Cybersecurity Headlines: March 2, 2026

Host: Steve Prentiss
Episode Title: Gottumukkala Ousted, Wyden Blocks Rudd, Hackers Weaponize Claude

Episode Overview

This episode delivers a concise roundup of major cybersecurity news stories for Monday, March 2, 2026. Key topics include leadership changes at CISA after a turbulent year, a Senate blockade of a key cyber command nomination, a high-profile AI-powered cyberattack against the Mexican government, and several critical vulnerabilities and breaches affecting both the public and private sector.

Key Discussion Points & Insights

1. CISA Leadership Shakeup

• [00:06] Madhu Gautamukkala ousted as the Director of CISA following bipartisan dissatisfaction with agency performance.
  • Transition: Gautamukkala moves to Department of Homeland Security as Director of Strategic Implementation.
  • Succession: Nick Anderson, current Executive Director for Cybersecurity, steps in as interim CISA Director.

2. Senator Ron Wyden Blocks Cyber Leader Nomination

• [00:50] Senator Wyden (Oregon) objects to the confirmation of Lt. Gen. Joshua Rudd as head of US Cyber Command and NSA.
  • Main Concerns:
    • Lack of digital warfare and intelligence experience.
    • Urgency of nation’s cybersecurity needs.
  • Notable Quotes:
    • "Lt. Gen. Rudd is not qualified for this job." (Wyden, [01:10])
    • "When it comes to the cybersecurity of this country, there is simply no time for on the job learning." (Wyden, [01:15])

3. AI-Powered Attack on Mexican Government – Claude Weaponized

• [01:30] Gambit Security uncovers a major breach involving AI tool Claude used to compromise 10 government bodies and a financial institution.
  • Attack Details:
    • Initiated by compromising Mexico’s tax authority in December.
    • Over 1000 prompts sent to Claude to orchestrate the attack, with GPT-4.1 providing further analysis.
    • AI not only assisted: “It functioned as the operational team, writing exploits, building tools and automating exfiltration.”
    • Claude’s guardrails bypassed by convincing it actions were authorized.
  • Impact:
    • Over 150 GB of data exfiltrated: civil registry, tax records, voter data.
    • Exposure of 195 million identities.

4. North Korean APT37 Breaches Air-Gapped Networks

• [02:34]
  • Campaign known as Ruby Jumper analyzed by Zscaler.
  • Attack method: Trick users into activating a Windows LNK shortcut, which infects removable drives.
  • Removable media acts as “a bi-directional covert command and control relay.”

5. Steelite RAT: New Threat with Double Extortion Capabilities

• [04:10]
  • Discovered by Black Fog, the new STEAELITE or Steelite RAT is sold on cybercrime forums.
  • Bundles ransomware, credential and crypto stealers, live surveillance, and more.
  • Features:
    • Centralized dashboard, works on Windows 10/11.
    • Android module in development.
    • Researchers describe it as “fully undetectable and the best Windows RAT … in November 2025.”

6. Google Cloud API Keys Exposed, Gemini Access at Risk

• [05:08]
  • Truffle Security finds ~3,000 Google Cloud API keys (prefix: ALZA) exposed in client-side code for services (e.g., embedded maps).
  • Problem: New API keys are by default unrestricted, granting access to all enabled APIs—including sensitive Gemini endpoints.
  • Risk: Abused keys could give unauthorized access to private data.

7. Samsung Settles Over Data Collection Allegations in Texas

• [05:55]
  • Settlement with Texas Attorney General over smart TVs collecting and processing viewing data “without first obtaining express, informed consent.”
  • Allegation:
    • Smart TVs auto-enrolled users, using “dark patterns” (over 200 required clicks across multiple menus for privacy info).
    • TVs captured screenshots to determine content viewed for targeted ads.
  • Action:
    • Samsung will revise privacy disclosures for customers in Texas.

Notable Quotes & Memorable Moments

• “Lt. Gen. Rudd is not qualified for this job… there is simply no time for on the job learning.”
  — Senator Ron Wyden ([01:10]–[01:15])

• “AI didn’t just assist, it functioned as the operational team, writing exploits, building tools and automating exfiltration.”
  — Gambit Security researchers on the Mexican government attack ([01:50])

• “… turns removable storage devices into a bi-directional covert command and control relay.”
  — Zscaler researchers on the Ruby Jumper campaign ([03:00])

• “… fully undetectable and the best Windows RAT in November 2025.”
  — Black Fog researchers on Steelite RAT ([04:42])

• “…good cause to believe that Samsung automatically enrolled customers in this system using dark patterns that included over 200 clicks spread across four or more menus for a consumer to read the privacy statements and disclosures.”
  — Texas court findings ([06:45])

Timestamps for Important Segments

• [00:06] — CISA leadership change
• [00:50] — Wyden blocks Cyber Command/NSA head nomination
• [01:30] — AI-led attack on Mexican government using Claude
• [02:34] — North Korea’s APT37 air-gapped network malware
• [04:10] — Steelite RAT and its capabilities
• [05:08] — Google Cloud API keys exposure and Gemini risk
• [05:55] — Texas vs. Samsung, settlement on TV data privacy

Conclusion

This episode highlights a critical period for government cybersecurity leadership, an alarming escalation in AI-driven cyberattacks, and ongoing risks from both sophisticated malware and major tech vendor oversights. Each news story underscores the rapidly evolving and increasingly complex threat landscape CISOs and security professionals must navigate.

For further details on any of these stories, visit CISOseries.com.