Des drones suspects survolent des infrastructures critiques en Argovie, des espions russes et chinois sont interceptés sur sol suisse et les cyberattaques se multiplient, comme le montre une enquête de Temps Présent. La Confédération fait face à une "densité de menaces sans précédent", selon son Service de renseignement.

CVE-2025-33073 gives any domain user SYSTEM on unpatched hosts. See how unconstrained delegation turns one hop into full domain compromise.

“Our internal reviews have found no evidence that any devices, networks or systems have been compromised,” POLITICO says in email to staff.
#Data #Drones #Elections #Espionage #Germany #Hungary #Intelligence #Media #Missions #Oil #Orbán #Pipelines #Playbook #Russia #Security #Services #Spying #Ukraine #Viktor

Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said.

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers.

theguardian.com
Hannah Devlin and Tom Burgis
Sat 14 Mar 2026 07.00 CET

Exclusive: Guardian investigation finds data from flagship medical research leaked dozens of times

Confidential health data has been exposed online on dozens of occasions, a Guardian investigation can reveal, raising questions about the safeguarding of patient records by one of the UK’s flagship medical research projects.

UK Biobank, which holds the medical records of 500,000 British volunteers, is one of the world’s most comprehensive stores of health information and is credited with driving breakthroughs in cancer, dementia and diabetes research. But scientists approved to access Biobank’s sensitive data appear to have sometimes been cavalier about its security.

The files, which seem to have been inadvertently posted online by researchers using the data, do not include names or addresses, but they may still pose privacy concerns. One dataset found by the Guardian contained millions of hospital diagnoses and associated dates for more than 400,000 participants.

With the consent of a Biobank volunteer, the Guardian was able to pinpoint what appeared to be extensive hospital diagnosis records for the volunteer, using only their month and year of birth and details of a major surgery they had undergone.

"The file was very detailed and it felt like a gross invasion of privacy even to glance at
Data expert"

One data expert said the scale and persistence of the problem was “shocking” at a time when AI and social media were making it ever easier to cross-reference information online.

UK Biobank rejected the concerns, saying that no identifying data, such as names and addresses, were provided to researchers.

In a statement, Prof Sir Rory Collins, the chief executive of UK Biobank, said: “We have never seen any evidence of any UK Biobank participant being re-identified by others.”

’They said they would hold our data securely’
Founded in 2003 by the Department of Health and medical research charities, UK Biobank holds genome sequences, scans, blood samples and lifestyle information of 500,000 volunteers. Last month, the government extended Biobank’s access to volunteers’ GP records.

Scientists at universities and private companies across the world apply for access and, until late 2024, were free to download data directly on to their own computer systems.

Before this point, data had been inadvertently published online and Biobank appears to still be grappling with the problem.

The issue emerged because journals and funders increasingly require researchers to publish the code they have used to analyse large datasets. When intending to upload code, some researchers have also accidentally published partial or entire Biobank datasets to GitHub, a popular online code-sharing platform. UK Biobank prohibits researchers from sharing data outside their systems and says it has introduced further training for all researchers.

In the past year, the data leaks appear to have become a more urgent concern to UK Biobank. Between July and December 2025, it issued 80 legal notices to GitHub, which has complied with requests to remove data from the internet. Yet much still remains available.

Some of the data files contain just patient IDs, or test results for small numbers, others are more extensive. One dataset found online by the Guardian in January contained hospital diagnoses and associated diagnosis dates for about 413,000 participants, along with their sex and month and year of birth.

A data expert, who reviewed the file said: “It sent shivers down my spine to even open. I deleted the file immediately. It was very detailed and felt like a gross invasion of privacy even to glance at.”

To test the risk of re-identification, the Guardian approached several Biobank volunteers, two of whom had undergone medical procedures in the timeframe within the data and agreed to share these details with an external data scientist.

One volunteer, who provided treatment dates for a fracture and seizure, could not be located in the dataset. A second volunteer, a woman in her 70s, shared her month and year of birth and the month and year she had a hysterectomy. Only one person in the dataset matched these details. The apparent match was corroborated by five other diagnoses from the records that the volunteer had not initially disclosed.

“Effectively you were rehearsing the main parts of my medical history to me without me having given you any information at all. I didn’t expect that,” the volunteer said.

The woman said she was not too concerned about her own data being exposed and intended to remain a participant, saying that she viewed UK Biobank’s work as “extremely important”. But, she added: “I’m more concerned about whether Biobank has broken its agreement with people. They said they would hold our data securely … I just feel as though that has to come into the equation.”

UK Biobank said the re-identification scenario tested by the Guardian did not highlight a privacy risk because without additional information it would be impossible to identify individuals.

A Biobank spokesperson said: “As we have communicated to our participants, including on our website: ‘If a participant puts information that reveals something about their health and identity, such as genealogy data, on a public website, this could make it possible for their identity to be discovered by cross-referencing UK Biobank research data.’

“You have simply demonstrated why we tell participants not to do this.”

The spokesperson added that Biobank had taken extensive measures to protect participants’ privacy, including proactively searching GitHub, contacting researchers directly and issuing legal takedown notices, actions which they said had led to about 500 repositories being removed. Many of these, it said, contained only patient IDs, not health data.

"The idea they can rely on volunteers never putting any other information out about themselves is entirely unreasonable
Prof Felix Ritchie"

‘There are tensions between driving research with data and protecting privacy’
Privacy experts said UK Biobank’s approach appeared at odds with the reality that many people, reasonably, shared some health information online and that in an age of AI this could readily be identified and cross-referenced.

“Are these people aware that the internet exists?” asked Prof Felix Ritchie, an economist at the University of the West of England. “The idea that they can rely on their volunteers never putting any other information out there about themselves is an entirely unreasonable thing to expect.”

Dr Luc Rocher, associate professor at the Oxford Internet Institute, who reviewed several Biobank datasets found online, said that removing identifiers often did not guarantee anonymity and that simply knowing a person’s birthday and, say, the date they broke a leg might be enough to pinpoint their record with high confidence.

“Once identified, that record could reveal sensitive information such as a psychiatric diagnosis, an HIV test result, or a history of drug abuse,” they said.

Prof Niels Peek, professor of data science and healthcare improvement at the University of Cambridge, said the scale of the problem was “shocking”. “If it had happened once or 10 times I’d probably say: ‘It’s not great that it’s happened but at the same time zero risk is impossible,’” he said. “Hundreds. That’s a little bit too much.”

In Peek’s view, Biobank’s actions show it has taken the issue seriously and “done everything that one can reasonably expect”. But, he added: “The scale and persistence with which this has happened demonstrates that there are huge tensions between the ambition to drive health research with data at scale and the legal and ethical imperative to protect people’s privacy.”

Experts questioned whether Biobank will be able to fully regain control of the data released online. Despite researchers and GitHub having taken down most of the offending repositories in response to Biobank’s requests, many of the relevant files remained available on a code archive website until shortly before publication.

securityweek.com
ByEduard Kovacs| March 16, 2026 (11:44 AM ET)

Several global giants listed as victims of the recent hacking campaign targeting Oracle E-Business Suite (EBS) customers have remained mum on the impact of the cybersecurity incident.

The Cl0p ransomware and extortion group has taken credit for the EBS hacking campaign, which involved exploiting zero-day vulnerabilities to access data stored by organizations in Oracle’s enterprise management software. The compromised data was then leveraged for extortion.

While Cl0p serves as the public-facing extortion brand for the campaign, the cybersecurity community believes the operation may have been driven by a cluster of threat actors, most notably FIN11.

The hackers have listed more than 100 alleged victims of the Oracle EBS campaign on the Cl0p leak website, including organizations in sectors such as technology, telecommunications, software, heavy industry, manufacturing, engineering, retail, consumer goods, energy, utilities, media, finance, and entertainment.

For most of the victims, the cybercriminals published torrent files pointing to information allegedly stolen from their systems. This indicates that these victims have refused to pay a ransom.

A majority of the large organizations targeted in the campaign have issued a public statement confirming a data breach. Many claimed that the impact of the incident is limited, but still notified affected individuals about the potential risks.

However, a handful of very large companies do not appear to have issued any public statements on the matter, neither to confirm nor deny being hit, nor even to say that an investigation is being conducted.

This includes semiconductor and infrastructure software company Broadcom, engineering and construction firm Bechtel, cosmetics group Estée Lauder Companies, and medical devices and healthcare solutions provider Abbott Laboratories.

They were all listed on the Cl0p website on or around November 20, 2025.

It may take several months and even as much as a year for companies to investigate data breaches and determine their full extent. However, major companies typically acknowledge at least that an investigation is ongoing.

Broadcom, Bechtel, Estée Lauder, and Abbott have not responded to repeated requests for comment.

Data leaked by hackers
SecurityWeek has not downloaded any of the leaked data, but has conducted a brief metadata and file-tree analysis of data allegedly obtained from some of the larger companies named on the Cl0p website and found that the files indeed originate from an Oracle EBS environment.

In the case of Broadcom, the cybercriminals made public more than 2TB of archives allegedly storing files stolen from the company. The Estée Lauder torrent file points to 870GB of archive files.

At the time of writing, the torrents pointing to Bechtel and Abbott files are still available, but no data could be retrieved for analysis. However, that does not mean the files are no longer accessible to cybercriminals, as they may also be circulated privately on underground forums.

On the one hand, cybercrime groups like Cl0p frequently exaggerate the scope of their breaches, prompting many companies to quickly issue statements denying or downplaying the allegations to reassure customers and stakeholders that any impact was limited.

Moreover, if no regulated data (such as health information, Social Security numbers, or payment details) was compromised, companies face no legal obligation to disclose the incident publicly. If the breach did not qualify as material, there is also no requirement under SEC rules to report it to investors.

On the other hand, some organizations may deliberately maintain silence for strategic, PR, and legal reasons. Even acknowledging an ongoing investigation could invite lawsuits, short-seller pressure, or additional regulatory scrutiny.

| TechCrunch
Zack Whittaker
8:01 AM PDT · March 20, 2026

A cyberattack on a U.S. car breathalyzer company has left drivers across the United States reportedly stranded and unable to start their vehicles.

The company, Intoxalock, says on its website that it is “currently experiencing downtime” after a cyberattack on March 14. Intoxalock sells breathalyzer devices that fit into vehicle ignition switches, and is used by people who are required to provide a negative alcohol breath sample to start their car.

Intoxalock spokesperson Rachael Larson confirmed to TechCrunch that the company had been hit by a cyberattack. Larson said the company took steps to “temporarily pause some of our systems as a precautionary measure.”

These breathalyzer devices need to be calibrated every few months or so, but the cyberattack has left Intoxalock unable to perform these calibrations. The company said customers whose devices require calibration may experience delays starting their vehicles.

Drivers posting on Reddit say that cars are unable to start if they miss a calibration, effectively locking drivers out of their vehicles.

According to local news reports across Maine, drivers are experiencing lockouts and some have been unable to start their vehicles. One auto shop in Middleboro told WCVB 5 in Boston that it has had cars parked in its lot all week due to the cyberattack.

News reports from across the United States show drivers are affected from New York to Minnesota, and drivers have been unable to drive because their vehicle-based breathalyzers cannot be immediately calibrated.

Intoxalock would not say what kind of cyberattack it was experiencing, such as ransomware or if there was a data breach, or whether it had received any communications from the hackers, including any ransom demands. The company’s technology is used in 46 states, its website says, and it claims to provide services to 150,000 drivers every year.

Intoxalock did not provide an estimated timeline for its recovery.

| CyberScoop cyberscoop.com
By
Tim Starks

March 20, 2026

It echoes earlier alerts from the Netherlands and Germany, and is the latest to warn about targeting of Signal users and others.

Russian intelligence-affiliated hackers have gained access to thousands of users’ messaging apps with a global phishing campaign, the FBI and the Cybersecurity and Infrastructure Security Agency warned in a public service announcement on Friday.

The high-value targets they’re pursuing include current and former U.S. government officials, political figures, military personnel and journalists, the two agencies said in the joint PSA about the hackers’ attempts to infiltrate commercial messaging applications (CMAs).

The U.S. alert comes on the heels of an earlier warning from Dutch authorities, who said last week that Russian hackers were “engaged in a large-scale global attempt” to take over WhatsApp and Signal accounts. The Dutch warning likewise followed a similar warning from Germany in February.

The U.S. agencies emphasized that the hackers had not been able to bypass end-to-end encryption, instead manipulating users into giving up access. The scheme involves hackers posing as Signal help personnel, then inviting them to click a link or provide verification codes or account personal identification number.

“After compromising an account, malicious actors can view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA accounts,” the PSA explains. “(Note: reporting shows that the threat actors specifically target Signal accounts but can apply similar methods against other CMAs).”

However, “CMA users who strengthen their personal cybersecurity and defend against social engineering attempts can reduce the risk of account compromise and limit the effectiveness of the threat actors’ current tactics, techniques, and procedures,” the agencies said.

The Russian campaign is just the latest to seek to bypass the protections commercial messaging apps offer. CISA in November warned about spyware targeting of messaging apps.

There sometimes has been a Russian intelligence nexus to the recent targeting. Google Threat Intelligence Group shined a spotlight last year on Russian attempts to target Signal users in Ukraine.

‘We anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war,” the company said.

| TechCrunch
techcrunch.com
Zack Whittaker
8:50 AM PDT · March 9, 2026

Salt Typhoon is by far one of the most prolific hacking groups in recent years, breaching some of the top American phone companies. Here are all the countries that have been targeted.

Salt Typhoon is behind one of the broadest hacking campaigns in recent years, targeting some of the world’s largest phone and internet companies and stealing tens of millions of phone records about senior government officials.

The hacking group, attributed to China, is part of a wider cluster of hackers with the collective aim of helping China prepare for an eventual war with Taiwan, according to researchers. U.S. officials have called China’s potential invasion of Taiwan an “epoch-defining threat.” Much of the group’s efforts have focused on hacking Cisco routers at the edge of a company’s network to break in and taking control of surveillance devices that U.S. telecom companies are legally required to install to allow law enforcement to monitor calls and messages.

While Salt Typhoon is focused on hacking telecom infrastructure, other China-hacked groups like Volt Typhoon are prepositioning for destructive cyberattacks capable of causing widespread disruption, and Flax Typhoon runs a botnet of hijacked internet-connected devices for hiding the hackers’ malicious internet traffic.

But Salt Typhoon is by far one of the most prolific hacking groups in recent years, including targeting some of the top American phone companies.

The hacks allowed China to obtain call records, text messages, and captured phone audio from senior U.S. officials, many of whom were considered government targets of interest. This prompted the FBI to urge Americans to switch to end-to-end encrypted messaging apps, fearing that a foreign adversary could eavesdrop on their communications.

Salt Typhoon went even further, hacking at least 200 companies around the world, according to FBI officials. The list of affected countries keeps growing.

Here are the countries that have attributed hacks to Salt Typhoon.

United States
Some of the top U.S. phone companies, including AT&T and Verizon, were confirmed hacked by Salt Typhoon, as was internet provider CenturyLink (now Lumen). T-Mobile said it was targeted but that the hackers had no access to its customers’ calls, text messages, or voicemails.

Satellite communications giant Viasat was also compromised, allowing hackers to gain access to tools used by law enforcement to access the communications of others.

Internet and data providers Charter Communications (Spectrum) and Windstream were also named as Salt Typhoon victims. Fiber network giant Consolidated Communications was reportedly hacked as part of the campaign.

The hackers didn’t just target phone and internet providers. Per several reports, Salt Typhoon compromised the networks of a U.S. state’s National Guard, allowing them to steal data and access to other networks in every other U.S. state and several territories.

North and South America
According to security firm Recorded Future, its researchers have seen Salt Typhoon target Cisco devices associated with universities in Argentina and Mexico and elsewhere.

Meanwhile, the Canadian government confirmed that its top telecommunications firms were hacked by China as part of Salt Typhoon’s extended espionage campaign. Canada also confirmed several Cisco routers at one telecom giant were hacked to steal data from the company.

The government in Ottawa warned it saw targeting of companies that were “broader than just the telecommunications sector.”

Trend Micro said it saw Salt Typhoon activity in Brazil, the most populous country in South America.

Asia, Africa, and Oceania
Recorded Future said it’s seen Salt Typhoon targeting at least one Myanmar-based telecoms provider, Mytel, by way of hacked Cisco routers, as well as a South African telecommunications provider. It’s also seen attacks targeting routers of universities across Bangladesh, Indonesia, Malaysia, and Thailand.

Japan has also warned of the threat of Salt Typhoon to its networks.

Both the governments of Australia and New Zealand say they’ve seen Salt Typhoon activity in their telecom and critical infrastructure sectors. New Zealand said it also saw Salt Typhoon hackers across the government sector, as well as transportation, lodging, and military infrastructure networks.

Trend Micro also said it found at least 20 compromised organizations across the telecoms, consulting, chemical, and transportation industries, as well as government agencies and nonprofits in various countries, including Afghanistan, Eswatini, India, Taiwan, and the Philippines.

Europe
The British government has confirmed that a “cluster of activity” from Salt Typhoon was seen across the United Kingdom. While the activity wasn’t specified, news reporting suggests that senior U.K. government staff may have had their phone records tapped and text messages read.

Norway has also confirmed Salt Typhoon hacked several organizations in the country.

Dutch authorities in the Netherlands say that several smaller internet providers and web hosts were targeted and had access to routers, but their internal networks were not compromised.

An Italian internet provider was hacked, per Recorded Future.

And, according to Czech cybersecurity officials, incidents related to Salt Typhoon hacks have been witnessed in Finland and Poland.

bleepingcomputer.com
By Sergiu Gatlan
March 9, 2026

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to over 15,000 employees and customers after hacking one of its service providers.

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to over 15,000 employees and customers after hacking one of its service providers.

Headquartered in Stockholm and founded in 1876, the parent company is a communications tech leader with nearly 90,000 employees worldwide.

In data breach notification letters sent to affected individuals and filed with the California Attorney General on Monday, Ericsson said that a service provider who was storing personal data for employees and customers discovered a breach on April 28, 2025.

