Podcasts
CyberWire Daily
Ep 2502
The CyberWire Daily Podcast 3.5.26
Ep 2502 | 3.5.26

The internet joins the war.

Show Notes
Transcript

Hacktivist activity surges in the Middle East. Defense tech firms distance themselves from Claude. International law enforcement take down the Leakbase cybercrime forum. A pair of Cisco SD-WAN vulnerabilities are under active exploitation. Google releases an urgent Chrome security update. Age-verification is put under the microscope. TikTok is leaving end-to-end encryption out of your DMs. Our guest is Daniel Barbu, Director of EMEA Security from Adobe, discussing fostering a human‑centered, enablement‑driven, and collaborative approach to AI. Clever code catches cardiac clues.

Today is Thursday March 5th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

This week we’re coming to you from Zero Trust World in Orlando, Florida, where we’re joining security leaders and practitioners from across the industry. Our coverage here is made possible by our sponsors at ThreatLocker, who’ve brought the community together to talk all things Zero Trust, resilience, and the future of cybersecurity. Thanks for listening, and thanks to ThreatLocker for helping make it possible.

Hacktivist activity surges in the Middle East. 

Following the launch of the U.S.–Israeli military campaign against Iran on February 28, 2026, a parallel surge of hacktivist activity quickly emerged across the Middle East. According to a report from Radware, within nine hours of the first kinetic strikes under “Operation Epic Fury,” multiple hacktivist groups began launching retaliatory distributed denial-of-service (DDoS) attacks targeting government and critical infrastructure across the region. Between February 28 and March 2, nine hacktivist groups claimed 107 attacks against 81 organizations in eight Middle Eastern countries.

The activity was heavily concentrated among a few actors. Two groups, Keymous+ and DieNet, accounted for nearly 70% of all attack claims. Government institutions were the primary targets, representing about 53% of attacks, followed by financial and telecommunications sectors. Geographically, Kuwait, Israel, and Jordan absorbed more than three-quarters of the activity.

On March 2, the Russia-aligned group NoName057(16) joined the campaign, signaling a potential expansion of the conflict’s cyber dimension. Overall, the surge highlights how geopolitical crises increasingly trigger rapid, coordinated hacktivist campaigns aimed at disrupting national infrastructure and amplifying political messaging in the digital domain.

Palo Alto Networks’ Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors, but what does that activity actually mean for defenders? In a special edition of the Threat Vector, podcast host David Moulton sits down with Unit 42 threat intelligence leaders Justin Moore and Andy Piazza to unpack their latest Iran Threat Brief. They break down what these groups are doing, how much of the activity is real versus noise, and what organizations should realistically prepare for. We will be dropping that episode in your CyberWire podcast feed. It’s worth your time. 

Defense tech firms distance themselves from Claude. 

Following the Trump administration’s move to blacklist Anthropic and label its technology a supply chain risk, defense technology firms are rapidly distancing themselves from the company’s AI model, Claude. Several startups working with the U.S. Department of Defense have already begun replacing Claude with alternative models, often out of caution that a formal ban could soon take effect. Major contractors such as Lockheed Martin are also expected to remove Anthropic technology from their supply chains. The dispute stems from Anthropic’s refusal to provide assurances that its AI would be used for fully autonomous weapons or mass domestic surveillance. While Anthropic argues the defense secretary may lack legal authority to impose such restrictions, multiple federal agencies have already begun phasing out the technology. Analysts warn the shift could cause short-term disruptions, as Anthropic had been deeply integrated into sensitive defense and intelligence environments.

Senator Ron Wyden criticized the Defense Department’s dispute with Anthropic, warning that the fight raises serious concerns about potential mass surveillance of Americans. Wyden said vast amounts of personal data, including location, browsing history, and other sensitive information, can be purchased from largely unregulated data brokers and analyzed using AI. Wyden plans to push legislation aimed at limiting government access to commercially purchased personal data.

International law enforcement take down the Leakbase cybercrime forum. 

The FBI and international law enforcement agencies have dismantled Leakbase, a major cybercrime forum used to buy and sell stolen credentials, personal data, and software exploits. The coordinated effort, called Operation Leak, targeted the platform’s infrastructure and users across more than a dozen countries. Authorities conducted about 100 law enforcement actions against 45 targets, resulting in 13 arrests, 32 searches, and interviews with 33 suspects. Investigators also seized Leakbase’s domains and captured the forum’s full database.

Operating since 2021, Leakbase had more than 142,000 members and sold access to compromised data, often obtained through attacks on vulnerable web applications. Officials say the marketplace posed a growing threat because it facilitated access to U.S. networks and potential critical infrastructure. Investigators are now analyzing the seized data to identify victims and additional criminal actors.

A pair of Cisco SD-WAN vulnerabilities are under active exploitation. 

Cisco has warned customers that two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122, are being actively exploited. The flaws allow authenticated attackers to gain elevated privileges or overwrite files on vulnerable systems. Cisco disclosed patches for five vulnerabilities in February and updated its advisory on March 5 after detecting exploitation. The activity follows reports of another exploited zero-day, CVE-2026-20127, which can bypass authentication and grant admin access. Security agencies say that flaw has been chained with an older vulnerability to escalate privileges and maintain persistence, possibly linked to threat actor UAT-8616.

Google releases an urgent Chrome security update. 

Google has released an urgent Chrome security update addressing 10 vulnerabilities, including three critical and seven high-severity flaws that could allow attackers to execute arbitrary code or compromise systems. The update, rolled out March 3, 2026, fixes issues such as integer overflows in the ANGLE and Skia graphics engines and an object lifecycle flaw in PowerVR. Google is limiting technical details until most users update to reduce exploitation risk. The patch upgrades Chrome to version 145.0.7632.159/160 on Windows and Mac and 145.0.7632.159 on Linux. Users and organizations are urged to update immediately.

Age-verification is put under the microscope. 

An article from TechDirt argues that mandatory online age-verification systems create large, centralized databases of sensitive biometric data that are highly vulnerable to breaches. The concern resurfaced after researchers discovered 2,456 publicly accessible files tied to Persona, a company Discord planned to use for age verification. The exposed code suggested the system performs extensive identity checks, analyzing facial images, government IDs, device fingerprints, and other personal data, potentially storing it for years. Discord has since said it will not proceed with Persona.

Critics say the incident reflects a broader pattern: governments mandate age verification, companies adopt third-party identity vendors, and those systems later suffer security or privacy issues. Because these platforms collect immutable data like faces and ID numbers, breaches can cause permanent harm. Researchers and privacy advocates warn that such systems both threaten user privacy and often fail to effectively prevent underage access online.

TikTok is leaving end-to-end encryption out of your DMs. 

TikTok says it will not adopt end-to-end encryption (E2EE) for direct messages, arguing the technology could make users less safe. While most major platforms use E2EE to ensure only message senders and recipients can read conversations, TikTok says the feature would prevent safety teams and law enforcement from investigating harmful activity when necessary. The company says its messages are still protected with standard encryption and can only be accessed by authorized staff in limited circumstances, such as responding to reports or legal requests.

Supporters of the decision, including child safety organizations, say avoiding E2EE could help detect abuse and illegal content, particularly given TikTok’s large youth audience. However, privacy experts note the move places TikTok out of step with industry norms and may raise additional concerns about user privacy and data protection.

 

From Wed’s DB: 

Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion (Radware) 

From Threat Vector special edition on Iran: 

Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran (Palo ALto Networks Unit 42)  

 

Clever code catches cardiac clues. 

For decades, if you wanted to track your heart rate, you needed a smartwatch, a medical device, or at least something strapped to your body. Now researchers at the University of California, Santa Cruz suggest your WiFi router might quietly do the job instead.

Their prototype system, charmingly named Pulse-Fi, uses ordinary WiFi signals and a machine-learning model to detect the tiny disturbances caused by a beating heart. In tests with 118 participants, the system measured heart rate with near clinical accuracy in as little as five seconds, even if people were sitting, standing, walking, or lounging several meters away.

The setup relies on inexpensive hardware like ESP32 chips and Raspberry Pi devices, meaning the technology could eventually be deployed cheaply in homes. In other words, your WiFi may soon know your pulse, whether you asked it to or not.

 

<Credits (M/F)> And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

<Mondays>

Don’t forget to check out the “Grumpy Old Geeks'' podcast where I contribute to a regular segment on Jason and Brians’s show, every week. You can find “Grumpy Old Geeks'' where all the fine podcasts are listed.  </Mondays>

Programming notes: 

 

Mention that we will be sharing a special edition of Threat Vector Unit 42's Iran Threat Brief: What We're Seeing in their CyberWire feed later today.

Thursdays:
Hey CyberWire listeners, as we near the end of the year, it’s the perfect time to reflect on your company’s achievements and set new goals to boost your brand across the industry next year. We’d love to help you achieve those goals. We’ve got some unique end-of-year opportunities, complete with special incentives to launch 2024. So tell your marketing team to reach out! Send us a message to sales@thecyberwire.com or visit our website so we can connect about building a program to meet your goals.

Fridays:
Research Saturday plug. 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.
ADVERTISEMENT
Sponsored by Adobe
Sponsored by Adobe

Adobe empowers secure digital experiences by embedding robust cybersecurity measures across its creative, document, and customer experience solutions. With a focus on data protection and compliance, Adobe safeguards user content, workflows, and cloud-based collaboration at scale. Learn more.