Oops, those were the FBI files.

Iran threatens tech firms as hackers strike Stryker. The EU advances efforts toward digital sovereignty. A foreign hacker stumbles upon the FBI’s Epstein files. DOGE used ChatGPT to cull humanities grants. Meta claims increased efforts against scams. A Wisconsin ambulance provider discloses a data breach. CISA shortens the patch deadline for a critical Solar Winds vulnerability. We preview this year’s RSAC 2026 Innovation Sandbox with Cecilia Marinier and Paul Kocher. Dangerous digital diets miss the mark.

Today is Thursday March 12th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Iran threatens tech firms as hackers strike Stryker. 

Rising tensions in the Middle East are increasingly spilling into cyberspace. Iran has warned that major U.S. technology companies could become “legitimate targets” as regional tensions escalate amid the ongoing conflict involving Iran, the United States, and Israel. The warning reportedly named firms such as Google, Microsoft, Amazon, Nvidia, IBM, Oracle, and Palantir, with Iranian media listing offices and cloud infrastructure linked to these companies in Israel and Gulf countries. Iranian officials claim the facilities were identified because their technology is allegedly used for military purposes. The warning also extended to economic centers and banks connected to U.S. and Israeli entities. Authorities cautioned civilians to avoid areas near these locations as the conflict intensifies, signaling a possible expansion of targets beyond military assets to include technology infrastructure.  

Medical device manufacturer Stryker confirmed Wednesday that a cyberattack caused a “global network disruption” affecting its Microsoft environment. The Michigan-based company said it has no indication of ransomware or malware and believes the incident is contained, though teams are still assessing the impact. Stryker said business continuity measures remain in place to support customers and partners.

Employees reported widespread disruptions, saying corporate laptops, phones, and servers were wiped and access to email and internal applications was lost early Wednesday. Some workers said login pages displayed the logo of the hacking group Handala. The group claimed responsibility online, alleging it wiped more than 200,000 systems and stole 50 terabytes of data.

Handala, previously linked to Iran-based threat actors and destructive “wiper” attacks, said the operation was retaliation tied to the ongoing U.S., Israel, and Iran conflict.

Researchers have uncovered a coordinated influence campaign linked to Iran’s Islamic Revolutionary Guard Corps that used fake social media personas to spread pro-Tehran messaging. A Clemson University Media Forensics Hub report identified 62 accounts across X, Instagram, and Bluesky posing as Scottish independence supporters, Irish nationalists, and Latina women. The accounts used stolen or AI-generated profile photos and tailored divisive content to match their fake identities, posting about issues like immigration, Scottish independence, and British politics. After U.S. and Israeli airstrikes in Iran in late February, the accounts shifted focus to the war, sharing anti-U.S. and anti-Israel messaging, alleged strike footage, and AI-generated images. Researchers say the tactic mirrors earlier troll operations designed to blend into online communities and influence public opinion.

The EU advances efforts toward digital sovereignty. 

The European Commission announced the EURO-3C initiative at Mobile World Congress 2026, a €75 million project funded through Horizon Europe to build Europe’s first large-scale federated Telco-Edge-Cloud infrastructure. The platform will integrate telecom networks, edge computing, and cloud services to deliver secure, high-speed computing closer to users. The project aims to reduce Europe’s reliance on non-EU technology providers while supporting digital sovereignty.

EURO-3C will bring together 87 organizations, including telecom operators, cloud providers, equipment manufacturers, software developers, and research institutions. The effort aligns with the proposed Digital Networks Act and broader EU programs, while supporting innovation in areas such as 6G, artificial intelligence, cybersecurity, and advanced telecom services.

A foreign hacker stumbles upon the FBI’s Epstein files. 

A foreign hacker accessed files tied to the FBI’s investigation of Jeffrey Epstein after breaching a server at the bureau’s New York Field Office in February 2023, according to a source and Justice Department documents reviewed by Reuters. The compromised server was located in the FBI’s Child Exploitation Forensic Lab and had reportedly been left vulnerable while an agent was handling digital evidence. Investigators later found signs the intruder had searched through files related to the Epstein case, though it remains unclear which materials were accessed or whether any data was downloaded.