After detecting the incident, the third-party vendor notified the FBI and hired external cybersecurity experts to assess the extent of the breach and its impact.

The investigation, which was completed last month, found that a total of 15,661 individuals had their data exposed in the incident. However, Ericsson noted that the compromised provider has yet to find evidence that the data has been misused since the breach.

"Based on the investigation, our service provider determined that a limited subset of files may have been accessed or acquired without authorization between April 17, 2025 and April 22, 2025," Ericsson said.

"As part of its investigation, it retained external data specialists to conduct a comprehensive review of the potential affected files to identify any personal information. That review was completed on February 23, 2026 at which time we determined that that some of your personal information was contained within the affected files."

According to a separate filing with the Texas Attorney General, the exposed information includes affected individuals' names, addresses, Social Security Numbers, Driver’s License numbers, government-issued ID numbers (e.g., passport, state ID cards), financial Information (e.g., account numbers, credit or debit card numbers), medical Information, and dates of birth.

Ericsson is now providing free IDX identity protection services, including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud loss reimbursement policy to affected people who enroll by June 9, 2026.

Although the company flagged this incident as a data theft attack, no cybercrime group has taken responsibility for the breach. This raises the possibility that either the third-party vendor paid the ransom demanded by the attackers or that the threat actors were unable to connect the breach to Ericsson.

When BleepingComputer reached out for more details on the breach, including the total number of affected individuals, an Ericcson spokesperson said they didn't have "anything to share beyond the letter."

Update March 10, 06:39 EDT: In a filing with Maine's Attorney General, Ericsson says the breach affects a total of 15,661 individuals.

calcalistech.com
Hofit Cohen Azulay
12:55, 12.03.26

Cyberattack affects platform advertising screens; national cybersecurity authorities investigate.

A cyberattack targeted advertising signs in the passenger halls at Herzliya Station and Shalom Train Station in Tel Aviv on Wednesday. It is estimated that Iranian hackers took control of the signs and posted messages claiming that the stations were expected to be attacked by Iranian missiles and instructing the public to evacuate immediately.
Israel Railways clarified that these signs are not connected to the railway infrastructure and are located on platforms as part of a private provider’s advertising and information system. Shortly after the incident, the screens were taken offline. The National Cyber Directorate, in cooperation with Israel Railways, began investigating the source of the malfunction. Railways officials emphasized that the affected screens are part of an external network unrelated to essential railway infrastructure. Therefore, there was no risk to critical systems or the railway's passenger information system (PIS).

Earlier, Iran’s Fars News Agency falsely claimed that Israel’s entire railway system had been hacked and disabled. The agency stated:
"Israel’s railways have been hacked. As a result of a cyberattack, the enemy’s railway system has been disabled. All [Israeli railway] stations are not safe until further notice."

Following the incident, Israel Railways announced on Thursday that, in accordance with Home Front Command guidelines, it is continuing efforts to resume service on travel routes, increase train frequency, and reopen additional stations.

| South China Morning Post
scmp.com
Ben Jiangin Beijing
Published: 10:14pm, 10 Mar 2026

Cybersecurity agency cautions that improper installation and use of the AI agent carry severe security and data risks.

China’s cybersecurity agency on Tuesday issued a second warning about security and data risks tied to OpenClaw, despite a rush among local governments and tech companies to adopt the artificial intelligence agent amid a nationwide frenzy.

At a time when major Chinese cloud service providers were touting easy deployment of OpenClaw to capitalise on its popularity, improper installation and use of the agent had also led to severe security risks, said the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT), a non-governmental and non-profit cybersecurity technical platform, in a notice published on its WeChat account.

Released by Austrian developer Peter Steinberger late last year, OpenClaw is a software that is taking the world by storm for its ability to perform tasks on a user’s behalf, organising and responding to emails, drafting work reports and preparing slide decks.

CNCERT partly blamed OpenClaw’s security challenges on its ability to perform tasks autonomously, which required high-level permissions that heightened exposure to breaches.

The agency said OpenClaw was vulnerable to threats including “prompt injection”, in which attackers embed hidden malicious instructions in webpages which, when read by the software, could trick it into leaking a user’s system keys.

It was also prone to “operational errors”, in which the agent may misinterpret user commands and unintentionally delete critical information, including emails and important files, potentially causing significant data loss.

bleepingcomputer.com
By Sergiu Gatlan
March 12, 2026

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.

VBR is enterprise data backup and recovery software that helps IT administrators to create copies of critical data for quick restoration following cyberattacks and hardware failures.

Three RCE security flaws patched today (tracked as CVE-2026-21666, CVE-2026-21667, and CVE-2026-21669) allow low-privileged domain users to execute remote code on vulnerable backup servers in low-complexity attacks.

The fourth one (tracked as CVE-2026-21708) allows a Backup Viewer to gain remote code execution as the postgres user.

Veeam also addressed several high-severity security bugs that can be exploited to escalate privileges on Windows-based Veeam Backup & Replication servers, extract saved SSH credentials, and bypass restrictions to manipulate arbitrary files on a Backup Repository.

These vulnerabilities were discovered during internal testing or reported through HackerOne and are resolved in Veeam Backup & Replication versions 12.3.2.4465 and 13.0.1.2067.

Veeam also warned admins to upgrade the software to the latest release as soon as possible, since threat actors often begin developing exploits shortly after patches are released.

"It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software," the company warned. "This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay."

VBR servers targeted in ransomware attacks
VBR is popular among managed service providers and mid-sized to large enterprises, even though ransomware gangs commonly target VBR servers because they can serve as a quick jumping-off point for lateral movement within breached networks, simplify data theft, and make it easy to block restoration efforts by deleting victims' backups.

The financially motivated FIN7 threat group (which previously collaborated with the Conti, REvil, Maze, Egregor, and BlackBasta ransomware groups) and the Cuba ransomware gang have both been linked to past attacks targeting VBR vulnerabilities.

Sophos X-Ops incident responders also revealed in November 2024 that Frag ransomware exploited another VBR RCE bug disclosed two months earlier and also used in Akira and Fog ransomware attacks starting in October 2024.

Veeam says its products are used by more than 550,000 customers worldwide, including 74% of Global 2,000 firms and 82% of Fortune 500 companies.

