ClearSignal — Mar 24, 2026

Today's intelligence reveals a cybersecurity landscape in critical transition as adversaries weaponize AI and supply-chain tools while governments rush to establish defensive frameworks. Nation-state threats from Russia and Iran intensify across multiple vectors—from ransomware operations receiving prison sentences to active campaigns targeting messaging platforms and critical infrastructure. The U.S. response centers on establishing foundational controls through NIST cybersecurity guidance, UK partnership on underwater drone threats, and Microsoft's new guardrails for agentic AI, even as phishing tactics evolve beyond email to voice-based attacks that exploit human vulnerabilities.

Top 3

SP 1347, NIST Cybersecurity Framework 2.0: Informative References Quick-Start GuideInitial Public Draft — NIST’s release of the Cybersecurity Framework 2.0 Quick-Start Guide provides critical federal and contractor guidance for implementing AI-assisted risk management at a moment when threat actors are actively weaponizing AI tools. This foundational document will shape compliance requirements and procurement specifications across the GovCon ecosystem. Organizations should review the informative references now to align security architectures with emerging federal standards. — nist-drafts
US and UK teaming up to destroy underwater drones — The US-UK partnership to counter underwater drone threats signals recognition of an emerging attack vector against ports and critical infrastructure with potential catastrophic economic impact. This initiative will likely drive new procurement opportunities for autonomous underwater defense systems and maritime domain awareness technologies. Contractors with subsurface detection and counter-UAS capabilities should monitor this bilateral effort closely. — defense-news
The phone call is the new phishing email — Mandiant’s finding that vishing has replaced email as the primary intrusion vector represents a fundamental shift requiring immediate attention to social engineering defenses and identity verification protocols. This tactical evolution exploits gaps in multi-factor authentication and challenges traditional security awareness training programs. Government contractors handling sensitive communications must reassess authentication procedures and insider threat detection capabilities. — cyberscoop

Competitive Landscape

Poland eyes benefits of joining GCAP sixth-generation fighter project — Poland is exploring participation in the GCAP sixth-generation fighter project and has held discussions with Italian and Japanese stakeholders, though formal government negotiations remain unclear. — defense-news

Policy & Regulatory

State officials, election experts question California sheriff’s seizure of ballots — State officials and election experts are questioning a California sheriff’s seizure of ballots, with the state attorney general suggesting the investigation was based on a rambling citizen presentation at a county meeting. — cyberscoop
The ‘simple maneuver’ of opening Hormuz strait carries great risks, analysts say — President Trump has characterized operations to unblock the Strait of Hormuz as overly simplistic, while analysts warn that such military maneuvers carry significant risks to the economically vital passage. — defense-news
US and UK teaming up to destroy underwater drones — The United States and United Kingdom are partnering to counter the emerging threat of underwater drones targeting ports and critical infrastructure. — defense-news
SP 1347, NIST Cybersecurity Framework 2.0: Informative References Quick-Start GuideInitial Public Draft — NIST released an initial public draft of SP 1347, a Quick-Start Guide for the Cybersecurity Framework 2.0 Informative References, which explains how to use NIST tools and informative references for cybersecurity risk management including AI-assisted capabilities. — nist-drafts

Technology Trends

OpenAI rolls out ChatGPT Library to store your personal files — OpenAI launched ChatGPT Library, a new cloud storage feature enabling users to store and reference personal files and images in future chat sessions. — bleeping-computer
Crunchyroll probes breach after hacker claims to steal 6.8M users’ data — Anime streaming platform Crunchyroll is investigating a data breach after hackers claimed to have stolen personal information of approximately 6.8 million users. — bleeping-computer
Trivy supply-chain attack spreads to Docker, GitHub repos — TeamPCP hackers expanded their Trivy supply-chain attack against Aqua Security by pushing malicious Docker images and hijacking the company’s GitHub organization to tamper with dozens of repositories. — bleeping-computer
Varonis Atlas: Securing AI and the Data That Powers It — Varonis introduced Atlas, a security solution designed to help organizations see, secure, and control AI systems and the data they access, addressing the security challenges of AI agents with direct data access. — bleeping-computer
FBI: Iranian hackers targeting opponents with Telegram malware — The FBI has issued an alert warning that Iranian hackers have been targeting opponents with malware distributed through Telegram, with the campaign dating back to 2023 and gaining urgency amid ongoing Middle East conflict. — cyberscoop
An AI-powered phishing campaign has compromised hundreds of organizations — Huntress researchers have identified an AI-powered phishing campaign that has compromised hundreds of organizations, with indications that the actual victim count worldwide may be significantly higher. — cyberscoop
The phone call is the new phishing email — Mandiant’s M-Trends report reveals that voice-based phishing (vishing) has become a primary intrusion vector, replacing traditional email phishing as attackers shift tactics to exploit human vulnerabilities through phone calls. — cyberscoop
Patriot missile involved in Bahrain blast likely US-operated, analysis finds — Analysis indicates a U.S.-operated Patriot missile was likely involved in a pre-dawn explosion in Bahrain that injured dozens of civilians and damaged homes early in a conflict. — defense-news
Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence — A Russian hacker affiliated with the Yanluowang ransomware gang received a nearly seven-year prison sentence for assisting in cyber intrusions targeting U.S. companies and demanding millions in ransom. — the-record
Hacker walks away with $24.5 million after breaching Resolv DeFi platform — A hacker stole $24.5 million from the Resolv DeFi platform, with Resolv offering a 10% bounty if the attacker returns the remaining funds and stops exploiting them. — the-record
FBI warns of Russian, Iranian cyber activity involving messaging platforms — The FBI issued warnings about separate Russian and Iranian cyber campaigns targeting social media messaging platforms including Signal and Telegram. — the-record
Education company Kaplan reports data breach impacting more than 230,000 — Educational services company Kaplan disclosed a cybersecurity incident affecting over 230,000 individuals, resulting in exposure of Social Security and driver’s license numbers in fall 2025. — the-record
US sentences Nigerian national to 7 years in $6 million email fraud scheme — U.S. Immigration and Customs Enforcement announced a 90-month prison sentence for Nigerian national James Junior Aliyu for conspiracy to commit wire fraud and money laundering in a $6 million email fraud scheme. — the-record
‘CanisterWorm’ Springs Wiper Attack Targeting Iran — A data theft and extortion group launched ‘CanisterWorm,’ a wiper malware targeting Iran that spreads through insecure cloud services and destroys data on systems using Iran’s time zone or Farsi language settings. — krebs-on-security
AI boosts efficiency for agencies, but trust and safety lead the way — Officials from the Department of Labor and State Department, alongside academic and industry experts, discussed current AI deployment strategies in government, emphasizing trust and safety as primary considerations for improving agency efficiency. — federal-news-network
Microsoft Proposes Better Identity, Guardrails for AI Agents — Microsoft announced new identity management and guardrail features to address security threats emerging from agentic AI systems, providing foundational controls for enterprises deploying AI agents. — dark-reading
AI in the SOC: What Could Go Wrong? — Two cybersecurity leaders conducted a six-month pilot testing AI capabilities in their Security Operations Centers and shared lessons learned from the deployment. — dark-reading
Trivy Supply Chain Attack Targets CI/CD Secrets — Threat actors weaponized Trivy, an open source security scanning tool, to deploy infostealers targeting CI/CD pipelines and exfiltrate cloud credentials, SSH keys, and authentication tokens. — dark-reading
Ransomware’s New Era: Moving at AI Speed — Ransomware threat actors are leveraging AI to accelerate attack speeds, bypass security controls, and exploit valid credentials for data-focused extortion campaigns. — dark-reading
CISOs Debate Human Role in AI-Powered Security — Security executives debated the necessity of human oversight in AI-powered security systems during a panel at the RSA Conference 2026, challenging traditional ‘human-in-the-loop’ approaches. — dark-reading
Attackers Hide Infostealer in Copyright Infringement Notices — A sophisticated phishing campaign is targeting healthcare, government, hospitality, and education sectors across multiple countries using fake copyright infringement notices to deploy infostealers with advanced evasion techniques. — dark-reading
AI Dominates RSAC Innovation Sandbox — Ten finalists will compete in the RSAC Innovation Sandbox, with AI-focused solutions dominating this year’s competition for most innovative young security company. — dark-reading

Procurement & Opportunities

Cyberlock Expansion Project — NIST issued a sources sought notice for a Cyberlock Expansion Project with responses due March 26, 2026. — sam-gov
N6600126R0002 - Cyberspace Science, Research, Engineering and Technology Integration Small Business Multiple Award Contract (MAC) — Naval Information Warfare Center Pacific issued solicitation N6600126R0002 for a small business Multiple Award Contract focused on Cyberspace Science, Research, Engineering and Technology Integration, with proposals due April 20, 2026. — sam-gov

← Archive