The FBI described the event as an isolated cyber incident and said access was quickly restricted and the network secured. According to the source, the hacker appeared to be a cybercriminal rather than a government actor and reportedly did not realize the server belonged to the FBI until agents confirmed their identity during a video call.

DOGE used ChatGPT to cull humanities grants. 

Court documents reveal that officials from Elon Musk’s Department of Government Efficiency (DOGE) used ChatGPT to help identify humanities grants to cancel at the National Endowment for the Humanities in 2025. The chatbot was prompted to determine whether projects were related to diversity, equity and inclusion (DEI) using brief online summaries rather than full proposals. The process flagged hundreds of grants, including projects on Black newspapers, Holocaust history, Indigenous language archives and American music scholarship.

DOGE ultimately recommended terminating 1,477 grants approved during the Biden administration, reclaiming more than $100 million, nearly half the agency’s budget. Acting chairman Michael McDonald approved the cancellations, describing the move as creating a “clean slate” aligned with the Trump administration’s “America First” priorities.

Academic organizations have filed lawsuits arguing the cuts were politically motivated and violated constitutional protections, claiming the process targeted scholarship involving race, gender and marginalized communities.

Meta claims increased efforts against scams. 

Meta says it removed 159 million scam ads in 2025 and shut down 10.9 million Facebook and Instagram accounts tied to scam operations, as the company promotes new efforts to combat online fraud. It says most fraudulent ads were detected automatically before users reported them and that it is increasingly targeting entire scam networks.

The announcement comes amid growing scrutiny from U.S. lawmakers, who have questioned whether Meta’s business model gives it sufficient incentive to police scam advertising. A Reuters investigation previously suggested that a significant share of the company’s ad revenue could come from ads linked to scams or banned goods, a claim Meta disputes.

Many fraud operations originate from organized compounds in Southeast Asia running “pig-butchering” investment scams. Critics say the scale of the problem highlights how easily scammers continue to exploit social media platforms.

A Wisconsin ambulance provider discloses a data breach. 

Bell Ambulance, Wisconsin’s largest ambulance provider, disclosed a data breach affecting 237,830 people following a ransomware attack attributed to the Medusa group. Attackers accessed the company’s network between February 7 and 14, 2025, and demanded a $400,000 ransom, which the company reportedly refused to pay. The group later published the stolen data on a dark web leak site.

Compromised information includes names, birth dates, Social Security numbers, driver’s license numbers, financial account details, medical records, and health insurance information. Although some victims were notified in April 2025, the company said the full scope of the breach was not confirmed until February 2026. Bell Ambulance is offering affected individuals 12 months of credit monitoring and identity theft protection.

CISA shortens the patch deadline for a critical Solar Winds vulnerability. 

The Cybersecurity and Infrastructure Security Agency (CISA) has shortened the patch deadline for a critical vulnerability in SolarWinds Web Help Desk after reports of active exploitation by cybercriminals and nation-state actors. Federal civilian agencies must remediate the flaw, CVE-2025-26399 (CVSS 9.8), by Thursday. The vulnerability allows remote attackers to compromise the IT service management platform, potentially exposing sensitive data such as network architecture, user credentials, and security tickets while enabling lateral movement within networks. This marks the third emergency patch directive in a month for the same SolarWinds tool, underscoring the urgency for organizations to apply the latest security updates.

Dangerous digital diets miss the mark. 

Teenagers increasingly turn to AI chatbots for advice on everything from homework to awkward life questions, but a new study suggests nutrition guidance may be one area where the bots should sit this one out. Researchers in Turkey asked five popular AI models to generate three-day meal plans for hypothetical 15-year-olds. The results, reviewed by dietitians, were consistently underpowered: the plans typically cut about 700 calories per day, leaned heavily toward protein and fats, and sharply reduced carbohydrates.

For growing teens, that’s less “diet plan” and more “skip a meal and hope for the best.” Experts warn such deficits could disrupt hormones, delay growth, and increase injury risks, particularly for student athletes. Carbohydrates, they note, play a key role in normal development.

The takeaway: AI might help write an essay, but when it comes to feeding a teenager, a real dietitian still beats a chatbot with a calorie calculator.

 

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.