Daily cybersecurity briefing for CISOs and security leaders.

🎧 Listen to this episode

Today's episode covers 18 stories across 6 topic areas, including: Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran; Iran-linked APT targets US critical sectors with new backdoors; From Ukraine to Iran, Hacking Security Cameras Is Now Part of War’s ‘Playbook’.

TechCrunch Security · Mar 03 · Relevance: ██████████ 10/10

Why it matters to CISOs: The integration of cyber operations into kinetic warfare against Iran demonstrates that IoT devices, cameras, and broadcast systems are legitimate military targets—enterprise security teams must reassess their own exposure to similar tactics from retaliatory threat actors.

📖 Read full article

Help Net Security · Mar 06 · Relevance: █████████░ 9/10

Why it matters to CISOs: MuddyWater/Seedworm active inside US organizations since February with new backdoors means CISOs in critical infrastructure must immediately hunt for indicators and assume heightened Iranian targeting during the conflict.

📖 Read full article

Wired Security · Mar 06 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Consumer-grade IP cameras are being weaponized by state actors for ISR and targeting—CISOs should audit IoT camera exposure and segment these devices from critical networks immediately.

📖 Read full article

Cybersecurity Dive · Mar 03 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The Russia-Iran cyber alliance targeting US and Middle East critical infrastructure represents an escalation in coordinated nation-state threats that CISOs must factor into threat modeling and incident response planning.

📖 Read full article

CyberScoop · Mar 06 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: AI-enhanced DPRK fake worker schemes are scaling rapidly—CISOs must strengthen hiring verification processes and monitor for insider threats from AI-augmented social engineering.

📖 Read full article

BankInfoSecurity · Mar 08 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: China-linked APT targeting South American telcos with new custom malware continues the pattern of persistent telecom espionage—CISOs at telcos and their enterprise customers must assume communications infrastructure remains a top target.

📖 Read full article

BleepingComputer · Mar 07 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Microsoft's finding that AI is now integrated across all attack stages—from recon through exfiltration—means defenders must assume adversaries have AI parity and invest in AI-augmented detection and response.

📖 Read full article

TechCrunch Security · Mar 06 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: AI finding 14 high-severity Firefox vulnerabilities in two weeks signals a paradigm shift in vulnerability discovery—CISOs should evaluate AI-powered code analysis for their own AppSec programs while anticipating adversaries will use the same techniques.

📖 Read full article

CyberScoop · Mar 05 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: A successful prosecution of a major ransomware operator impacting 1,000+ victims sends a deterrence signal, but CISOs should note the $39M in extortion payments demonstrates the ongoing profitability driving ransomware operations.

📖 Read full article

BleepingComputer · Mar 06 · Relevance: █████████░ 9/10

Why it matters to CISOs: A breach of FBI wiretap and surveillance systems is an extraordinary national security incident with implications for lawful intercept trust frameworks and vendor security across telecommunications.

📖 Read full article

CyberScoop · Mar 04 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The takedown of Tycoon 2FA—a platform that bypassed MFA to enable BEC and ransomware—validates the threat to MFA-reliant defenses and the value of phishing-resistant authentication methods like FIDO2.

📖 Read full article

BleepingComputer · Mar 06 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: A third-party healthcare IT vendor breach going undetected for nearly a year underscores the need for continuous vendor monitoring and detection capabilities in the healthcare supply chain.

📖 Read full article

BankInfoSecurity · Mar 08 · Relevance: █████████░ 9/10

Why it matters to CISOs: The new cybersecurity strategy and executive order signal shifts in federal cyber priorities including AI-driven defense and cybercrime prosecution—CISOs should assess alignment with their programs and anticipate new compliance expectations.

📖 Read full article

CyberScoop · Mar 06 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The departure of DHS's top security leadership during active Iranian cyber threats and a weakened CISA raises questions about federal cyber resilience and the stability of public-private partnerships CISOs rely on.

