Daily Cyber Threat Brief – Ep 1092 (March 19, 2026)
Episode Overview
This episode of Simply Cyber’s Daily Cyber Threat Brief, hosted by Dr. Gerald Auger (“two thumbs, all smiles, and a big ol’ cup of coffee!”), runs down the top cybersecurity news stories for March 19, 2026. The format is a fast-paced, insightful rundown of eight major stories affecting practitioners and business leaders alike—from espionage campaigns and malware exploits to regulatory and AI trends. Dr. Auger not only breaks down the headline facts, but also dissects the real-world implications for cybersecurity professionals at all levels.
Key Discussion Points & Insights
1. Dark Sword: New iOS Exploit Kit from Suspected Russian Hackers
[11:15-20:15]
- Discovery: Researchers from iVerify, Lookout, and Google found "Dark Sword"—an iOS exploit kit linked to Russian-backed groups, targeting Ukrainian users but potentially threatening millions on outdated iOS globally.
- Capabilities: Can steal passwords, messages, and crypto wallets.
- Mitigation: Apple has since patched the exploited vulnerabilities.
- Auger’s Take:
- “iOS is not invincible…If you have an exploitation and you can send a text message or get someone to open a file…the walled garden [App Store] doesn’t matter."
- “There’s absolutely no reasonable explanation on why you can’t keep your mobile phone up to date…just patch your phone, bruh.”
- The emotional stakes are real: “If I infect your phone…beaconing your location…I can send a missile there. This has happened.”
2. Okta Helps Dismantle Crypto-Stealing ShieldGuard
[20:15-27:47]
- ShieldGuard Extension: A browser extension masqueraded as protection for crypto wallets like Coinbase, but actually harvested sensitive user data and allowed for remote C2 execution.
- Tactics: Professional-looking sites and social engineering, easy via AI-generated landing pages.
- User Advice:
- “Really, you should be very judicial about selecting browser extensions to install…the browser is a massive attack surface.”
3. North Korea’s Fake IT Worker Army Exposed
[27:47-33:04]
- Scale: Research by IBM X-Force and Flare estimates 100,000 fake IT workers operating in 40+ countries, generating $500M/year for North Korea.
- Methods: Use of fake/stolen identities, western collaborators, deepfakes to win remote jobs—potential espionage risks.
- Impact: Significant loss of legitimate job opportunities; big risk to company data.
- Resource: Dr. Auger plugs Flare’s North Korea report for more details, “Appointment reading on Sunday for me.”
4. Conflicting Signals on Iran Cyber Threats
[33:04-38:27]
- Official denial: CISA Acting Director says there's been “no increase in Iranian cyber activity” after recent strikes.
- Contradiction: Akamai researchers show “245% increase” in cyberattacks in recent weeks.
- Auger’s Lesson:
- “It’s important to get information from multiple sources, not just one feed.”
- “Unfortunately, I don’t believe this. I love CISA…but I don’t know what they’re looking at to come to this conclusion…use this report to help get budget by using fear, uncertainty, and doubt.”
5. SaaS-Embedded Shadow AI Powers Massive Breaches
[43:36-49:57]
- Stats from Grip Security:
- 490% increase in Shadow AI-driven SaaS breaches.
- 80% involve sensitive data.
- 2025’s SalesLoft/Drift breach hit 700+ companies—attackers exploited stolen OAuth tokens across the SaaS supply chain.
- Key Insight:
- “100% of [23,000 organizations studied] had embedded AI in their SaaS apps.”
- “Shadow AI is the new Shadow IT…it’s the same problem.”
- “Asset inventory has been a mainstay critical control since the dawn of time. If you don’t know what you have, you can’t protect it.”
6. Intelligence Chief Grilled on Election Threat Omissions
[49:57-52:10]
- Event: US Intelligence chief Tulsi Gabbard defends omitting foreign election threats from recent threat assessments.
- Dr. Auger’s Stance:
- “Election security does fall under CISA…So, there is overlap with our community.”
- “Foreign threat actors have meddled with elections for years…don’t know why foreign threats would NOT be part of the assessment.”
