DJBSEC's CyberNews 2026-03-05
Cybersecurity Podcast Stories – March 5, 2026
1. LexisNexis Confirms Data Exposure Affecting Legal Professionals
LexisNexis has confirmed a data exposure incident affecting its Legal & Professional division. The breach reportedly exposed sensitive information tied to legal research services used by law firms and corporate legal teams. While the company says core systems remain secure, investigators are assessing how much customer data may have been accessed. Legal professionals rely heavily on LexisNexis platforms, making the potential impact significant. The company is working with cybersecurity experts and notifying affected customers.
2. Experts Warn Iran Conflict Could Trigger Cyber Escalation
Security analysts warn that rising tensions with Iran could lead to increased cyberattacks targeting Western infrastructure over the next 30 days. Potential targets include energy systems, transportation networks, and financial services. Iran-linked threat groups have historically used cyber operations to retaliate during geopolitical conflicts. Experts expect disinformation campaigns and disruptive cyberattacks to accompany traditional military actions. Organizations are advised to increase monitoring and strengthen incident response readiness.
3. Bitwarden Adds Passkey Login Support on Windows 11
Bitwarden has added support for passkey-based authentication on Windows 11, allowing users to log into their password vaults without traditional passwords. Passkeys rely on device-based cryptographic authentication tied to biometric or hardware security modules. The change aims to reduce phishing risks and improve account security. Microsoft’s Windows Hello integration allows seamless authentication for supported devices. Bitwarden says the update is part of a broader shift toward passwordless security.
4. Microsoft Leads Global Takedown of Tycoon2FA Phishing Service
Microsoft has helped dismantle infrastructure behind Tycoon2FA, a phishing-as-a-service platform used to bypass multifactor authentication. The service enabled attackers to intercept login sessions and steal credentials from enterprise users. Tycoon2FA was widely used in business email compromise and account takeover campaigns. The takedown involved cooperation with law enforcement and domain seizures. Security experts say the move disrupts a major cybercrime ecosystem.
5. State-Backed Hackers Preparing Undetectable Attacks on OT Systems
Researchers warn that state-affiliated hackers are preparing cyberattacks against operational technology systems that may evade detection. The attackers are targeting industrial control networks used in energy, manufacturing, and critical infrastructure. Advanced techniques allow them to remain hidden inside OT environments for extended periods. These stealth capabilities could enable sabotage without immediate warning signs. Security teams are being urged to strengthen monitoring of industrial networks.
6. Cisco Catalyst SD-WAN Vulnerabilities Discovered
Researchers have discovered multiple vulnerabilities affecting Cisco Catalyst SD-WAN devices. Attackers could exploit the flaws to gain unauthorized access or disrupt network operations. Because SD-WAN systems often manage enterprise connectivity, exploitation could have wide-reaching effects. Cisco has released patches and mitigation guidance. Organizations using affected devices should prioritize updates immediately.
7. Cisco Secure Firewall Management Flaw Allows Authentication Bypass
A critical vulnerability in Cisco Secure Firewall Management Center could allow attackers to bypass authentication protections. Successful exploitation may grant unauthorized administrative access to firewall systems. This could enable attackers to modify security policies or intercept network traffic. Cisco has issued security updates and recommended immediate patching. Organizations are urged to review logs for suspicious access attempts.
8. AWS Services Disrupted in the Middle East
Amazon Web Services experienced a service disruption affecting several cloud services across the Middle East region. The outage impacted applications relying on compute, storage, and networking services hosted in affected data centers. AWS said engineers worked to restore functionality and identify the root cause. While service interruptions were temporary, the incident highlights the reliance organizations place on cloud infrastructure. Customers were advised to review redundancy and failover strategies.
9. Phishing Campaign Exploits OAuth Authentication
Security researchers have identified a phishing campaign abusing OAuth authentication workflows to compromise accounts. Attackers trick victims into authorizing malicious applications rather than stealing passwords directly. Once authorized, these apps gain access to emails, files, and other sensitive resources. Because OAuth tokens can remain valid for long periods, attackers can maintain persistent access. Organizations are encouraged to audit OAuth permissions and revoke suspicious applications.
