Bob's Brief

Cyber Intelligence Mosaic - March 20, 2026
618
Stories
587
Clusters
60
Connections
0
Early Signals
Story Clusters
Cluster 1 7 stories
ZERO DAYRANSOMWARECISCOVULNERABILITY
CISA Warns of Cisco Firewall 0-Day Exploited in Ransomware Attacks
More - Ransomware
CISA Warns Cisco Secure Firewall Management Center 0-Day Is Being Exploited in Ransomware Attacks
More - Network Security
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
More - CSO Online
Interlock ransomware targeting of max severity Cisco FMC zero-day precedes disclosure
More - SC World
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks
More - SecurityWeek
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
More - The Hacker News
Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon
More - The Record
Cluster 2 4 stories
ENERGYBELARUSSANCTIONSIRAN
Iran hits Gulf energy sites, escalating war, as U.S. mulls sanctions rollback
More - Sanctions
Iran war: Tehran vows 'zero restraint' if energy sites hit
More - Deutsche Welle Fresh
U.S. Lifts Fertilizer Sanctions on Belarus as Iran War Causes Price Surge
More - Sanctions
1,224 U.S. Sanctions that Buried Iran’s Economy, in One Chart
More - Kharon
Cluster 3 3 stories
PHISHINGFINANCIALMALWAREBANKING
Horabot Banking Malware Reemerges In Mexico With Sophisticated Phishing Chain
More - Financial Security
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
More - Phishing
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
More - The Hacker News
Cluster 4 2 stories
MICROSOFTUS
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
More - Bleeping Computer
US Tells Companies to Secure Microsoft System After Stryker Hack
More - Bloomberg Cyber
Cluster 5 2 stories
STATE SPONSOREDSPYWAREEXPLOIT
This new DarkSword iOS exploit can steal almost everything from your iPhone – here's what we know
More - State-Sponsored Cyber
‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors
More - SecurityWeek
Cluster 6 2 stories
STATE SPONSOREDDEFENSE
State-Sponsored Trolls as An Emerging Threat
More - Real Clear Defense
Cybersecurity Solutions Market: The Ultimate Defense Layer in the Era of Global Cyber Warfare
More - State-Sponsored Cyber
Cluster 7 4 stories
FANCY BEARUKRAINIANRUSSIANUKRAINEEXPLOITGOVERNMENTCVE 2025 66376VULNERABILITY
Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’
More - Fancy Bear
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376
More - Fancy Bear
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
More - Fancy Bear
Russian APT Exploits Zimbra Vulnerability Against Ukraine
More - Fancy Bear
Cluster 8 2 stories
IRANFINANCIALUS
Iran-linked cyberattack on US is 'first drop of blood' as experts reveal new threat to homeland
More - Financial Security
Global Banks Are In The Crossfire Of The Iran War
More - Financial Security
Cluster 9 2 stories
DEFENSERUSSIAUKRAINE
The Case For a (Future) Mutual Defense Treaty With Ukraine
More - Real Clear Defense
Ukraine Sets Up AI War Hub to Outpace Russia on the Battlefield
More - Defense Post
Cluster 10 3 stories
CVE 2026 23251SENTINELONECVE 2026 22174AUTHENTICATION BYPASSVULNERABILITYCVE 2026 4428
CVE-2026-22174: Openclaw Authentication Bypass Vulnerability
More - SentinelOne
CVE-2026-23251: Linux Kernel Use-After-Free Vulnerability
More - SentinelOne
CVE-2026-4428: AWS-LC Auth Bypass Vulnerability
More - SentinelOne
Cluster 11 2 stories
IRANIAN
U.S. seizes Iranian hacker propaganda sites
More - MSN Cyber
FBI seizes Iranian-linked hacker sites
More - MSN Cyber
Cluster 12 2 stories
DEFENSETAIWANUSCHINA
West Point analysis warns that strait of Hormuz blockade will strangle US defense industry
More - Guardian Fresh
China Does Not Plan to Invade Taiwan in 2027: US Intel Report
More - Defense Post
Cluster 13 2 stories
RANSOMWAREFINANCIAL
Marquis confirms sensitive personal data of 672,000 people stolen in ransomware attack
More - Ransomware
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
More - TechCrunch Security
Cluster 14 2 stories
ENERGYMILITARYUSISRAELIRAN
US military aircraft losses mount as Iran war approaches fourth week
More - SCMP Fresh
US and Israel strike more military targets, plus Iran’s leadership, repression units, and energy sites (March 17-18 updates)
More - FDD
Cluster 15 7 stories
BANKCHINESEEUCHINAIRANIANSANCTIONSUSIRAN
EU Belatedly Sanctions Chinese and Iranian Hackers
More - Bank Info Security
Sky News Australia. . The Hudson Institute’s writer and Research Fellow Zineb Riboua claims the era of China being the main buyer of Iranian oil with a “steep discount” is ending.
More - Sanctions
China/France • EU slaps sanctions on hackers linked to Chinese intelligence services
More - China Cyber
US may remove sanctions on Iranian oil stranded in tankers, treasury secretary says
More - Sanctions
US considers lifting sanctions on some Iranian oil
More - Sanctions
The U.S. weighs lifting Iranian oil sanctions to keep price in check
More - Sanctions
New EU sanctions package targets Iran human rights violations
More - ICLG
Key Connections
sectors
DEFENSE 24
ENERGY 14
BANK 10
CRITICAL INFRASTRUCTURE 10
GOVERNMENT 8
FINANCIAL 8
MILITARY 7
HEALTHCARE 6
countries
IRAN 64
US 52
CHINA 26
IRANIAN 24
ISRAEL 19
RUSSIA 17
UKRAINE 17
JAPAN 15
threat actors
STATE SPONSORED 7
LAZARUS 6
SALT TYPHOON 5
SCATTERED SPIDER 4
FANCY BEAR 4
LOCKBIT 3
malware
MALWARE 19
RANSOMWARE 14
SPYWARE 9
IMPLANT 2
economic
SANCTIONS 12
vulnerabilities
EXPLOIT 12
VULNERABILITY 12
ZERO DAY 7
RCE 2
tech
MICROSOFT 11
CISCO 9
SENTINELONE 6
GOOGLE 6
APPLE 4
CROWDSTRIKE 4
cyber ops
DATA BREACH 10
COMPROMISE 3
techniques
PHISHING 10
military
DRONE 4
MISSILE 4
supply chain
SUPPLY CHAIN 6
NPM 2