Daily Cyber Threat Brief Podcast Summary
Episode: 🔴 Mar 13’s Top Cyber News NOW! - Ep 1088
Date: March 13, 2026
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Co-Hosts / Panel: DJ B Sec, James McQuiggin
Episode Overview
Today's episode delivers practical, expert-level analysis of the top cyber threats making headlines as of March 13, 2026. Host Dr. Gerald Auger, along with community panelists, breaks down eight major news stories relevant to security professionals, from nation-state collaboration with cybercriminals to fresh ransomware tactics, banking malware evolutions, and practical defense advice. The tone is upbeat, peppered with humor, dad jokes, and a collaborative spirit aimed at all experience levels—whether you’re just breaking into cybersecurity or work at the executive tier.
Key News Stories and Insights
1. Iran Collaborates with Cybercriminals to Boost Attacks
[12:28 - 19:55]
- Story: Iran's Ministry of Intelligence & Security is reportedly working with cybercriminal groups to enhance and conceal its cyber operations, using malware like Radomonthus and participating in ransomware-as-a-service ecosystems.
- Analysis:
- “Iran is got capabilities, okay?...They're now partnering with cyber criminals to boost cyber attacks, as the title says. Now this, this is just money, right?” (15:20, Dr. Auger)
- The fusion of state and criminal actors complicates attribution and raises the bar for defenders.
- Heightened vigilance is cautioned, especially for U.S.-based orgs, given increased targeting amid geopolitical tensions.
- “We are entering a global conflict, it would appear, which means...public/private sector, they're both going to be in scope...there's one Internet, okay?” (17:20, Dr. Auger)
- Russia is reportedly providing Iranian actors with resources and possible cyber mercenary access.
- Takeaway: Expect elevated risk, increased attack volume, and opportunistic attacks leveraging criminal infrastructure.
2. Venon Banking Malware Targets Brazilian Banks
[19:55 - 25:29]
- Story: New Rust-based malware "Venon" targets 33 Brazilian banks via DLL sideloading, “click fix” social engineering, and advanced evasion.
- Analysis:
- “Banking malware is definitely made a comeback...Financial based malware was very popular 2012-2015...now the banking one is back.” (20:54, Dr. Auger)
- While primarily targeting Brazilian users now, the codebase could easily be adapted for other geographies with AI.
- Notable technique: shortcut LNK hijacking and credential overlays suggest attackers may broaden focus to desktop systems, not just mobile.
- Defense Tips:
- Emphasize user education about “click fix” scams.
- Monitor for suspicious LNK files and known developer signatures.
- Block unnecessary LNK attachments where feasible.
3. England Hockey Association Suffers Ransomware Data Theft
[25:29 - 29:45]
- Story: Ransomware gang AI Lock claims theft of 121GB of data, threatening exposure unless paid; England Hockey runs 800+ clubs, 150,000 players.
- Analysis:
- “An AI lock got them. Now they stole 129 gigs of data, which is pretty common nowadays. The data exfiltration, I believe, is more popular than data encryption at this point.” (26:13, Dr. Auger)
- No impact to day-to-day operations (“no encryption”), but the data includes sensitive info on players.
- Pragmatic business commentary: impact on league and reputation will likely be limited but will require the usual PR response and monitoring for phishing.
- Takeaway: Data theft in ransomware is often more impactful than disruption; reminders to monitor for follow-on credential/phishing attacks.
4. SEO Poisoning Distributes Fake VPN Clients (Storm 2561)
[29:45 - 36:01]
- Story: Microsoft warns about credential theft campaigns distributing fake VPN installers via SEO poisoning, targeting users searching for VPN software.
- Analysis:
- Attackers purchase ads or manipulate search rankings for popular VPN terms. Users download trojanized, signed MSI installers containing “Hyrax” infostealer.
- “...threat actors make the top result using SEO poisoning and paying money to be a sponsored post...You download that VPN client...and instead you're loading malware on your computer.” (31:53, Dr. Auger)
- Real-world scenario: Employees on the road get a new laptop, Google the organization's VPN client, and get hit.
- Defense Tips:
- Strict policy: Only install VPN/software from IT or official links.
- Tech controls: Use application allowlists, block unsigned executables, reinforce defense in depth.
5. Rise of AI-Assisted Ransomware (Hive0163 & “Sloppily” Malware)
[41:57 - 49:13]
- Story: IBM X-Force reports group Hive0163 uses AI-generated PowerShell malware (“Sloppily”) for persisting in attacks.
- Analysis:
- “AI is making developing software incredibly easy. At least the threat actors now are like being transparent about it, calling this one sloppily meaning AI slop.” (42:55, Dr. Auger)
- Attack unfolds via click-fix malvertising, PowerShell scripts, scheduled tasks (beaconing C2), classic kill chain.
- Low sophistication in persistence, but high speed/scale due to AI.
- Takeaway:
- AI accelerates malware development and adaptation; defenders need to revisit control points for user permissions (no self-serve PowerShell), block known IOCs, and improve user awareness on click-fix malvertising.
- New term, courtesy of the community: "Vibeware" = "vibe-coded" AI malware.
