On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• The Coruna exploits were L3 Harris, but it seems Triangulation… was not!
• Iran’s cyber HQ hit by Israeli (kinetic) strikes
• Trump’s cyber “strategy” is … well, all we’ve got is jokes cause there’s no serious content
• NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod
• DOGE (remember them?!) employee walked a social security database out on a USB stick

This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots.

Show Notes:

Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript https://www.nadsec.online/blog/coruna

GitHub - matteyeux/coruna: deobfuscated JS and blobs https://github.com/matteyeux/coruna

US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine https://techcrunch.com/2026/03/10/us-military-contractor-likely-built-iphone-hacking-tools-used-by-russian-spies-in-ukraine/

APT36: A Nightmare of Vibeware https://businessinsights.bitdefender.com/apt36-nightmare-vibeware

State-linked actors targeted US networks in lead-up to Iran war https://www.cybersecuritydive.com/news/state-linked-actors-targeted-us-networks-in-lead-up-to-iran-war/814190/

Iranian cyber warfare HQ allegedly hit by Israel https://www.scworld.com/brief/iranian-cyber-warfare-hq-allegedly-hit-by-israel

Last 2 names of 6 US soldiers who died in Kuwait attack identified by the Pentagon https://apnews.com/article/iran-us-military-deaths-0a3f1532ec1953d51898e5b5e2b625d6

Signal, WhatsApp users face Russian phishing push, Dutch warn https://www.nbcnews.com/tech/security/signal-whatsapp-users-face-russian-phishing-push-dutch-warn-rcna262533

Samuel Bendett on X: “Russian military told it couldn’t use Telegram messaging app” https://x.com/sambendett/status/2031468780560265571?s=46&t=VLIuBKdOq3MvRk4IpV-_-A

FBI investigating ‘suspicious’ cyber activities on critical surveillance network https://edition.cnn.com/2026/03/05/politics/fbi-investigating-cyber-breach-critical-surveillance-network

Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime https://risky.biz/risky-bulletin-new-white-house-eo-prioritizes-fight-against-scams-and-cybercrime/

President Trump’s CYBER STRATEGY for America https://www.whitehouse.gov/wp-content/uploads/2026/03/President-Trumps-Cyber-Strategy-for-America.pdf

Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens https://www.whitehouse.gov/fact-sheets/2026/03/fact-sheet-president-donald-j-trump-combats-cybercrime-fraud-and-predatory-schemes-against-american-citizens/

UK plans to shift fraud fight onto telecoms, tech companies https://therecord.media/uk-plans-to-shift-fraud-fight-to-telecoms-tech

Trump to hit Anthropic with executive order to remove “woke” AI Claude https://www.axios.com/2026/03/09/trump-white-house-anthropic-executive-order?utm_source=x&utm_campaign=editorial&utm_medium=owned_social

Anthropic launches code review tool to check flood of AI-generated code https://techcrunch.com/2026/03/09/anthropic-launches-code-review-tool-to-check-flood-of-ai-generated-code/

CrowdStrike reports record quarter amid investor concerns about AI impact https://www.cybersecuritydive.com/news/crowdstrike-record-quarter-investor-concerns-ai/813791/

Critical defect in Java security engine poses serious downstream security risks https://cyberscoop.com/pac4j-open-source-library-vulnerability-max-severity-risk/

Gen. Joshua Rudd confirmed as NSA, Cyber Command head https://www.washingtonpost.com/national-security/2026/03/10/joshua-rudd-nsa-cyber-command-confirmed/

Plankey’s nomination as CISA director now in jeopardy https://www.cybersecuritydive.com/news/sean-plankey-cisa-dhs-controversy/813898/

DOGE employee stole Social Security data and put it on a thumb drive, report says https://techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/

Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/

Cel mai mare exportator român de carne, deținătorul brandului Cocorico, a intrat în restructurări, alături de Casa de Insolvență Transilvania https://startupcafe.ro/cel-mai-mare-exportator-roman-carne-cocorico-restructurari-alaturi-casa-insolventa-transilvania- 94953