantled after researchers identified it as a malicious browser extension designed to harvest sensitive user data. The operation, uncovered by Okta Threat Intelligence and described in an advisory published on March 17, initially presented itself as a security tool aimed at protecting crypto wallets from phishing and harmful smart contracts. ShieldGuard combined social media promotion, a browser extension listing and a token “airdrop” incentive model to attract users. Participants were encouraged to download the extension and promote it in exchange for future cryptocurrency rewards. The project claimed its software could detect suspicious transactions before users approved them. However, analysis revealed a very different purpose. – Crypto Scam “ShieldGuard” Dismantled After Malware Discovery – Infosecurity Magazine
(Kevin Poireault – Infosecurity Magazine) Hundreds of GitHub repositories seemingly offering “free game cheats” deliver malware, including the Vidar infostealer, Acronis Threat Research Unit (TRU) has found. While the identified malicious repositories already target “virtually every major online game title,” the security researchers estimate the true number “could be in the thousands”, they warned in a report published on March 17. They also found Reddit posts mentioning and promoting a game cheat for Counter-Strike 2 leading to a fake website that encourages the user to download and install Vidar 2.0. – Vidar Stealer 2.0 Exploits Fake Game Cheats on GitHub, Reddit – Infosecurity Magazine
(Gavin Millard – Infosecurity Magazine) If you’ve been in the cyber industry for a while, you start to notice cybersecurity has a “Groundhog Day” quality. We change acronyms and leverage hot new phrases, but the headlines remain the same: passwords still get stolen, people still get phished, S3 buckets still get left open and confidential data still gets leaked. We often lie to ourselves to explain this. We say the C-suite doesn’t care. We complain about “executive apathy,” picturing a board of suits shrugging their shoulders at our heat maps. In my experience, this is rarely true. Most boards care deeply and are terrified of being the next headline. They are approving cyber spend, reading reports and hiring talent to try and solve the problem. They aren’t apathetic – they are suffering from Active Inertia. – The Path of Least Resistance: Why Active Inertia is the Real AI Threat – Infosecurity Magazine
(Phil Muncaster – Infosecurity Magazine) Custom-built AI applications are set to cause major headaches for security teams over the coming years, unless they can get involved in projects early on, Gartner has warned. The analyst predicted that by 2028, at least half of enterprise incident response efforts would be devoted to managing the fallout from security issues connected to these apps. “AI is evolving quickly, yet many tools – especially custom-built AI applications – are being deployed before they’re fully tested,” warned Gartner VP analyst, Christopher Mixter. “These systems are complex, dynamic and difficult to secure over time. Most security teams still lack clear processes for handling AI-related incidents, which means issues can take longer to resolve and require far more effort.” – AI Issues Will Drive Half of Incident Response Efforts by 2028, Says G – Infosecurity Magazine
(Alex Ford – Infosecurity Magazine) Unnecessary escalations cost time, focus and confidence. Add a week of noisy alerts and MTTR starts to climb in a way that’s hard to explain in a report, and even harder to fix with “work faster” pressure. Top CISOs are rolling out a clear action plan that tightens early decisions, reduces back-and-forth, and keeps cases moving from first signal to containment. That approach has helped cut MTTR by 21 minutes per case, without sacrificing investigation quality. – How to Cut MTTR by 21 Minutes Per Case: An Action Plan for CISOs – Infosecurity Magazine
(Pierluigi Paganini – Security Affairs) Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci Surgical System for general surgery and the Ion endoluminal system for precise procedures inside the lungs. These robotic platforms help surgeons perform complex procedures with smaller incisions, greater precision, and faster recovery times for patients. The company disclosed a data breach caused by a targeted phishing attack. Threat actors used a compromised employee account to access internal systems, exposing customer contact details, employee data, and corporate information. The company quickly responded by securing affected applications and activating incident response measures. – Robotic surgery firm Intuitive reports data breach after targeted phishing attack
(Pierluigi Paganini – Security Affairs) Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in the LINEMODE handler, causing a buffer overflow. The flaw affects all versions up to 2.7. A patch is expected by April 1, 2026, and users are urged to update as soon as it becomes available. GNU InetUtils telnetd is a server component of GNU InetUtils that provides remote login access via the Telnet protocol. It allows users to connect to a system over a network and run commands remotely, though it’s largely outdated and insecure compared to modern alternatives like SSH. – Researchers warn of unpatched, critical Telnetd flaw affecting all versions
(Pierluigi Paganini – Infosecurity Magazine) Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control of vulnerable systems. The bug relies on a cleanup window of 10–30 days, but can ultimately lead to full system compromise. It stems from how snap-confine manages privileged execution and how systemd-tmpfiles removes old temporary files. “The Qualys Threat Research Unit has identified a Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles.” reads the advisory. – CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit
