it's Wednesday, February 18. I'm Artie Fisher, and this is your CXO Daily cybersecurity intelligence briefing.

We lead this morning with two incidents reported by DataBreachToday that illustrate the expanding threat and governance landscape. First, the fresh cyberespionage operation tied to Iranian surveillance provides a stark reminder of the persistent risks from state-linked actors. Security researchers have confirmed a new malware campaign deploying lures embedded in pro-protest materials—real photos and videos—designed to target Iranian dissidents and global research communities. The campaign's sophistication lies in its social engineering, leveraging positive-sounding cover stories to build trust, then establishing persistent surveillance on victims. This activity underscores a risk pattern increasingly seen across sectors: highly tailored content bypassing traditional content filters, combined with malware designed for persistent espionage. For leaders in any sector dealing with sensitive intellectual property, research, or policy work, the implications are profound. Surveillance capabilities directly undermine confidentiality controls, and the blend of social context with technical payloads means that standard endpoint security will struggle to provide adequate detection. This is a scenario where gaps in user awareness, data movement monitoring, and advanced threat hunting turn into direct liability—especially as regulatory attention focuses on foreign-state data access and information integrity.

Another critical signal from DataBreachToday: the North West Ambulance Service in the UK has reported a notable increase in data breach disclosures.