ClearSignal — Mar 18, 2026

Today's landscape reveals converging pressures on critical infrastructure protection and supply chain security as adversaries shift tactics toward credential theft and AI-exploiting attacks. Federal agencies are recalibrating cyber defense strategies with new sector-specific guidance from DoE and CISA while clarifying public-private collaboration boundaries amid geopolitical tensions spanning NATO, Taiwan, and Iran. The GovCon community faces immediate implementation challenges around CMMC 2.0 assessment rigor and emerging threats to software development pipelines that demand urgent attention.

Top 3

1. GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX — The GlassWorm supply-chain campaign represents a major escalation targeting the core development infrastructure used across government and defense contractors—GitHub, npm, and VSCode platforms. This coordinated attack on hundreds of packages threatens the integrity of software built for federal systems. Immediate vendor and dependency reviews are essential to prevent compromised code from entering production environments. — bleeping-computer
2. Energy Department set to release its first-ever cyber strategy — DoE’s first-ever cybersecurity strategy through CESER signals heightened federal focus on energy sector resilience amid escalating critical infrastructure threats. This policy framework will drive new compliance requirements and partnership models for contractors supporting the energy industrial base. The strategy’s release timing aligns with broader administration efforts to strengthen sector-specific defenses beyond general national cyber policy. — the-record
3. More Attackers Are Logging In, Not Breaking In — The surge in credential theft attacks driven by industrialized infostealer malware and AI-powered social engineering marks a fundamental shift in adversary tradecraft away from vulnerability exploitation. This trend directly threatens identity-based security models across federal agencies and contractors. Organizations must urgently strengthen credential protection, multi-factor authentication, and identity governance to counter this evolving threat vector. — dark-reading

Policy & Regulatory

• CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors — CISA acting director Nick Andersen advised agencies to prioritize relationships over formal sector risk management agency designations when determining which agency leads critical infrastructure protection efforts. The guidance emphasizes flexible partnerships rather than rigid organizational hierarchies. — cyberscoop
• Trump administration isn’t pushing companies to conduct cyber offense, national cyber director says — National Cyber Director Sean Cairncross clarified that the Trump administration is not requiring private companies to conduct offensive cyber operations, but rather seeks to collaborate with the private sector to enable government-led offensive actions against adversaries. This addresses concerns about the administration’s national cyber strategy approach. — cyberscoop
• Europe sanctions Chinese and Iranian firms for cyberattacks — The European Union Council announced sanctions against three entities and two individuals for involvement in cyberattacks targeting critical infrastructure in Europe. The sanctions target Chinese and Iranian firms. — bleeping-computer
• Iran war is not delaying US weapons shipments to Taiwan, officials say — Trump administration officials confirmed that US weapons shipments to Taiwan remain on schedule despite the ongoing Iran conflict and its demands on air campaign resources. The statement addresses concerns about competing military priorities. — defense-news
• European allies tell Trump ‘nein,’ ‘non’ and ‘no’ on help to force open Hormuz Strait — European NATO allies have rejected President Trump’s request to deploy warships to the Strait of Hormuz, which Trump explicitly linked to U.S. involvement in NATO and Ukraine support. — defense-news
• Energy Department set to release its first-ever cyber strategy — The Department of Energy is preparing to release its first-ever cybersecurity strategy through CESER, designed to supplement the national cyber strategy and enhance security resilience across the energy sector. The strategy represents a significant policy development for critical infrastructure protection. — the-record
• Why assessment integrity is the hidden mission enabler for CMMC 2.0 — Analysis warns that CMMC 2.0 effectiveness depends on maintaining consistent, high-quality assessments to avoid becoming merely a procedural checkbox rather than a meaningful cybersecurity risk indicator. — federal-news-network

