Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines
B (0:07)
these are the cybersecurity headlines for Tuesday, March 24, 2026. I'm Sarah Lane. New Dark Sword Exploit Hits GitHub A newer version of the Dark Sword iPhone hacking toolkit has been leaked on GitHub, making it easy for attackers to target devices running older iOS versions. Researchers say the exploits don't require much skill to deploy and can steal messages, contacts and passwords. Apple has issued patches and says updated devices aren't at risk. But with roughly a quarter of iPhones still on outdated software, hundreds of millions of devices could still be vulnerable. Gemini AI agents hit the Dark Web Google launched Gemini AI agents in Public Preview to monitor the Dark Web and analyzing up to 10 million posts daily to identify threats relevant to specific organizations. The system builds a profile of a customer, scans Dark Web activity for data leaks, initial access, broker activity and insider threats, and then generates prioritized alerts with context from human analysts tracking 627 threat groups. Accuracy is reported at 98%, reducing false positives that are common in traditional monitoring. Gemini agents can also automate threat investigation and response within Google Security operations. Trivi Supply Chain Attack Expands Aqua Security's Trivi Supply Chain attack has expanded with new compromised docker images. On March 19, Trivi version 0.69.4 was infected with credential stealing malware via GitHub Actions. Researchers from Socket found further compromised images uploaded on March 22 without official releases. The malware contained typo squatted C2 domains and exfiltration files linked to the Team PCP threat group, which has expanded operations to worms, ransomware, crypto mining and and destructive attacks. Organizations using Trivi are advised to review recent activity, though Aqua securities commercial products are said to remain unaffected. The phone call is the new phishing email. Mandian reports a rise in voice based phishing attacks where hackers impersonate employees or IT staff over the phone to gain Access, accounting for 11% of incidents in 2025. Traditional email phishing dropped to 6%. Exploited software vulnerabilities remain at the top entry Point at 32%. Tech, finance and health care were the most targeted sectors, with attackers increasingly combining social engineering and zero day exploits. Huge thanks to our sponsor ThreatLocker. Ransomware doesn't need to be sophisticated if it's allowed to execute. A growing number of security teams are shifting focus from detecting ransomware to preventing execution in the first place, controlling applications, scripts and installers so unauthorized code never gets the chance to run. Learn more@threatlocker.com initial access handoff shrinks Mandiant along with Google Threat Intelligence Group also reports that cyber attacks are accelerating, with the time between initial access and handoff to secondary attack, dropping to just 22 seconds in 2025. That's down from more than eight hours in 2022, indicating tighter coordination and automation. Median dwell time rose to 14 days and 40% of incidents involved data theft. High tech firms were the most targeted and researchers identified 714 new malware families. Russia linked malware operation collapses Russia linked Android spyware operation Clayrat appears to have collapsed months after its October launch following security flaws and the arrest of its suspected developer in Krasnodar. Clayrat was designed for espionage and remote device control, targeting Russian users via phishing sites and fake apps, mimicking WhatsApp, TikTok and Google Photos. Researchers at Solar said the malware's failure was driven by technical errors with weak obfuscation and predictable distribution. At its Peak, over 600 samples were in circulation, but by December all command servers were offline. Law enforcement is now pursuing its operators Trio Tech subsidiary hit by Ransomware Semiconductor services firm Trio Tech reported that a subsidiary in Singapore which encrypted files on its network suffered a ransomware attack on March 11. That subsidiary took systems offline, launched an investigation with third party cybersecurity experts and notified law enforcement. While it was first deemed non material leaked stolen data led management to classify it as a potentially material cybersecurity event. The Gunra ransomware group claimed responsibility. Trio Tech is working with its cyber insurance provider while investigating the full scope. Mazda discloses security breach Mazda Motor Corporation disclosed a security breach detected in December that exposed 692 Employee and business partner records. The attackers exploited a vulnerability in a warehouse management system for parts from Thailand, which contained no customer data but exposed information including user IDs, names, emails, company names and partner IDs. Mazda says it strengthened security, applied patches and increased monitoring and no misuse has been reported. No ransomware group has claimed responsibility. CISOs debate human role in AI powered security at RSAC Security leaders from companies including Google Cloud, Vodafone and Paypal said that traditional human in the loop AI oversight does not scale for modern cyber defense. Instead, they favor automated AI driven systems with humans on the loop for guidance and risk evaluation. Execs emphasize that AI is already widely used for tasks like fraud detection and workflow automation, but data security, prompt injection and governance are new risks. The consensus AI security needs strong data controls, clear risk frameworks and industry collaboration with humans shifting from direct control to oversight. Despite making strides, it's still common to see cybersecurity lineups that lack representation. When we call out these kinds of incidents, what are we hoping to achieve, and what are some other constructive ways to move the needle towards diversity? That's one of the subjects we are diving into on this week's episode of the CISO Series podcast. Look for the episode why highlight diversity when we can? Just hope you don't notice. Wherever you get your podcasts, if you have some thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we really want to hear from you. I am Sarah Lynn reporting for the CISO series. Stay classy, stay safe, and we'll talk to you tomorrow.