📖 Read full article

TechCrunch Security · Mar 03 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: Fig Security addresses a real pain point—detecting when changes in the security stack silently break detection or response capabilities—a problem most CISOs have experienced but few have tooled against.

📖 Read full article

BleepingComputer · Mar 05 · Relevance: ████████░░ 8/10

Why it matters to CISOs: With nearly half of exploited zero-days targeting enterprise security and networking appliances, CISOs must prioritize patching edge devices and network infrastructure—the very tools meant to protect them are now primary attack surfaces.

📖 Read full article

Wired Security · Mar 03 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: Government-grade iPhone exploit kits proliferating to criminals creates a new class of mobile threat—CISOs should enforce mandatory iOS updates and evaluate mobile threat defense solutions for executive and sensitive users.

📖 Read full article

CyberScoop · Mar 05 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: Max-severity Cisco firewall management vulnerabilities allowing remote root access reinforce the Google GTIG finding that security appliances are prime targets—CISOs should prioritize patching immediately even without active exploitation.

📖 Read full article

Jordan: This was the week cyber war stopped being a metaphor. US and Israeli cyber operations integrated directly into kinetic strikes against Iran, Iran hit back with backdoors already sitting inside American banks and airports, and the FBI quietly confirmed someone breached their own wiretap systems. If you're running security at any organization that matters, the threat landscape just fundamentally shifted.

Alex: Welcome to the Cleartext Week in Review. I'm Alex Chen, alongside Jordan Reeves. It's Saturday, March 7th, 2026. If you couldn't keep up this week, here's what mattered and what it means. We've got four big themes to unpack. First, the one that dominated everything: the Iran conflict and what it means for enterprise security right now. Second, the uncomfortable reality that AI has become a force multiplier on both sides of the ball. Third, a string of breaches and vulnerabilities that reinforce a pattern we've been warning about. And fourth, governance moves in Washington that every CISO needs to be tracking. Jordan, let's start where we have to start.

Jordan: Yeah, look. Monday, TechCrunch published a detailed account of how US and Israeli cyber operations directly supported the bombing campaign against Iran. Traffic cameras hacked for surveillance and targeting. Television sets hijacked for psychological operations. Iran's internet went dark within four hours of the first strikes. This is the full integration of cyber into kinetic warfare, and it's not theoretical anymore. By Thursday, Wired had research showing hundreds of attempts by Iranian state hackers to hijack consumer-grade IP cameras timed to their own missile and drone strikes. Both sides are doing this. Israel, Russia, Ukraine — camera hacking is now a standard page in the wartime playbook.

Alex: And here's why this matters if you're a CISO who doesn't work at the Pentagon. The techniques being used against Iranian infrastructure are the same techniques that work against your infrastructure. IoT cameras, broadcast systems, network-connected displays — these are in every corporate campus, every hospital, every manufacturing floor. If state actors are treating these as legitimate military targets, retaliatory actors will absolutely treat your versions of these devices as legitimate targets too.

Jordan: Which brings us to the story that should have every critical infrastructure CISO on high alert. Help Net Security reported Thursday that Seedworm, also known as MuddyWater, linked to Iran's Ministry of Intelligence, has been inside US networks since early February. A bank, an airport, a non-profit. They deployed a new backdoor called Dindoor. Symantec and Carbon Black researchers confirmed the attribution. These intrusions predate the military strikes. They were pre-positioned.

Alex: Pre-positioned. That's the word that should keep people up at night. This wasn't reactive. Iran had operators inside American organizations before the bombs started falling. And now we've got reporting from Cybersecurity Dive that pro-Russia hacking groups have formed a loose alliance with Iran-linked actors specifically targeting US and Middle Eastern critical infrastructure. The threat model just changed. You're not dealing with one nation-state. You're dealing with a coalition.