10. Pentagon Drops Anthropic AI Over Security Concerns
The Pentagon has reportedly ended its partnership with Anthropic’s AI technology after identifying potential security risks. U.S. defense officials cited concerns about data handling and model security. OpenAI is expected to take over the role previously filled by Anthropic’s AI systems. The shift highlights growing scrutiny over how AI models are deployed in sensitive government environments. National security agencies are increasingly evaluating AI providers for supply-chain risk.
11. Iran’s Two-Tier Internet Raises Major Security Concerns
Security experts warn that Iran’s two-tier internet system creates serious cybersecurity risks. The structure separates domestic internet traffic from the global network, allowing authorities greater control and surveillance. While intended for censorship and control, it may also increase vulnerability to cyberattacks and isolation from global security updates. Analysts say the system complicates incident response and transparency. The architecture has drawn criticism from cybersecurity researchers.
12. Thousands of Public Google Cloud API Keys Exposed Online
Researchers have discovered thousands of exposed Google Cloud API keys publicly accessible on the internet. Many were embedded in code repositories or misconfigured cloud environments. Attackers could potentially use these keys to access sensitive resources or run unauthorized workloads. Google recommends rotating exposed keys immediately and implementing stricter access controls. The findings highlight ongoing risks tied to cloud credential management.
13. Metasploit Adds Modules Targeting Linux RC4 Weakness
The Metasploit framework has introduced new modules designed to exploit weaknesses related to RC4 encryption in Linux systems. These modules help penetration testers identify vulnerable services using outdated cryptographic configurations. Security researchers say the additions highlight how legacy encryption remains widespread in enterprise environments. Attackers could potentially leverage the same weaknesses if systems remain unpatched. Administrators are advised to disable RC4 and upgrade encryption standards.
14. Juniper PTX Core Routers Vulnerable to Remote Takeover
A critical vulnerability affecting Juniper PTX core routers could allow attackers to take over the devices remotely. Because these routers operate in backbone networks, successful exploitation could disrupt large portions of internet traffic. Security researchers warn that compromised routers could be used for surveillance or network manipulation. Juniper has released patches and mitigation guidance. Network operators are urged to update systems immediately.
15. Iran’s Internet Near Total Blackout During Military Strikes
Reports indicate Iran’s internet connectivity was nearly shut down during recent U.S. and Israeli military strikes. The blackout appears to be part of the country’s strategy to control information flow and limit cyber retaliation. Network monitoring organizations observed dramatic drops in internet traffic during the events. The move highlights how governments can leverage connectivity shutdowns during geopolitical crises. Experts warn such disruptions also impact civilian communications and economic activity.
16. ShinyHunters Leak Full Odido Telecom Dataset
The cybercrime group ShinyHunters has released the full dataset stolen from telecom provider Odido. The leaked data reportedly includes millions of customer records containing personal and account information. Security analysts say the release follows failed extortion attempts against the company. Such leaks increase risks of identity theft and targeted phishing attacks. Authorities are investigating the breach and advising affected customers to monitor their accounts.
17. Samsung TVs Stop Collecting Texans’ Data Without Consent
Samsung has announced changes to its smart TV data collection practices to comply with Texas privacy regulations. The update prevents the collection of certain user data without explicit consent from residents of Texas. The move follows regulatory scrutiny around how smart devices gather and process personal information. Samsung says users will now see clearer consent prompts before data is collected. The change reflects growing pressure on tech companies to strengthen privacy protections.
18. Claude Code Tool Abused in Cyberattack on Mexican Agencies
Hackers reportedly abused the Claude Code AI development tool during a cyberattack targeting multiple Mexican government agencies. Attackers used the tool to automate data extraction and assist in exfiltrating more than 150 GB of sensitive information. The incident highlights how AI-powered development platforms can be misused during sophisticated cyber operations. Investigators are analyzing how the attackers integrated AI tools into their workflow. The breach underscores growing concerns about AI misuse in cybercrime.
Enjoy Reading This Article?
Here are some more articles you might like to read next: