Iran
Iran plots ‘infrastructure warfare’ against US tech giants • The Register - Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency. 29 locations in Bahrain, Israel, Qatar, and the United Arab Emirates that house offices, datacenters, and research facilities that Iran has set its sights on destroying. This comes a week after Iran said it deliberately targeted three AWS datacenters in the region.
Pro-Iran hacktivist group says it is behind attack on medical tech giant Stryker | TechCrunch - Stryker, which makes medical devices and technology for hospitals, does not appear to be directly linked to the recent attacks on Iran, though it has operations in Israel and did last year secure a $450 million contract from the Department of Defense to supply medical devices to the U.S. military.
Stryker attack wiped tens of thousands of devices, no malware needed - The attacker alleged that they wiped “over 200,000 systems, servers, and mobile devices” and stole 50 terabytes of data. However, investigators did not find any indication that data was exfiltrated. A source familiar with the attack told BleepingComputer that the threat actor used the wipe command in Intune, Microsoft’s cloud-based endpoint management service, to erase data from nearly 80,000 devices between 5:00 and 8:00 a.m. UTC on March 11.
The who, what, and why of the attack that has shut down Stryker’s Windows network - Ars Technica
AI
Critical Microsoft Excel bug weaponizes Copilot Agent • The Register - CVE-2026-26144 is a critical-severity information disclosure vulnerability in Microsoft Excel. This cross-site scripting flaw can be exploited to “cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling a zero-click information disclosure attack,” Redmond warned. This bug requires network access to exploit, but no user interaction or privilege escalation.
Researchers Trick Perplexity’s Comet AI Browser Into Phishing Scam in Under Four Minutes - “This is what we call Agentic Blabbering: the AI Browser exposing what it sees, what it believes is happening, what it plans to do next, and what signals it considers suspicious or safe.” By intercepting this traffic between the browser and the AI services running on the vendor’s servers and feeding it as input to a Generative Adversarial Network (GAN), Guardio said it was able to make Perplexity’s Comet AI browser fall victim to a phishing scam in under four minutes.
CEO Asks ChatGPT How to Void $250 Million Contract, Ignores His Lawyers, Loses Terribly in Court - Krafton’s internal sales projections for Subnautica 2 looked great, and looked like it would be on the hook for the additional $250 million. In an attempt to avoid paying this, Krafton CEO Changhan Kim turned to ChatGPT for help avoiding paying the developers the $250 million bonus. Kim followed ChatGPT’s advice rather than his lawyers’ advice, according to the court records.
Here’s the Memo Approving Gemini, ChatGPT, and Copilot for Use in the Senate - The Sergeant at Arms (SAA) office of the Chief Information Officer (CIO) has approved the use of three Generative Artificial Intelligence (AI) platforms with Senate data. Microsoft Copilot Chat is available now for use by all Senate employees at no cost. Google Workspace with Gemini Chat and OpenAI ChatGPT Enterprise also have been approved for use with the assignment of a Senate license.
Witness Caught Using Smartglasses in Court Blames it all on ChatGPT - During the court appearance, Jakštys claimed his mobile phone had been stolen but couldn’t provide a police report for the incident. He also repeatedly received calls on his smartglasses-connected phone from a number listed as “abra kadabra.” The call log showed that many of the calls occurred when he was on the witness stand. The judge asked him about the identity of “abra kadabra” and Jakštys said it was a taxi driver.
Gartner suggests Friday afternoon Copilot ban • The Register - Gartner analyst Dennis Xu has half-jokingly suggested banning use of Microsoft’s Copilot AI on Friday afternoons, because he fears at that time of week users may be too lazy to properly check its possibly offensive output.
ETC
Reddit User Uncovers Who Is Behind Meta’s $2B Lobbying for Invasive Age Verification Tech - Here’s where the lobbying gets surgical. The proposed laws hammer Apple’s App Store and Google Play with compliance requirements but reportedly spare social media platforms—Meta’s core business. It’s like Spotify lobbying for streaming regulations that only apply to Apple Music. The “child safety” rhetoric masks a competitive strategy that shifts liability from platforms to operating system makers.
Poland’s nuclear research centre targeted by cyberattack - Poland’s National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. Earlier this year, in January, it was revealed that Poland’s power grid, specifically, multiple distributed energy resource (DER) sites, heat and power (CHP) facilities, wind, and solar dispatch systems, had been attacked by the Russian threat group APT44 (“Sandworm”).
Fake applicants are sending security-killing malware • The Register - “An HR professional receives what appears to be a perfectly normal resume,” said Aditya K Sood, VP of Security Engineering and AI Strategy at Aryaka. “The candidate profile seems relevant. The hosting link points to a familiar cloud storage service. Nothing feels suspicious. A quick download, a double click, and an ISO file mounts, and the intrusion begins.” New ‘BlackSanta’ EDR killer spotted targeting HR departments
Swiss e-vote snafu leaves 2,048 ballots unreadable • The Register - Basel-Stadt announced the problem with its e-voting pilot, open to about 10,300 locals living abroad and 30 people with disabilities, last Friday afternoon. It encouraged participants to deliver a paper vote to the town hall or use a polling station but admitted this would not be possible for many. By the close of polling on Sunday, its e-voting system had collected 2,048 votes, but Basel-Stadt officials were not able to decrypt them with the hardware provided, despite the involvement of IT experts.
Outsourcer Telus admits to attack, possibly by ShinyHunters • The Register - Those soothing words contrast with reports that Telus has leaked a petabyte or more of data, and that crime gang ShinyHunters did the deed after acquiring valid Google Cloud Platform credentials as a result of the Salesloft breach.
Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 - Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026.
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers - The shell script launched after running the Terminal command is designed to contact a hard-coded server and retrieve the AppleScript infostealer payload, while simultaneously taking steps to remove evidence of data theft. The stealer is equipped to harvest a wide range of data from compromised hosts, including exfiltrating credentials, files, keychain databases, and seed phrases from cryptocurrency wallets.
Crooks compromise WordPress sites, spread infostealers • The Register - The trick works because the attack starts on websites that otherwise look perfectly legitimate. Visitors think they’re just clearing yet another Cloudflare bot check – the sort that litters the modern web – when in fact they’re being talked through the first step of infecting their own machine.
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage - the malware is capable of uploading and downloading files, leveraging the microphone, and capturing images through the webcam by taking advantage of the web browser’s features.
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos - “Anyone who runs pip install from a compromised repo or clones and executes the code will trigger the malware.” The attackers, upon gaining access to the developer accounts, rebasing the latest legitimate commits on the default branch of the targeted repositories with malicious code, and then force-pushing the changes, while keeping the original commit’s message, author, and author date intact.