ClearSignal — Mar 13, 2026

Federal cybersecurity and surveillance oversight face mounting challenges as FBI warrantless searches surge 34% under FISA 702, while regulatory uncertainty grows around commercial spyware and telecom security following major policy reversals. Simultaneously, operational strain intensifies across defense and critical infrastructure sectors, from an $11 billion six-day Middle East operation and Arctic exercise withdrawals to sophisticated cyberattacks crippling major medical device manufacturers. These converging pressures underscore systemic vulnerabilities in both policy frameworks and operational resilience that demand executive attention.

Top 3

1. Exclusive: New data shows increase in FBI searches of Americans’ data last year — FBI warrantless searches of Americans’ communications under FISA Section 702 jumped 34% to 7,413 cases, representing a significant expansion of domestic surveillance activities through foreign intelligence authorities. This increase arrives amid ongoing congressional debate over Section 702 reauthorization and civil liberties protections, creating immediate compliance and oversight implications for agencies handling classified intelligence. — the-record
2. Price tag for Epic Fury tops $11 billion in first six days, Pentagon tells Congress — Operation Epic Fury has already consumed over $11 billion in just six days, with actual costs expected to climb as war-related expenses were excluded from initial Pentagon reporting to Congress. This burn rate signals potential budget reallocation pressures across DoD programs and underscores the fiscal volatility of rapid military operations in the Middle East theater. — defense-news
3. Stryker tells SEC that timeline for recovery from cyberattack unknown — Medical device giant Stryker suffered a cyberattack causing global disruption to its Microsoft environment with no recovery timeline, exposing critical vulnerabilities in healthcare supply chain resilience. The incident demonstrates how sophisticated attacks on major manufacturers can cascade through the medical device sector, affecting hospital operations and patient care delivery nationwide. — the-record

Competitive Landscape

• Italy’s Leonardo rides high on soaring global defense spending — Italian defense contractor Leonardo projects €21 billion in new business over the next decade from its Michelangelo Dome multi-layered air defense system. The company is benefiting from increased global defense spending. — defense-news

Policy & Regulatory

• Exclusive: New data shows increase in FBI searches of Americans’ data last year — New data reveals FBI searches of Americans’ data under Section 702 of FISA increased from 5,518 to 7,413 between reporting periods. The increase represents a 34% rise in warrantless searches of U.S. persons’ communications collected through foreign intelligence surveillance. — the-record
• UK regulators demand social media platforms make it harder for kids under 13 to access sites — UK regulators ICO and Ofcom demanded social media platforms strengthen protections to prevent children under 13 from accessing their sites, with firms required to report implementation plans by end of April. The directive emphasizes immediate action on child safety measures. — the-record
• Price tag for Epic Fury tops $11 billion in first six days, Pentagon tells Congress — The Pentagon reported to Congress that Operation Epic Fury has cost over $11 billion in its first six days, with the actual figure expected to rise as war-related expenses were omitted from the initial calculation. — defense-news
• Commercial Spyware Opponents Fear US Policy Shifting — The Trump administration’s commercial spyware policy has created uncertainty after rescinding sanctions and reactivating contracts, leaving opponents unclear about regulatory boundaries and enforcement priorities. — dark-reading
• DoD to evaluate ‘external’ CMMC risks — A GAO report reveals the Pentagon has not fully assessed risks associated with relying on private sector entities to implement the Cybersecurity Maturity Model Certification (CMMC) program. DoD will now evaluate these external implementation risks. — federal-news-network

Agency & Mission Activity

• Cyber National Mission Force to get new commander amid broader leadership turnover — Brig. Gen. Matthew Lennox from Army Cyber Command will replace Marine Corps Maj. Gen. Lorna Mahlock as commander of the Cyber National Mission Force. The leadership change is part of broader turnover at the organization. — the-record
• US Air Force KC-135 goes down in Iraq, CENTCOM says — A US Air Force KC-135 aircraft crashed in Iraq with CENTCOM confirming the incident was not caused by hostile or friendly fire. Rescue efforts are currently ongoing. — defense-news
• Nations withdraw some equipment from NATO Arctic exercise amid Iran fallout — NATO member nations, including Italy, are withdrawing military equipment from an Arctic exercise due to tensions with Iran, with the Italian destroyer Andrea Doria repositioned for potential deployment closer to home. — defense-news

Technology Trends

• Starbucks discloses data breach affecting hundreds of employees — Starbucks disclosed a data breach impacting hundreds of employees after threat actors compromised Starbucks Partner Central accounts. — bleeping-computer
• Google fixes two new Chrome zero-days exploited in attacks — Google released emergency security updates to patch two high-severity Chrome zero-day vulnerabilities actively exploited in attacks. — bleeping-computer
• Canadian retail giant Loblaw notifies customers of data breach — Canadian retail giant Loblaw notified customers of a data breach and automatically logged out all account holders as a precautionary measure. — bleeping-computer
• England Hockey investigating ransomware data breach — England Hockey is investigating a potential data breach after being listed as a victim on the AiLock ransomware gang’s data leak site. — bleeping-computer
• AI-generated Slopoly malware used in Interlock ransomware attack — A new AI-generated malware strain called Slopoly enabled threat actors to persist on a compromised server for over a week during an Interlock ransomware attack. This represents an emerging trend of using generative AI to create malicious code. — bleeping-computer
• Google paid $17.1 million for vulnerability reports in 2025 — Google paid over $17 million to 747 security researchers through its Vulnerability Reward Program in 2025 for reporting security bugs. — bleeping-computer
• Telus Digital confirms breach after hacker claims 1 petabyte data theft — Telus Digital confirmed a security breach after threat actors claimed to have stolen nearly 1 petabyte of data in a multi-month attack. — bleeping-computer
• Going the Extra Mile: Travel Rewards Turn into Underground Currency. — Cybercriminals are converting stolen airline loyalty miles into flights and hotel stays, reselling them as discounted travel in underground markets. — bleeping-computer
• Apple patches older iPhones and iPads against Coruna exploits — Apple released security updates for older iPhones and iPads to patch vulnerabilities exploited by the Coruna exploit kit in cyberespionage and crypto-theft attacks. — bleeping-computer
• Authorities takedown global proxy network SocksEscort — Law enforcement took down the SocksEscort botnet proxy network, which compromised routers and IoT devices in 163 countries, affecting 369,000 victims and generating $5.8 million for cybercriminals. — cyberscoop
• Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules — Cyber officials expressed concern that public apathy toward the Salt Typhoon hacking group threat is undermining efforts to strengthen telecom security regulations. Officials are struggling to convey the severity of the threat to the general population. — cyberscoop
• Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million — Federal authorities arrested Angelo Martino, a DigitalMint ransomware negotiator, for allegedly conducting ransomware attacks while simultaneously negotiating on behalf of victims in a scheme that extorted $75 million. Martino is accused of playing both sides in some of the same ransomware cases. — cyberscoop
• US, Europol disrupt SocksEscort network that exploited thousands of residential routers — U.S. authorities and Europol disrupted the SocksEscort proxy network that exploited thousands of malware-infected residential routers. The network enabled cybercriminals to purchase access to compromised routers to mask their locations and IP addresses. — the-record
• Stryker tells SEC that timeline for recovery from cyberattack unknown — Medical device manufacturer Stryker disclosed in an SEC filing that a cyberattack caused global disruption to its Microsoft environment with an unknown recovery timeline. The company has engaged external cybersecurity experts for threat assessment and containment. — the-record
• B-21 Raider completed ‘close-proximity flight’ with KC-135 tanker, US Air Force confirms — The US Air Force confirmed the B-21 Raider completed a close-proximity flight test with a KC-135 tanker, marking a precursor step toward validating aerial refueling capabilities essential for the bomber’s long-range strike mission. This represents a key developmental milestone for the advanced stealth bomber program. — defense-news
• Real-Time Banking Trojan Strikes Brazil’s Pix Users — A sophisticated banking Trojan campaign targeting Brazil’s Pix payment system combines traditional malware with real-time human operator intervention to maximize fraud effectiveness. — dark-reading
• Why Stryker’s Outage Is a Disaster Recovery Wake-Up Call — An Iranian cyberattack on Stryker highlights critical gaps in business continuity and disaster recovery planning, serving as a real-world stress test that many organizations fail to prepare for adequately. — dark-reading
• Risky Biz Soap Box: It took a decade, but allowlisting is cool again — Airlock Digital discusses the resurgence of application allowlisting as a cybersecurity control and explores how AI models can assist in managing enterprise allowlists. The company highlights the durability of allowlisting technology, which has remained effective for over a decade without major changes. — risky-business

← Archive