Jordan: If you're in energy, transportation, financial services, healthcare — frankly, if you're in any critical sector — you need to be hunting right now. Not waiting for alerts. Actively hunting for indicators associated with MuddyWater, Seedworm, and their known tooling. CISA published indicators. Symantec published indicators. Use them. And segment your IoT. Cameras, building management systems, digital signage — get them off your production networks if you haven't already.

Alex: Let's pivot to our second theme because it's deeply connected. AI as a force multiplier across the threat landscape. Microsoft published a report Friday documenting that threat actors are now using AI across every stage of cyberattacks. Reconnaissance, social engineering, code generation, lateral movement, exfiltration. Every stage. This isn't a future concern. It's current operations.

Jordan: The most concrete example was the North Korea story. Microsoft documented how DPRK threat groups are using generative AI to scale their fake worker schemes. We're talking AI-generated resumes, face-swapping for video interviews, and automated email responses to maintain the cover of operatives who've been placed inside companies globally. These aren't sophisticated hacks. They're sophisticated social engineering at scale, and AI is what makes the scale possible.

Alex: CISOs, this means your hiring pipeline is an attack surface. Your HR team is on the front line. Background verification, identity proofing during onboarding, behavioral analytics after hire — all of these need hardening. And if you think your company isn't a target because you're not in defense, remember, North Korea does this for revenue generation too. They'll take a job at your fintech startup just as happily as they'll infiltrate a defense contractor.

Jordan: Now, the flip side. Anthropic published results from a security partnership with Mozilla where Claude found 22 vulnerabilities in Firefox in two weeks. Fourteen were high-severity. That's remarkable. And it demonstrates that AI-powered vulnerability discovery is real and it's here. The defensive implications are enormous. But so are the offensive ones. If a commercial AI can find 14 high-severity bugs in a major browser in two weeks, what are well-resourced state actors finding in your custom applications?

Alex: Exactly. And this connects to a strategic question every CISO should be asking their board: are we using AI defensively at the same pace our adversaries are using it offensively? Because right now, the answer for most organizations is no. If you're not evaluating AI-augmented code review, AI-assisted threat hunting, AI-driven anomaly detection — you are falling behind against adversaries who have no procurement cycles and no committee approvals.

Jordan: Let's move to theme three. Breaches and vulnerabilities that reinforce a pattern. The biggest story here, and it's stunning, is the FBI confirming that someone breached their surveillance and wiretap systems. The systems used to manage lawful intercept warrants. The FBI hasn't attributed it yet. But this follows the Salt Typhoon telecom breaches that targeted similar systems. Let that sink in. The systems the US government uses to surveil adversaries are themselves being compromised.

Alex: The implications cascade everywhere. Every telco that participates in lawful intercept programs. Every vendor that builds those systems. Every enterprise whose communications pass through infrastructure that has lawful intercept capabilities baked in. The trust framework around lawful intercept is fundamentally damaged. I expect we'll see regulatory and contractual ripple effects from this for years.

Jordan: Meanwhile, Google's Threat Intelligence Group published their zero-day exploitation report for 2025. Ninety zero-days exploited in the wild last year. Almost half targeted enterprise software and appliances. And the most targeted category? Security and networking devices. Firewalls. VPNs. The irony is brutal. The tools you deploy to protect your network are the primary attack surface.

Alex: Which is why the Cisco story this week matters so much. Two maximum-severity vulnerabilities in Cisco Secure Firewall Management Center. Remote root access. No active exploitation yet, but given the Google data showing firewalls are top targets, "no active exploitation yet" is not a reason to wait. Patch immediately. And while you're at it, audit every edge device and network appliance in your environment. If it faces the internet and it's not patched, it's a liability.

Jordan: Two more quick ones. The Cognizant TriZetto breach exposed health data on 3.4 million patients. It happened in 2024 and went undetected for nearly a year. Third-party risk management isn't optional in healthcare — it's existential. And the Coruna iPhone exploit toolkit, likely originally built for the US government, is now in the hands of criminals and foreign spies. Tens of thousands of phones infected. Government-grade exploits don't stay in government hands. They never do. Enforce iOS updates. Evaluate mobile threat defense for your executives.

Alex: On the positive side, the Tycoon 2FA phishing kit takedown was a genuine win. Microsoft led the effort, seized 330 domains, Europol and industry partners collaborated, and the alleged creator was named in a civil complaint. This was a platform that bypassed MFA to enable business email compromise and ransomware. Its destruction validates two things: phishing-resistant authentication like FIDO2 should be your standard, and coordinated public-private takedowns can work. Similarly, the Phobos ransomware leader pleading guilty after impacting a thousand victims and extracting 39 million dollars — that's deterrence. Imperfect, but real.

Jordan: Now let's talk governance, because Washington had a busy week. Friday afternoon — classic news dump timing — Trump signed an executive order and published a five-page cybersecurity strategy. The EO directs federal prosecutors, cyber defense officials, and diplomats to ramp up efforts against cybercriminal gangs. The strategy promises increased government use of AI for rapid cyber defense. Details are thin, but the signal is clear: the administration wants to be seen as tough on cybercrime.

Alex: CISOs should read that five-page strategy carefully. When the federal government telegraphs its priorities, compliance frameworks and regulatory expectations follow. If AI-driven defense is in the strategy, expect questions from regulators about whether you're using AI in your security program. If cybercrime prosecution is a priority, expect increased pressure to report incidents and cooperate with law enforcement. Get ahead of this.

Jordan: And then there's the DHS story that got less attention but matters more operationally. The DHS CISO and deputy CISO both departed this week as part of a broader IT leadership overhaul. This is happening while Sean Plankey's CISA nomination is reportedly in jeopardy. So at the exact moment Iran is pre-positioning inside American critical infrastructure and the FBI's own systems are being breached, the federal government's cybersecurity leadership is in flux. CISOs who rely on CISA for advisories, for coordination, for incident response — plan accordingly.

Alex: One quick mention on the startup front. Fig Security emerged from stealth with 38 million dollars. They trace data flows through your security stack and alert you when changes — a firewall rule update, a SIEM configuration drift, a log pipeline break — silently degrade your detection or response capabilities. It's addressing a real problem. Every CISO has had the experience of discovering that a critical detection was silently broken by a change somewhere upstream. Worth watching.

Jordan: Alright. Let's step back. Alex, what defined this week?

Alex: This was the week the lines between geopolitical conflict and enterprise cybersecurity dissolved completely. We've talked about this convergence for years. This week it happened. Iranian operators were inside American organizations before the first bomb fell. Camera systems became military intelligence platforms. The FBI's own surveillance tools were compromised. And AI accelerated all of it. If you're a CISO going into next week, your priorities are clear. Hunt for Iranian indicators in your environment. Segment your IoT. Patch your edge devices and firewalls. Verify your MFA is phishing-resistant. And have an honest conversation with your board about whether your security program is calibrated for the threat environment we're actually in — not the one we were in six months ago.

Jordan: Agreed. And I'd add one thing. Watch the Russia-Iran cyber alliance closely. Loose coalitions of threat actors sharing infrastructure and targeting data can escalate faster than formal state programs. We saw this with ransomware gangs. We're about to see it with nation-state proxies. If you're in critical infrastructure, assume you're targeted. Don't wait for confirmation.

Alex: That's our week. The daily show returns Monday. Stay sharp out there. I'm Alex Chen.

Jordan: And I'm Jordan Reeves. This has been Cleartext.

Cleartext is an automated daily podcast for CISOs and security leaders. Generated 2026-03-07.

Sources are pulled from: CyberScoop, The Record, SecurityWeek, Krebs on Security, Dark Reading, Cybersecurity Dive, BleepingComputer, Wired, Ars Technica, TechCrunch, Help Net Security, VentureBeat, Risky Business News, The Hacker News, CISA, and BankInfoSecurity.