Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines
B (0:06)
these are the cybersecurity headlines for Thursday, March 12, 2026. I'm Sarah Lane. Meta Apps Offer New Scam Protection Meta is adding new scam detection features across Facebook, messenger and WhatsApp to warn users about suspicious activity before interaction. The updates include alerts for unusual device linking attempts on WhatsApp, warnings for suspicious friend requests on Facebook, and expanded AI based scam detection on messenger that can review chats for common fraud patterns. This is all meant to help users identify and block potential scams before they become a problem. Google's Wiz Acquisition Finalized Google completed its $32 billion all cash acquisition of cloud security startup Wiz, the largest deal in Google's history. Wiz will join Google Cloud but continue supporting multiple platforms including aws, Azure and Oracle Cloud as its own multi cloud security provider. The deal closed after U.S. and EU regulatory approval. Wiz surpassed $1 billion in annual recurring revenue in 2025. China curbs state Run Open Claw Use Chinese authorities have barred state run enterprises and government agencies, and including major banks from installing OpenClaw AI on office computers or personal devices connected to company networks due to security risks. OpenClaw is an agentic AI platform that autonomously manages tasks and accesses private data, raising some concerns over external communications and rogue behavior. Some employees and military families face restrictions, while other notices require prior approval. Chinese tech firms like Tencent, Alibaba and Minimax continue promoting OpenClaw apps. CISA orders N8N RCE flaw Patch CISA has directed US federal agencies to patch a remote code execution vulnerability in the N8N workflow automation platform. Actively exploited in attacks, the flaw allows authenticated attackers to execute arbitrary code, potentially exposing sensitive data such as API keys, database credentials and CICD secrets. N8N patched the issue back in December, but Shadow server reports over 40,000 unpatched instances online. Federal agencies have to remediate by March 25th, but CISA urges all organizations to secure their N8N deployments immediately. Huge thanks to our sponsor DropZone AI. Here's something worth asking any AI security vendor you might meet at RSAC. Can you show me exactly what your AI did? Not just the verdict, the reasoning. Every tool that it queried, every piece of evidence, every step it took to get there. Most can't. Dropzone AI can. Every investigation is fully transparent. You don't have to trust the AI, you can verify it. See it for yourself at booth 455 and learn more at DropZone AI. RSA2026AI diner Comet AI browser tricked into phishing scam Researchers have shown that agentic AI browsers like Perplexity's Comet can be manipulated into phishing scams in minutes by exploiting how the AI reasons and narrates its actions. Guardio researcher Shaked Chen described this as agentic blabbering where the AI exposes its observations and plans, allowing attackers to train malicious pages to to bypass defenses. Stav Cohen explained intent collusion where user requests merge with attacker instructions, enabling hidden commands to execute. Related work from TrailOfBits and Zenity Labs demonstrated prompt injections and zero click attacks to exfiltrate data like Gmail content and 1Password credentials. France's national cybersecurity agency sees ransomware drop the French cybersecurity agency, also known as ANSI or ANSSI, reported 128 ransomware attacks in 2025. That's down from 141 in 2024. Partly due to law enforcement operations like Operation Endgame, SMBs remained the main targets. Healthcare and education sectors saw the largest year over year increase. Qilin, akira and Lockbit 3.0 lock bit black were the most common strains with new variants also observed. Overall, cyber incidents stayed stable at 1,366 confirmed cases. Data exfiltration claims rose and DDoS attacks declined. Stryker offline after wiper malware attack MedTech company Stryker is offline after a wiper malware attack claimed by Hendala and an Iranian linked pro Palestinian hacktivist group. The attackers say they stole 50 terabytes of data and wiped over 200,000 systems, servers and mobile devices affecting offices in 79 countries. Staff reported losing both corporate and personal device data. Internal services and applications were also disrupted, forcing some teams to revert to manual workflows. Handala, linked to Iran's Ministry of Intelligence and Security, has targeted Israeli organizations since December of 2025. Destructive malware leaky looker found in Google Looker Studio Tenable Researchers uncovered nine vulnerabilities in Google Looker Studio, dubbed leaky looker that could have let attackers extract or manipulate sensitive cloud data. The flaws affected SQL connectors, authentication and report sharing features allowing zero click attacks using report owner credentials and one click attacks targeting viewers. Services at risk include BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets and cloud storage. Google patched the platform globally with no customer action required. Security tools are supposed to solve problems and make our lives easier, so why does it seem like they're doing the opposite and creating more work. That's what we're trying to answer on this week's episode of Defense In Depth. Look for the episode Are youe Security Tools? Creating more work for your team wherever you get your podcasts. If you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we want to hear from you. I am Sarah Lane, reporting for the CISO series. Thank you for listening and we'll talk to you tomorrow.