Gizmodo
By Ece Yildirim
Published March 11, 2026

State-aligned media released a list naming the offices of Microsoft, Palantir, and more as potential targets of military action.
A news agency affiliated with the Iranian regime released a list of American tech companies with links to American and Israeli military operations as new targets for Iran on Wednesday.

According to Al Jazeera, the Tasnim News Agency’s report lists Microsoft, Google, Palantir, IBM, Nvidia, and Oracle’s offices and cloud infrastructure in Israel and some Gulf countries as the new targets.

On top of targeting the tech giants, a spokesperson for a group owned by Iran’s Islamic Revolutionary Guard Corps told Al Jazeera that American and Israeli economic centers and banks in the region are also legitimate targets now, and warned people to “not be within a one-kilometre radius of banks.”

The list comes on the heels of an Israeli attack on a bank in Iran’s capital city of Tehran, according to Tasnim News Agency, which expanded “the scope of the regional war” to an “infrastructure war.”

The United States and Israel began their military campaign against Iran at the end of last month, with Iran responding with retaliatory strikes on Israeli soil and on American military bases in the region from Cyprus and Turkey to the Gulf countries.

As the war entered its 12th day, more than 1,300 civilians in Iran have been killed, including 175 people (most of them children) at an elementary school in southern Iran, reportedly struck by American missiles.

All six of the tech giants named by Iranian media have lucrative partnerships with the Pentagon and/or Israel. Nvidia is building data centers and a research and development campus in Israel, a country that CEO Jensen Huang has recently called “Nvidia’s second home.” Microsoft, Google, Palantir, IBM, and Oracle all have a close history with the Israeli government and military, with some reports claiming that the AI technology provided by these American tech giants is aiding the army in the mass surveillance of Palestinians. Meanwhile, Google, Oracle, IBM, Microsoft, and Palantir also have military AI agreements with the Pentagon.

Though not named by Tasnim, another American tech giant with ties to both American and Israeli military operations is Amazon. One of the company’s operating facilities in Bahrain and two of its data centers in the United Arab Emirates were heavily damaged earlier this month following Iranian drone strikes. The strikes, which Iranian state media later described as targeted, led to power disruptions and degraded AWS applications in the region.

So far, Iran’s military actions have been limited to the region. That could change, according to an ABC News report also from Wednesday, as the FBI has claimed Iran could launch drone strikes on the West Coast of the United States, where the headquarters of tech giants like Google, Nvidia, and Microsoft are located. But the chances of that happening are very slim, as even President Trump himself has said he is not worried, and the Iranian report explicitly threatens damage to the offices and infrastructure that these tech companies have in the Middle East.

WSJ wsj.com By
Daniel Michaels
and
Dov Lieber

March 7, 2026 12:00 pm ET

The U.S. and Israeli attacks on Iran have unfolded at unprecedented speed and precision thanks to months of planning, a massive assemblage of military force and a cutting-edge weapon never before deployed on this scale: artificial intelligence.

AI tools are helping gather intelligence, pick targets, plan bombing missions and assess battle damage at speeds not previously possible. AI helps commanders manage supplies of everything from ammunition to spare parts and lets them choose the best weapon for each objective.

Before Israeli jet fighters launched ballistic missiles that killed Iran’s Supreme Leader Ali Khamenei at his residence a week ago, launching the current regional war, Israeli intelligence services had for years been monitoring hacked Tehran traffic cameras and eavesdropping on senior officials’ communications—increasingly relying on AI to sift through a flood of intercepts.

The use of AI in the campaign against Iran follows years of work by the Pentagon and lessons learned from other militaries. Ukraine—with U.S. help—increasingly relies on AI in its war against Russia. Israel has tapped AI in conflicts at least since the October 2023 Hamas attacks.

Defense Secretary Pete Hegseth has urged accelerated adoption of AI to create “an ‘AI-first’ warfighting force.” At the same time, he is engaging in a public battle with Anthropic, a critical AI supplier, and the Pentagon has contracted with rival OpenAI to use its models in classified settings. President Trump has ordered the government to stop using Anthropic’s products. But U.S. officials say the fight unfolding in Iran is showing the usefulness of Anthropic’s AI agent, Claude.

The U.S. and Israel have declined to discuss exactly how they are employing AI in the widening conflict, but recent comments from military leaders and technical experts provide a window.

Most military AI applications aim to give commanders and planners more complete information, faster than is now possible. That, in turn, should let them make better and quicker decisions than the enemy can, gaining a battlefield advantage.

The U.S. says it has struck more than 3,000 targets in Iran since the attacks began Saturday, using an array of weapons including attack drones launched from ships, F-22 jet fighters taking off from Israel and B-2 stealth bombers flying from the U.S.

While the complexity of managing so many aircraft and weapons is getting a boost from AI, its use remains limited and the cost of badly informed decisions remains high. U.S. military investigators believe American forces likely were responsible for a strike on the war’s first day that killed dozens of children at a girls elementary school in Iran, The Wall Street Journal reported.

Talk of military AI can conjure images of killer robots, but the reality is that its biggest uses now are often off the battlefield, in time-consuming and labor-intensive fields like intelligence, mission planning and logistics.

These noncombat areas are ripe for AI-inspired efficiency because out of every 10 people in the military, at most two face combat. Up to 90% of personnel are in support roles.

The Pentagon’s AI tools are similar to ChatGPT and other mass-market large language models, but limited to warfare and trained to tackle specific tasks using relevant information, seeking to avoid glitches and inaccuracies often besetting AI.

Still, war is among the most chaotic and complex human endeavors—posing unique problems for even the cutting edge of robotic thinking. The Pentagon’s first AI chief, retired Air Force Lt. Gen. Jack Shanahan, said building military AI is tough in part because much of the available data for training is out of date or unclear.

“The Department of Defense was built as a hardware company in the industrial age, and it has struggled to become a digital company in a software-centric era,” said Shanahan, who oversaw an AI-powered project in Iraq, dubbed Maven, almost a decade ago.

Military strikes start with intelligence. Gathering and parsing it can require thousands of analysts grinding for hours over communications intercepts, photographs and radar images as they try to divine the locations of missile launchers, tunnels and other targets.