Technology Trends

• Appeals court temporarily pauses order blocking Perplexity’s AI shopping agent on Amazon — The Ninth Circuit Court temporarily paused a lower-court order that blocked Perplexity’s AI shopping agent from accessing Amazon, as the companies litigate whether user-authorized automation can access password-protected accounts without platform consent. The case raises important questions about AI agent access rights and platform control. — cyberscoop
• Apple pushes first Background Security Improvements update to fix WebKit flaw — Apple released its first Background Security Improvements update to patch WebKit vulnerability CVE-2026-20643 on iPhones, iPads, and Macs without requiring full OS upgrades. This represents a new approach to delivering critical security fixes more efficiently. — bleeping-computer
• GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX — The GlassWorm supply-chain campaign has resurfaced with a coordinated attack targeting hundreds of packages, repositories, and extensions across GitHub, npm, VSCode, and OpenVSX platforms. This represents a significant escalation in software supply chain threats. — bleeping-computer
• Top 5 Things CISOs Need to Do Today to Secure AI Agents — Token Security outlines five critical actions CISOs should take to secure AI agents, emphasizing identity-based access control as essential to prevent misuse and data exposure. The guidance highlights that AI agents are autonomous actors with real system access, not just copilots. — bleeping-computer
• New font-rendering trick hides malicious commands from AI tools — Security researchers discovered a new font-rendering attack that conceals malicious commands in HTML, causing AI assistants to overlook harmful code on webpages. The technique exploits how AI tools parse and interpret web content. — bleeping-computer
• Israel to mount lasers on fighter jets and helicopters — Elbit Systems announced plans to mount laser weapons on fighter jets and helicopters during its 2025 financial statement presentation. This represents advancement in directed energy weapon integration for airborne platforms. — defense-news
• Patriot air defense interception is costly: Here’s how it works — Patriot air defense systems have become essential for protecting military bases and infrastructure from aerial attacks, though the interception costs remain high. — defense-news
• Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records — North Korea’s Lazarus group allegedly breached crypto platform Bitrefill, stealing 18,500 purchase records containing email addresses, crypto payment addresses, IP addresses, and metadata. — the-record
• Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county — The Medusa ransomware gang claimed responsibility for a cyberattack that disabled systems at Mississippi’s largest hospital for nine days and also targeted a New Jersey county. — the-record
• Georgia man charged for robbing NBA, NFL players through stolen Apple account details — A Georgia man with prior convictions for fraud against professional athletes has been charged with impersonating an adult film actress to compromise Apple accounts belonging to NBA and NFL players. The case highlights ongoing social engineering threats targeting high-profile individuals. — the-record
• Meta, TikTok Steal Users’ Sensitive PII When They Click on Ads — Research reveals that Meta and TikTok use tracking pixels to collect sensitive personal information including credit card details and currency type when users click on advertisements and visit third-party sites. This practice raises significant privacy and data security concerns. — dark-reading
• SideWinder Espionage Campaign Expands Across Southeast Asia — The SideWinder threat group, suspected to be India-linked, is conducting an expanded espionage campaign across Southeast Asia targeting government agencies, telecommunications, and critical infrastructure. The group employs spear-phishing attacks, exploits known vulnerabilities, and uses rapidly rotating infrastructure to maintain persistent access. — dark-reading
• More Attackers Are Logging In, Not Breaking In — Credential theft attacks surged in the second half of 2025, driven by the industrialization of infostealer malware and AI-powered social engineering techniques. The trend indicates attackers are increasingly using stolen credentials for initial access rather than exploiting vulnerabilities. — dark-reading
• Less Lucrative Ransomware Market Makes Attackers Alter Methods — Ransomware actors are abandoning Cobalt Strike for native Windows tools as victim payment rates reach record lows and attackers increasingly focus on data theft operations. — dark-reading
• Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish — Threat actors conducted a sophisticated 7-stage phishing attack against cybersecurity firm Outpost24, leveraging trusted brands and domains to target a C-suite executive, though the attack was ultimately unsuccessful. — dark-reading
• Warlock Ransomware Group Augments Post-Exploitation Activities — Warlock ransomware group has enhanced its post-exploitation capabilities with stealthier cross-network activity using a new Bring Your Own Vulnerable Driver (BYOVD) technique and additional tools. — dark-reading
• Risky Business #829 — Sneaky lobsters: Why AI is the new insider threat — Cybersecurity podcast covers multiple threat developments including Iran’s Intune-based wiper attack on medical device maker Stryker, Qihoo 360’s AI accidentally publishing TLS certificate private keys, and Instagram discontinuing end-to-end encrypted messaging. — risky-business

Procurement & Opportunities

• US Navy taps Gecko Robotics to help remedy maintenance headaches — The U.S. Navy has contracted Gecko Robotics to deploy AI and robotics solutions on 18 ships in the Pacific Fleet to address maintenance challenges. — defense-news
• NATO Business Opportunity: IT Modernization Recovery Increment 1 - Service Integration — The Department of Commerce Bureau of Industry and Security issued a special notice for IT Modernization Recovery Increment 1 - Service Integration (RFQ-CO-423324-ITMSI) with responses due April 7, 2026. — sam-gov
• Collaborating Center for Questionnaire Design and Evaluation Research (CCQDER) Mission Support Services — The Centers for Disease Control and Prevention released solicitation 75D301-26-R-73414 for Collaborating Center for Questionnaire Design and Evaluation Research Mission Support Services, with responses due April 2, 2026. — sam-gov
• Agile Software for Chief Digital and Artificial Intelligence (CDAO) Operations — NIWC Atlantic issued solicitation N6523626RE004 for Agile Software development supporting Chief Digital and Artificial Intelligence Office operations, with responses due March 25, 2026. — sam-gov

← Archive