Cybersecurity Headlines — March 18, 2026
Host: Rich Stroffelino
Podcast: CISO Series
Episode: Energy strategy, scammer accord, font-rendering attack
Date: March 18, 2026
Episode Overview
This episode offers a rapid-fire rundown of major cybersecurity developments as of March 18, 2026. Topics range from government and industry efforts to defend against cyber threats—such as the US Department of Energy's upcoming cyber strategy and an unprecedented fraud accord by leading tech firms—to newly discovered vulnerabilities, evolving ransomware tactics, international sanctions on threat actors, expanding cyber monitoring initiatives, and the latest campaigns from notorious APT groups.
Key Discussion Points & Insights
1. U.S. Department of Energy’s Upcoming Cyber Strategy
[00:18]
- The U.S. Department of Energy will soon unveil its first strategic plan for protecting the national energy grid from cyberattacks.
- This plan supplements the National Cybersecurity Strategy, emphasizing sector resilience and public-private partnerships.
- Notably, the strategy will outline investments in defensive AI, prompted by a “rise in adversaries using AI offensively.”
- Memorable quote:
- Alex Fitzsimmons (Acting Director, Office of Cybersecurity, Energy Security and Emergency Response):
- “We're already seeing an increase in adversaries using it [AI] offensively.” [00:29]
- Alex Fitzsimmons (Acting Director, Office of Cybersecurity, Energy Security and Emergency Response):
- Focus areas: AI for defense, collaboration between government and industry.
2. Tech Industry’s Anti-Scam Accord
[00:43]
- Major tech firms—Google, Microsoft, Meta, Amazon, OpenAI, Adobe, and Match Group—have signed the new “Online Services Accord Against Scams.”
- Goals: Share information about scams, deploy new fraud detection tools, introduce security features, and establish user reporting mechanisms.
- The accord is voluntary with no enforcement mechanism.
- Quote:
- “Each company is also committed to deploying new fraud detection tools and introducing new security features to users, then sharing any best practices from those with their fellow signees.” [01:09]
3. Font Rendering Attack Evades AI Detection
[01:26]
- LayerX researchers demonstrated a proof-of-concept attack using custom font remapping and CSS to hide malicious commands from LLM-based security tools.
- LLMs scanning the code see gibberish, but browsers render visible malicious instructions for human users.
- Affected models include: ChatGPT, Claude, Copilot, Gemini, and Grok.
- Vendors mostly categorized this as a social engineering issue—only Microsoft accepted and addressed it.
- Quote:
- “LayerX presented the findings to vendors in December, but most found this issue out of scope...with only Microsoft accepting and addressing the finding.” [02:13]
4. LeakNet Ransomware’s New “Bring Your Own Runtime” Tactic
[02:31]
- LeakNet, active since 2024, now employs “bring your own runtime” attacks using the Deno JavaScript/TypeScript runtime to launch malware loaders.
- Attack chain: Social engineering (ClickFix) → Deno loader → In-memory JavaScript payload → C2 server for secondary payload.
- Main goal: Minimize forensic evidence and stay off detection radars.
5. EU Sanctions on Iranian and Chinese Threat Actors
[04:30]
- The EU placed fresh sanctions on Iran's Mnet Pasargad (for the Charlie Hebdo incident) and Chinese companies Integrity Technology Group and Axon Information Technology.
- Sanctioned for: Data theft, critical infrastructure targeting, selling info for hack-for-hire operations, and direct involvement in high-profile attacks (“Flax Typhoon”).
- Impact: Frozen assets, business bans with EU entities.
- Quote:
- “The EU also issued sanctions against two Chinese firms...for targeting critical infrastructure and selling information to hack for hire services.” [05:13]
6. Long-Term China Nexus Operations in Southeast Asia
[05:30]
- Palo Alto’s Unit 42 reports a China-linked group infiltrated Southeast Asian military networks since at least 2020.
- Methods: Two new backdoor malwares, GetPass credential stealer, Dropbox as dead drop resolvers.
- Objective: Intelligence on military capabilities and collaborations.
- Takeaway: “Custom malware and focused approach indicate a highly sophisticated threat actor.” [06:03]
7. UK Cyber Monitoring Center Eyes US Expansion
[06:13]
- The UK’s Cyber Monitoring Center (CMC) measures the economic impact of cyber incidents using a 0-5 scale (akin to natural disaster scales).
- Published detailed analyses in 2025 (e.g., Marks & Spencer's, Jaguar Land Rover attacks).
- CMC plans to expand to the US in 2026, with reporting beginning in 2027.
- Quote:
- “At a recent event in London, CMC head of operations Ruth Goodwin said establishing a US cyber monitoring center was on its roadmap for 2026.” [06:36]
8. North Korea’s Connie Group Targets KakaoTalk
[06:52]
- Genyon, a South Korean firm, discovered a new spear phishing campaign by North Korea-linked group Connie.
- Attack details: Phishing email posing as an appointment for a North Korean human rights lecturer → Malicious LNK file installs End Rat trojan → System data exfiltration and KakaoTalk spread.
- Notably, second-stage attacks are highly targeted.
Notable Quotes & Timestamps
- Alex Fitzsimmons on AI in defense:
- “We're already seeing an increase in adversaries using it [AI] offensively.” [00:29]
- Tech Accord details:
- “Each company is also committed to deploying new fraud detection tools and introducing new security features to users, then sharing any best practices from those with their fellow signees.” [01:09]
- On font rendering bypass:
- “LayerX presented the findings to vendors in December, but most found this issue out of scope...with only Microsoft accepting and addressing the finding.” [02:13]
- EU sanctions summary:
- “The EU also issued sanctions against two Chinese firms...for targeting critical infrastructure and selling information to hack for hire services.” [05:13]
- On CMC’s US expansion:
- “At a recent event in London, CMC head of operations Ruth Goodwin said establishing a US cyber monitoring center was on its roadmap for 2026.” [06:36]
Segment Timestamps
| Segment | Timestamp | |------------------------------------------------|-----------| | US Dept. of Energy Cyber Strategy | 00:18 | | Online Services Accord Against Scams | 00:43 | | Font-Rendering LLM Bypass PoC | 01:26 | | LeakNet Ransomware Tactics | 02:31 | | EU Sanctions on Iran & China Threat Actors | 04:30 | | China Nexus in Southeast Asian Military | 05:30 | | UK Cyber Monitoring Center Expansion | 06:13 | | North Korean Connie Group Targets KakaoTalk | 06:52 |
Tone & Style
The episode maintains an up-to-the-minute, factual, and slightly pithy news tone, with direct insights and some pointed commentary (e.g., noting lack of enforcement in the tech accord or vendor reaction to new exploits). The host, Rich Stroffelino, provides crisp narration and contextual links between stories, reflecting the urgency and interconnection of global cyber threats.
Summary
This episode encapsulates how the cybersecurity landscape is simultaneously shaped by government policy, industry collaboration, innovation in both attack and defense, and the constant evolution of threat actors. For CISOs and practitioners, it delivers actionable awareness of new trends—public-private cyber initiatives, LLM attack risks, ransomware evolution, and targeted APT campaigns—along with a taste of the international chessboard on which these dramas play out.