Human analysts can examine at most 4% of the intelligence material that is typically collected, say U.S. officers who have worked in the field.

“The biggest immediate impact of AI is in intelligence,” said Israeli Col. Yishai Kohn, the defense ministry’s head of planning, economics and IT. “Many potential missions simply never happened because the manpower didn’t exist” to assess vital intelligence, said Kohn.

AI-powered machine vision can now quickly find vast numbers of targets—with the ability to single out specific models of aircraft or vehicles. It can listen for and summarize relevant conversations from intercepts.

“Intelligence agencies already have access to tons of video data, and current AI enables them to detect exactly what they need within an ocean of data,” said Matan Goldner, chief executive of Conntour, an Israeli company selling software to its and other countries’ security agencies that allows them to query video databases the same way LLMs are used to find patterns in texts.

Just as with mass-market AI, users can bore into results with queries, such as to identify every missile launcher located near a hospital. They can also set the system to alert when an event happens, such as “Tell me every time someone takes a photo near this military base.”

The U.S. Army’s 18th Airborne Corps, using software from data company Palantir Technologies in a continuing string of exercises dubbed Scarlet Dragon, matched its own record from Iraq as the military’s most efficient targeting operation ever, according to Emelia Probasco, a senior fellow at Georgetown University’s Center for Security and Emerging Technology. Thanks to AI, the corps achieved that with only 20 people, compared with more than 2,000 staffers employed in Iraq, she said.

Militaries in the North Atlantic Treaty Organization are using AI to track Russia’s shadow fleet of tankers, scanning millions of square miles several times a day for vessels that are illegally transferring fuel at sea, said French Adm. Pierre Vandier, NATO’s top officer for digital transformation. Imagery is then linked to ship identities for closer tracking and potential action, he said.

Vandier said AI is turning military intelligence analysis from a task of groping in darkness for targets to one of sifting through piles of them. “The number of targets you can nominate through AI is just skyrocketing,” Vandier said.

To prioritize targets and develop a course of action, the Pentagon is increasingly using AI to run models and digital wargames. In one of many efforts, last year it contracted with Pittsburgh-based Strategy Robot to develop advanced systems that can churn through vast numbers of scenarios despite imperfect information. From potentially millions of iterations, planners can zoom in on actions that are more likely to achieve their objectives.

In the pre-AI world, after rough outlines were agreed on for an operation, commanders and specialists would develop mission plans, compiling paper-stuffed binders in a weekslong exercise. AI can potentially do the same work in days, military leaders say.

Planning any military assault—from the fast, targeted mission in January to seize Venezuelan strongman Nicolás Maduro to the war with Iran—brings together subject-matter specialists including intelligence officers, combat commanders, weapons experts and logistics managers. Sessions can include around 40 people.

“The more people you add into planning, the longer it takes,” said a U.S. Army officer in Europe with experience in the process.

As preparations advance and plans evolve, each specialist revises their own plans, with knock-on effects for the others. If intelligence reports, for example, shift a bombing target to a more-distant objective, commanders may opt to use different aircraft or weapons, which in turn can affect crew rostering, flight planning and fuel consumption.

Until now, updating all those factors was slow and often subjective. Now AI can process complex interactions instantaneously, accounting for how each change ripples through military choreography.

Once a strike occurs, AI can speed assessments of battle damage, via image-processing software like tools helping with initial intelligence. While analysis is limited by the quality of imagery—which can depend on factors as basic as weather and whether a target is above ground—AI’s ability to merge varied inputs is changing the discipline. In a process known as sensor fusion, AI can digest visuals, radar, heat signatures and mass-spectroscopy to synthesize a list of possible conclusions. Fast analysis of where attacks succeeded or failed in turn helps refine lists of subsequent targets.

One thing AI can’t replace is human judgment. Many military officials involved in AI projects warn that the technology’s capabilities risk prompting an overreliance on information it provides—a trend linked with the phrase “The computer said to do this.”

Offloading decisions to AI “is a serious concern,” said Probasco at Georgetown, who held various posts in the Navy. She said that, as with other weapons systems, safeguards must be implemented to limit risks. “That infrastructure is underinvested in now,” she said.

theguardian.com
Daniel Boffey Chief reporter
Sat 7 Mar 2026 12.00 CET

Iran’s targeting of commercial datacentres in the UAE and Bahrain signals a new frontier in asymmetric warfare

It is believed to be a first: the deliberate targeting of a commercial datacentre by the armed forces of a country at war.

At 4.30am on Sunday morning, what is thought to have been an Iranian Shahed 136 drone struck an Amazon Web Services datacentre in the United Arab Emirates, setting off a devastating fire and forcing a shutdown of the power supply. Further damage was inflicted as attempts were made to suppress the flames with water.

Soon after, a second data centre owned by the US tech company was hit. Then a third was said to be in trouble, this time in Bahrain, after an Iranian drone turned to fireball on striking land nearby.

Iranian state TV has claimed that Iran’s Islamic Revolutionary Guard Corps launched the attack “to identify the role of these centres in supporting the enemy’s military and intelligence activities”.

The network built by Jeff Bezos’s company could withstand one of its regional centres being taken out of action but not a second.

The coordinated strike had an immediate impact.

Millions of people in Dubai and Abu Dhabi woke up on Monday unable to pay for a taxi, order a food delivery, or check their bank balance on their mobile apps.

Whether there was a military impact is unclear – but the strikes swiftly brought the war directly into the lives of 11 million people in the UAE, nine out of 10 of whom are foreign nationals. Amazon has advised its clients to secure their data away from the region.

Perhaps more significantly, the strikes on this ‘next generation’ war target are now raising questions about the prospects of the UAE building on its plans, and many billions of pounds worth of US and other foreign investment, to exploit what they hope will be the ‘new oil’: artificial intelligence (AI).

“The UAE really wants to be a major AI player,” said Chris McGuire, an AI and technology competition expert who served as a White House national security council official in Joe Biden’s administration. “Their government has very strong conviction about this technology, probably stronger than any other government in the world, and if there’s going to start to be security questions around that, then they’re going to have to resolve those very quickly, somehow.”