6. SOX Escort Proxy Botnet Dismantled
[49:13 - 55:27]
- Story: Operation Lightning by international law enforcement disrupts SOX Escort, a major residential proxy network (369,000+ IPs) used for fraud, ransomware, etc., and freezes $3.5M in crypto.
- Analysis:
- “Coordinating law enforcement across multiple countries is awesome...they defrauded a customer up to a million dollars.” (49:58–54:00, Dr. Auger)
- The botnet relied on AV recon malware on routers (often using default credentials).
- Seized servers, frozen funds will have a chilling effect but unless operators are arrested, new infrastructure is likely to arise quickly.
- Takeaway: Default credentials on routers/small biz gear remain a huge risk; harden all remote endpoints, encourage reporting of unusual device behavior.
7. Veeam Backup Flaws Enable RCE
[55:27 - 61:25]
- Story: Veeam patches four remote code execution vulnerabilities; attackers with low-priv cred could escalate and run arbitrary code on backup servers, prime ransomware targets.
- Analysis:
- “Veeam is super important...It's up there with criticality as like a VPN server, right? You should keep it patched and update and very healthy, care, nurture, feed it. Ah, you gotta patch it!” (56:13, Dr. Auger)
- Attackers quickly reverse-engineer patches to build exploits, making fast patching critical.
- Defense:
- Patch ASAP. Treat backup infrastructure as sacrosanct.
- Monitor for privilege escalation and RCE attempts.
- Remember: Patch window is the "danger zone"—attackers race defenders.
8. Pix Revolution: Real-Time Android Banking Fraud in Brazil
[61:25 - 64:04]
- Story: Zimperium discovers "Pix Revolution" Android Trojan hijacking Brazil’s “Pix” instant payment system, using accessibility features to redirect transactions in real time.
- Analysis:
- “There's money there, which means threat actors are going to target it, period, full stop.” (62:18, Dr. Auger)
- Uses agent-in-the-loop: an actual operator hijacks transactions.
- Takeaway: Android banking fraud continues to innovate, using accessibility abuse and real-time operator intervention. Safeguard mobile banking practices, be wary of fake app stores/apps.
Notable Quotes & Memorable Moments
- “Straight cash, homie” – on cybercriminal motivations for collaborating with state actors. (15:40)
- “Protecting your Veeam infrastructure is like taking care of a VIP. You’ve gotta patch it!” (56:50)
- “Do not install VPN software unless it's provided to you by a IT person. Right? Official links.” (35:30)
- New community term: “Vibeware” for AI-generated ‘vibe-coded’ malware. (47:02)
Dad Jokes Friday (Mid-Roll)
[36:47 - 41:57]
- “Why did the mobile phone have to wear glasses? … It lost its contacts.”
- "What's another name for apple juice? … An iPhone charger."
- “Why do horses have a hard time using the Internet? … They require a stable connection.”
Closing Jawjacking Panel & Q&A Highlights
[66:15 - End]
- Panelists: Dr. Auger, DJ B Sec, James McQuiggin.
- Discussion Topics:
- Stryker Medical breach (using built-in Intune/MDM wipe, not wiper malware), and the importance of MFA and defense-in-depth for admin accounts.
- Home office equipment reimbursement and tax deductions—varies by company; check policies and consult tax professionals.
- Favorite AI platforms: Claude tops for code, Gemini for creative tasks, ChatGPT still useful for specificity, and tools like Copilot and Obsidian mentioned.
- Claude "skills" and prompt management—recommendation of Chase AI’s YouTube channel for serious learners.
- Resource sharing: DJ B Sec’s educational site for cybersecurity basics.
Community & Conference Updates
- Simply CyberCon 2026 registration and speaker submissions news; aimed at being accessible and value-packed for attendees.
- Virtual options will be made available for international/community participation.
- Simply Cyber community lauded as diverse, experienced, and supportive.
Useful Timestamps
- Sponsor Acknowledgements: [03:08 – 12:21]
- Cyber News Story 1 (Iran): [12:28 – 19:55]
- Story 2 (Venon Malware): [19:55 – 25:29]
- Ransomware/Data Theft (England Hockey): [25:29 – 29:45]
- Fake VPN/SEO Poisoning: [29:45 – 36:01]
- Dad Joke Friday: [36:47 – 41:57]
- AI-Assisted Malware (Sloppily): [41:57 – 49:13]
- SOX Escort Botnet Takedown: [49:13 – 55:27]
- Veeam Vulnerabilities: [55:27 – 61:25]
- Pix Revolution/Fraud: [61:25 – 64:04]
- Panel Q&A: [66:15 - End]
Final Takeaways
- Patching and defense-in-depth are more critical than ever with AI-fueled attack innovation.
- User education—especially around phishing, click-fix, malvertizing, and software sourcing—is vital.
- Collaboration across security teams, up-and-coming tools like AI skills, and constant professional learning are strongly encouraged.
- The Simply Cyber community offers knowledge, humor, and career support—join in for news, laughs, and real-world guidance.
“I'm Jerry for Simply Cyber. On behalf of James and DJ B Sec, until next time, stay secure.” (Dr. Gerald Auger, [End])