Summary4 min read

Cybersecurity Headlines – March 17, 2026

Host: Sarah Lane
Episode Focus: Major global cyber incidents, the rise of AI-powered scams, and key vulnerabilities affecting organizations and critical infrastructure.

Episode Overview

This episode delivers a brisk roundup of the most pressing cybersecurity stories of the day, highlighting notable breaches, scam tactics, vulnerability warnings, and legal/regulatory developments. The central themes concern the surge in cybercrime amid geopolitical tensions, evolving and targeted scam techniques using AI, and urgent security flaws affecting vital technology platforms.

Key Discussion Points & Insights

1. Stryker Hospital Tools: Safe Amid Internal Systems Attack

[00:06] Medical device maker Stryker experienced a cyberattack disrupting its internal systems and electronic ordering for a week.
Attackers used Microsoft Intune's remote wipe feature to reset thousands of company devices, leading to factory closures and manual order processing.
Investigation: Likely compromise of high-level admin accounts; attribution claimed by Iranian-aligned HANDELA group, but not confirmed by Stryker.
Sarah Lane: "Stryker said its hospital equipment and connected products remained safe after a cyberattack disrupted internal systems..." [00:09]

2. AI Face Models Fuel Romance and Crypto Scams

[01:10] Wired magazine uncovered a market for "AI face models" recruited through Telegram listings.
These individuals, often young women, perform up to 150 video calls daily, while AI software overlays their faces onto new digital personas, facilitating scams.
Scams target romance and crypto investors, building victim trust on deepfake video calls.
Quote:
- "Applicants record large volumes of calls... AI software swaps their faces onto fake personas to build trust with victims." [01:16]
Some workers might be coerced or trafficked, especially in Southeast Asia scam compounds.

3. Cybercrime Surge: 245% Increase Linked to Iran Conflict

[01:38] Akamai reports a 245% spike in cybercrime since the onset of the Iran war.
Targets: Predominantly banks (40%) and fintech, followed by ecommerce and gaming.
Tactics: Botnet scanning, credential harvesting, wide-scale reconnaissance.
Only 14% of detected source IPs are from Iran; most attacks funneled through proxies in Russia and China.
Marked increase in hacktivist group activity tying cybercrime to geopolitical strife.

4. Active Exploitation: Wing FTP Server Vulnerability

[02:15] CISA warns US federal agencies to patch or mitigate a flaw in Wing FTP Server (used by USAF, Sony, Airbus).
The bug allows remote code execution and exposes installation paths; it has already seen active exploitation.
Agencies have two weeks to comply; advice includes patching or discontinuing the server if necessary.
Sarah Lane: "The vulnerability ... was used in active attacks and affects the cross-platform FTP software..." [02:18]

5. Landmark Decision: Luxembourg Overturns €746 Million Amazon Fine

[03:20] The Luxembourg court vacated a major GDPR-related fine against Amazon, sending the case back to regulators.
Reason: Procedural issues—failure to determine Amazon’s intent or consider alternative penalties.
Amazon’s data practices were still found non-compliant, so the case may be retried.

6. Live Chat Phishing Targets Amazon & PayPal Users

[03:58] Attackers impersonate trusted brands via live chat, tricking users into divulging sensitive information (credentials, card data, MFA codes).
Techniques: Use of legitimate-looking order confirmation or refund lures to direct users to real-time conversations with “support” agents (actual human scammers).
“The campaign relies on real-time social engineering... which ups the chance of successful data theft.” [04:12]

7. Russian City Perm: Parking Payments Disrupted by DDoS

[04:50] DDoS attack took Perm city’s parking payment systems offline, making parking temporarily free; now restored.
At least third recent disruption affecting Russian municipal services; no attribution so far.

8. UK Companies House Flaw: Sensitive Business Data Exposed

[05:20] A vulnerability in the UK’s Companies House platform exposed dashboard data from 5 million companies, including directors’ personal info.
Access required login; no passwords or identity verification data leaked, and no document tampering occurred.
The incident is under investigation, with notification to the ICO and NCSC.

Notable Quotes & Moments

[00:09] "Stryker said its hospital equipment and connected products remained safe after a cyber attack disrupted internal systems and shut down electronic ordering for more than a week." – Sarah Lane
[01:16] "Applicants record large volumes of calls, sometimes 100 to 150 per day, while AI software swaps their faces onto fake personas to build trust with victims." – Sarah Lane
[02:18] "The vulnerability was discovered last May, was used in active attacks and affects the cross platform FTP software used by organizations including the U.S. Air Force, Sony and Airbus." – Sarah Lane
[04:12] "The campaign relies on real-time social engineering to make interactions seem trustworthy, which ups the chance of successful data theft." – Sarah Lane

Timestamps for Important Segments

00:06 – Stryker hospital tools update & Iranian HANDELA group claim
01:10 – AI face model recruitment and deepfake scam exposé
01:38 – 245% rise in cybercrime linked to Iran war
02:15 – CISA urgent warning: Wing FTP server flaw
03:20 – Luxembourg vacates Amazon GDPR fine
03:58 – New phishing via live chat abusing Amazon/PayPal branding
04:50 – Russian city Perm’s parking payments disrupted by DDoS
05:20 – UK Companies House flaw exposes sensitive business info

Final Notes

This episode encapsulates the fast-evolving threat landscape: from geopolitical cybercrime waves to innovative AI scam tactics and persistent vulnerabilities in key infrastructure. The host consistently emphasizes the stakes and nuances of each story, blending concise reporting with industry urgency.

For more details or to deep-dive into any headline, visit: CISOseries.com

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series. It's Cybersecurity headlines
[00:07]
B
these are the cybersecurity headlines for Tuesday, March 17, 2026. I'm Sarah Lane Stryker Update hospital tools Safe digital ordering services down Medical device maker Stryker said its hospital equipment and connected products remained safe after a cyber attack disrupted internal systems and shut down electronic ordering for more than a week. The incident reportedly wiped thousands of company devices through its Microsoft Intune management system and forced factories to close, with staff handling orders manually while systems are restored. Incident responders at Cisco Talos said the attackers likely compromised high level admin accounts and used Intune's remote wipe feature to reset devices. Iranian aligned group HANDELA claimed responsibility, though Stryker hasn't confirmed Attribution Models apply to be the face of AI scams A Wired investigation found dozens of Telegram job listings recruiting AI face models, often young women to appear on deepfake video calls used in romance and crypto investment scams. Applicants record large volumes of calls, sometimes 100 to 150 per day, while AI software swaps their faces onto fake Personas to build trust with victims. Researchers say the roles are tied to large scam compounds in Southeast Asia, where some workers may participate voluntarily while other face coercion or even trafficking. Cybercrime up 245% since Iran conflict Akamai reports that cybercrime activity has surged 245% since the start of the Iran war, with botnet scanning, credential harvesting and reconnaissance targeting banks and critical businesses. Banking and fintech account for about 40% of the malicious traffic, followed by e commerce and gaming. Although the campaign is tied to geopolitical tensions, only about 14% of source IPs originate from Iran, with many attacks routed through proxy infrastructure in Russia and China used by hacktivist groups. CISA flags wing FTP server flaw as actively exploited CISA warned federal agencies to patch a wing FTP server flaw that exposes installation paths and can be changed with a critical remote code execution bug. The vulnerability was discovered last May, was used in active attacks and affects the cross platform FTP software used by organizations including the U.S. air Force, Sony and Airbus. Agencies have two weeks to secure systems under BOD 2201, while CISA advises all defenders to apply vendor mitigations or discontinue use if unpatchable. Huge thanks to our sponsor Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Today's phishing doesn't just hit inboxes, it can sound like your CFO or look like your CEO on zoom. AI, voices, video and deep fakes are turning trust into the attack surface. Adaptive fights back with AI driven risk scoring, deepfake simulations featuring your own executives and interactive training that your team will actually Remember. Take a 3 minute tour or request a CEO deepfake demo at adaptivesecurity.com Luxembourg overturns privacy fine against Amazon A Luxembourg Court vacated the 746 million euro fine imposed on Amazon back in 2021 for alleged GDPR violations, sending the case back to the National Commission for Data Protection. The court cited procedural issues, including the CNPD's failure to assess whether Amazon intentionally violated GDPR or consider alternative penalties. The ruling didn't invalidate the CNPD's findings that Amazon's data practices were non compliant at the time. Amazon says it's pleased with the decision, while the regulator may review the case and potentially issue a new fine. Live chat abused to phish credit card personal data A new phishing campaign abuses the live chat platform, impersonating Amazon and PayPal to trick users into sharing credentials, MFA codes, credit card info and other personal data cofence. Researchers found attackers using two a PayPal refund lure and a generic order confirmation prompt, both leading to live chats with human operators posing as support agents. The campaign relies on real time social engineering to make interactions seem trustworthy, which ups the chance of successful data theft. Cyber attack disrupts parking payments in Perm the Russian city of Perm restored its parking payment system after a DDoS attack last week forced it offline, temporarily making parking free. Authorities confirmed all payment methods are now working and said drivers won't face penalties for missed payments during the outage. It is at least the third recent cyber disruption of Russian city services following attacks in Krasnodar and Tiber. No group has claimed responsibility and it is unclear if this incident is linked to prior attacks. UK's Companies House flaw exposed business data Companies House temporarily shut down its web filing service after a vulnerability exposed data from 5 million UK registered companies between last October and March of this year. The flaw let logged in users access other companies dashboards revealing sensitive information including directors, dates of birth, home addresses and company emails. No passwords or identity verification data appear to be compromised and filed documents couldn't be altered. The agency has reported the incident to the ICO and NCSC and is investigating potential exploitation. Security thrives on context, so why does cybersecurity as an industry get so caught up with universal concepts that often can't be applied? That is one of the conundrums we're trying to untangle on this week's episode of the CISO Series podcast. Look for the episode they're less best practices and more Sounds good on LinkedIn. Wherever you get your podcasts. If you have some thoughts on the news from today or about our show in general, be sure to reach out to us feedbackisoseries.com we'd really love to hear from you. I am Sarah Lane, reporting for the CISO series. You stay safe, Stay Stay cool, or stay warm.
[06:43]
A
Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.