- Ultimately skips in-depth coverage: “This is not, to me, really cybersecurity related.”
7. AI Hacking Bots Beat Humans at CTFs
[52:10-57:14]
- Story: Israeli startup Tenzai’s AI models outperformed 99% of 125,000 human participants in competitive CTF events.
- Industry Impact: Could disrupt the pentest services industry due to low-cost, high-effectiveness automated solutions.
- Encouragement:
- Despite AI advances, “CTFs are a great opportunity to network and share knowledge...challenge yourself. I would challenge you to step into being slightly uncomfortable and take on a CTF.”
- Recommends Zach Hill’s video on getting started with CTFs for beginners.
8. Cisco Firewall Zero-Day: Pre-Disclosure Exploitation
[57:14-57:56]
- Details: Ransomware group Interlock exploited a critical remote code execution flaw in Cisco's Secure Firewall Management Center—36 days before Cisco patched it.
- Advice:
- “If you had this and have not gotten punched in the mouth yet, you probably were not impacted…But, best practice: look up indicators of compromise and threat hunt in your environment.”
Notable Quotes & Memorable Moments
- On patching mobile devices:
“There’s absolutely no reasonable explanation on why you can’t keep your mobile phone up to date…just patch your phone, bruh.” — Dr. Auger ([16:40]) - On role of browser extensions in attacks:
“Some of the best malware out there hides in plain sight…You can’t rely on the integrity or the professionalism of these landing pages now.” ([22:00]) - On North Korea’s IT army:
“100,000 strong—who knew?...They’re taking our jobs, you know what I mean? Good God.” ([29:07]) - On threat intelligence contradictions:
“It’s important to get information from multiple sources…there’s a lot of people who do not think for themselves in 2026. It’s wild to me.” ([33:46]) - On SaaS and Shadow AI:
“If you’re not doing something about shadow AI, you are in trouble, my guy.” ([44:21]) - On CTF learning:
"I would challenge you to step into being slightly uncomfortable and take on a CTF...Organizers will give you hints if you’re struggling. It’s fun.” ([54:30]) - Meta moment:
“I spit hot fire, man. Every single day of the week has a special segment. Thursdays…Dan Reardon makes a custom meme for us in what’s your meme Thursday? I don’t censor these…” ([38:27])
Notable Community Moments
- First Timers Welcomed:
Regular community engagement—shout-outs to new viewers (“Welcome to the party, pal!”); special emotes, chat banter, inclusive and energetic. - Meme Thursday:
Community member Dan Reardon delivers a custom meme roasting Dr. Auger for his (real) tattoos (“I do have a tribal tattoo across my lower back waistline…it’s there, it’s a thing.”) ([38:27]) - Resources and Calls to Action:
- Encourages reading Flare’s North Korea report.
- Tips for reducing extension risk: “Just run lean, review the extensions you have—there’s no silver bullet.”
Important Timestamps (MM:SS)
- Dark Sword iOS exploit: [11:15-20:15]
- Okta’s ShieldGuard takedown: [20:15-27:47]
- North Korea Fake IT Army: [27:47-33:04]
- Conflicting Iran threat reports: [33:04-38:27]
- Shadow AI SaaS breaches: [43:36-49:57]
- Election threats omission: [49:57-52:10]
- AI vs. CTF Humans: [52:10-57:14]
- Cisco firewall zero-day abused: [57:14-57:56]
Episode Takeaways
- Patch your devices—especially mobile!
- Beware browser extensions and AI-enhanced phishing.
- Espionage actors (e.g., North Korea) are deeply embedded via remote IT work.
- Use multiple sources for threat intel—government and private sector often diverge.
- The browser and SaaS apps are the biggest vectors of attack, especially with Shadow AI.
- AI is now a real player in attack automation; defenders must adapt.
- Regular threat hunting and proactive asset inventory are more critical than ever.
- Community engagement and info-sharing are key to staying current—and having fun.
For the full experience, join the show live every weekday at 8am Eastern via Simply Cyber’s stream. "Stay secure!"