A datacentre is a facility designed to store, manage, and operate digital data.

The growing demand by businesses for artificial intelligence (AI) and cloud computing – where firms have a pay-as-you-go relationship with the providers of servers, storage and software – is driving the need for centres that have significantly more computational power.

It requires a ready and consistent supply of very cheap electricity.

The UAE, as it seeks to diversify away from fossil fuels, has been able to point out that it has this in spades, along with a huge sovereign wealth fund ready to invest and subsidise projects.

According to Turner & Townsend’s Global Data Centre Index, the overall global cost increase of datacentre construction increased in 2025 by 5.5% – but the UAE ranks 44th in the league table of most expensive unit cost per watt out of 52.

The UAE’s geography also makes it a critical subsea cable landing point, providing access between Europe and Asia.

Then there are the geo-politics, with the US keen to keep the Gulf states away from Chinese technology.

A four-day tour by Donald Trump of Saudi Arabia, Qatar, and the UAE last May coincided with the announcement of the construction of a vast new AI campus – a partnership between the UAE and the US – for the purpose of training powerful AI models.

As part of the deal, the Trump administration eased restrictions on advanced chips sales to the Gulf. OpenAI has said the planned UAE campus could eventually serve half the world’s population.

McGuire said that this week’s events could be pivotal. “If we’re going to have large scale datacentres built out in the Middle East, we’re going have to get pretty serious about how we protect them,” he said. ‘We think about how to protect it right now, and we’re saying, ‘Oh, it means you have guards and good cybersecurity’.

“If you’re actually going to double down the Middle East, maybe it means missile defence on datacentres.”

Sean Gorman, the chief executive of Zephr.xyz, a technology firm that is a contractor to the US air force, said that the Gulf states’ ambitions would have likely been in the thoughts of military planners in Tehran.

He said: “I believe the Iranians are building on tactics they’ve seen be effective in the Ukraine conflict. Asymmetric warfare that can target critical infrastructure creates pressure on adversaries by disrupting public safety and economic activity.

“UAE and Bahrain have both been positioning themselves as global AI hubs by investing heavily in datacentres and fibre infrastructure to connect them to the rest of the world.

“If they can disrupt that infrastructure, it puts their strategic position under risk while also disrupting operations that are important to the economy. In addition, there could be an adjacent impact of defence operations, but that would likely be more luck than the primary objective.”

Gorman said the UAE had a “long track record of managing regional instability without becoming party to it” but that there were a range of risks apart from that from the air.

He said: “The UAE also has one of the most diversified submarine-cable landing environments in the Middle East, but the diversity is geographically uneven.

“There are multiple landing stations and cable systems, but many of them concentrate on the east coast at Fujairah, which creates a partial geographic chokepoint.

“In addition, there is a specific risk from Iranian cyber operations targeting US-aligned digital infrastructure in the Gulf, which presents a more concrete near-term threat to datacentre and cloud operations than geography in the traditional sense.”

Gorman said the concern would be if Iran demonstrated any further capability to target Gulf digital infrastructure as part of its retaliation.

He said: “The UAE will need to show partners that its infrastructure is defensible. This is the question investors should be asking, not whether the broader AI ambition survives.”

Vili Lehdonvirta, professor of technology policy at Aalto university and senior fellow at the Oxford Internet Institute, University of Oxford, said there were significant costs to such defences but that the danger was real.

The former chair of the US National Security Commission on AI, Eric Schmidt, suggested last year that a country falling behind in an AI arms race could bomb their adversary’s datacentres.

Lehdonvirta said he suspected that no one actually believed that datacentres “would get bombed despite such scenarios being openly floated for some time”.

“If that’s the case then from now on we might perhaps see operators of prominent datacentres like AWS [Amazon Web Services] investing in air defence, similar to how shipping operators armed up against pirates,” he said.

Where might Iran fruitfully strike next?

“The Iranians will be well aware that the fibreoptic cables that connect these datacentres to the United States and to the rest of the world run through the strait of Hormuz,” Lehdonvirta said, “although they’ll be closely watched by the US and allied forces.”

You've read 23 articles in the last

| Computer Weekly
computerweekly.com
By
Alex Scroxton, Security Editor
Published: 05 Mar 2026 15:00

Exploitation of zero-days by commercial surveillance and spyware developers outpaced exploitation by nation-state actors last year, according to a report.

Suppliers of commercial spyware have edged ahead of nation-state threat actors when it comes to the exploitation of zero-day vulnerabilities at scale, according to data released by the Google Threat Intelligence Group (GTIG).

In a report titled Look what you made us patch: 2025 zero-days in review, the GTIG team said that of 42 unique zero-days it tracked in 2025, it was able to firmly attribute first exploitation of 15 to commercial surveillance vendors (CSVs), compared with 12 that were first exploited by nation-states – seven by China, and nine by financially motivated cyber criminals.

The data additionally highlight three zero-days that were “likely” exploited by China, and one possibly at the intersection of cyber crime and nation-state activity.

The GTIG team, comprising researchers Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Stevens and Fred Plan, wrote that despite CSVs increasingly focusing on operational security to obscure their unethical activity, the growth in their activity reflected a trend dating back several years.

“Historically, traditional state-sponsored cyber espionage groups have been the most prolific attributed users of zero-day vulnerabilities,” they said. “[But] over the last few years, the increase of zero-day exploitation attributed to CSVs and their customers has demonstrated the growing ability of these vendors to provide zero-day access to a wider range of threat actors than ever before.

“GTIG has reported extensively on the capabilities CSVs provide their clients, as well as how many CSV customers use zero-day exploits in attacks which erode civil liberties and human rights,” they added.

“In late 2025, we reported on how Intellexa, a prolific procurer and user of zero-days, adapted its operations and tool suite and continues to deliver extremely capable spyware to high paying customers.”

China-nexus threat actors
Beyond CSVs, China-nexus threat actors were the most prolific exploiters of new zero-days, predominantly focusing on edge and networking devices that are hard to monitor, as they seek to gain long-term footholds in their targets’ operations.

GTIG said it was clear that China-nexus espionage actors have become increasingly adept at developing and sharing exploits among themselves, demonstrating their government is prepared to shower them with plentiful technical, and presumably financial, resources – compared with the other “Big Four” states of Iran, North Korea and Russia.

Russian cyber criminals, on the other hand, continue to make a killing and remain able to similarly invest in technical expertise, as evidenced last year by Cl0p’s extortion campaign targeting flaws in Oracle E-Business Suite, and the exploitation of a flaw in the WinRAR file archiver by a group with possible links to the long-standing and ever-present Evil Corp crew.

Overall zero-day volumes remain on par
All this said, more widely, GTIG observed a total of 90 zero-days under active exploitation during 2025, lower than 2023’s record high of 100, but generally in the 60 to 100 range that has become established since the Covid-19 pandemic.

Of these 90 flaws, the raw number and proportion – 43% and 48%, respectively – of these targeted enterprise technology, with zero-days increasingly affecting security and network edge devices, favoured by both cyber criminals and nation-states alike.

CSVs, on the other hand, tended to prefer mobile and browser exploits, the overall volume of which is ebbing and flowing – well up on 2024, but about on par with 2023 – likely thanks to more focused actions from the likes of Google on Android and Apple on iOS, which have forced such threat actors to expand or adjust their techniques, leading to the peaks and troughs.

Broken out by supplier, GTIG found that the clear majority of zero-days understandably target Microsoft, which accounted for 25 in total. This was followed by Google, with 11; Apple, with eight; Cisco and Fortinet, tied on four; and Ivanti and VMware, with three. Six more suppliers had two zero-days each, and the remaining 20 were split across 20 suppliers.

Looking ahead into 2026, GTIG said that as supply-side actors continue their work to make zero-day exploitation tougher for the bad guys – particularly in the mobile space – adversaries will unfortunately continue to hone their skills as well, foreshadowing more expansive techniques and a growing diversity of targets.

The team said that enterprise exploitation in particular will widen thanks to the sheer breadth of applications and devices now in use, with only a single-point-of-failure needed for threat actors to engineer a breach.

The AI factor
The team also expects artificial intelligence (AI) to accelerate the race between attackers and defenders, with AI increasingly used to automate and scale attacks by accelerating recon activity and, critically, exploit discovery and development.

This will put more pressure on defenders to detect and respond to zero-days, but at the same time, they will of course be able to take advantage of AI tools – like agents – in their own work.

GTIG also indicated an emerging paradigm for zero-day exploitation in 2026, heralded by the Brickstorm malware campaign, in which data theft “has the potential to enable long-term zero-day development”.

Rather than merely stealing sensitive client data, Brickstorm’s actors – known as Warp Panda – used it to target their intellectual property, such as source code and development documents, something they could use to work angles on new zero-days in their victims’ software.

politico.com
By Maggie Miller
03/04/2026 07:00 PM EST

But it’s unclear if the strike has fully taken out Iran’s ability to launch cyberattacks as the Middle East war expands.
The Israel Defense Forces on Wednesday said it bombed a compound in Tehran housing Iran’s cyber warfare headquarters — but it’s unclear whether the strike will significantly kneecap Iran’s cyberattack capabilities.

According to a statement from the IDF, its forces on Wednesday carried out a “wide-scale strike” targeting a collection of military sites on the Eastern edge of Tehran that allegedly housed the headquarters of the Iranian Islamic Revolutionary Guards Corps. The IDF claims that the headquarters of the IRGC’s “cyber and electronic headquarters” and its “Intelligence Directorate” were among the military outposts hit in the strike.

It’s unclear to what extent these military sites were damaged or whether there were any casualties. Iran remains under an almost total internet blackout, which began on Feb. 28 when the first U.S. and Israeli strikes began, limiting the flow of information coming out of Iran.

Spokespeople for the IDF and for the Israeli Embassy in Washington did not respond to requests for comment. A spokesperson for the White House declined to comment on whether the U.S. was involved in the strikes and instead deferred to U.S. Central Command, which did not respond to a request for comment.

The IRGC has been linked to major cyber operations against the U.S. in recent years, including a hack and leak attack against the presidential campaign of Donald Trump in 2024.

Iran-linked hackers have been hitting back against the U.S., Israel and surrounding Gulf nations since the U.S.-led military operation on Saturday, which resulted in the assassination of Iranian Supreme Leader Ayatollah Ali Khamenei. According to findings from Israeli cyber firm Check Point Software, two types of surveillance cameras popular across Israel, Qatar, Bahrain and other Middle Eastern nations were compromised by Iranian-linked hackers, likely to monitor missile-related damage to those nations.

Researchers from cybersecurity company Palo Alto Networks’ Unit42 have also tracked dozens of pro-Iran hacktivist groups launching cyberattacks since Feb. 28, largely targeting critical infrastructure. These groups have claimed responsibility for compromises to Israeli payment systems and the temporary shutdown of Kuwaiti government websites.

One of these groups, Handala, has ties to the Iranian Ministry of Intelligence and Security, and claimed responsibility this week for attacks on an Israeli oil and gas energy company and the shutdown of some Jordanian gas stations.

It’s difficult to verify whether this group actually carried out these attacks. Jordan’s cybersecurity agency confirmed earlier this week that it had thwarted an Iranian cyberattack on wheat silo management systems in the country.

Despite the IDF’s strikes against the IRGC’s cyber command centers, cyberattacks linked to outside actors sympathetic to Iran may continue relatively unscathed.

Lt. Gen. Charles Moore, former deputy commander of U.S. Cyber Command, which handles offensive U.S. cyber operations against adversaries, said Wednesday that the IDF strikes will likely have “a significant impact on the regime’s ability to continue to execute these types of operations.” Still, Moore said, “that doesn’t mean proxy forces or others that are ideologically aligned with the regime can’t still attempt to conduct operations against us or Israel.”

The Iranian government has often relied on proxy groups outside the country, including those based in Russia, to carry out cyberattacks or disinformation campaigns on its behalf. This makes it harder to trace efforts back to the Iranian regime and more difficult for impacted countries to respond to these types of decentralized attacks.

“Cyber is now embedded in modern conflict, and operational impact does not require all operators to be physically located in Tehran,” said Alexander Leslie, senior advisor on government affairs at cybersecurity company Recorded Future.