On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now!
• The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers
• So long Maddhu Gottumukkala, but CISA’s annus horribilis continues
• Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat
• ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience

This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes!

Show Notes:

Inside the plan to kill Ali Khamenei https://www.ft.com/content/bf998c69-ab46-4fa3-aae4-8f18f7387836

Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran https://techcrunch.com/2026/03/03/hacked-traffic-cams-and-hijacked-tvs-how-cyber-operations-supported-the-war-against-iran/

Matthew Prince 🌥 on X https://x.com/eastdakota/status/2028185851965170047?s=46&t=VLIuBKdOq3MvRk4IpV-_-A

Cyber Command disrupted Iranian comms, sensors, top general says https://therecord.media/iran-cyber-us-command-attack

Iranian Hackers Use Elon Musk’s Starlink To Stay Online https://www.forbes.com/sites/thomasbrewster/2026/03/02/iran-hackers-use-elon-musk-starlink-to-stay-online/

Exclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown https://www.wsj.com/world/middle-east/u-s-smuggled-thousands-of-starlink-terminals-into-iran-after-protest-crackdown-69a8c74f

Attacks on GPS Spike Amid US and Israeli War on Iran https://www.wired.com/story/gps-attacks-on-ships-spike-amid-the-us-and-israeli-war-on-iran/

Amazon Data Centers on Fire After Iranian Missile Strikes on Dubai https://www.404media.co/amazon-data-centers-on-fire-after-iranian-missile-strikes-on-dubai/

A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals https://www.wired.com/story/coruna-iphone-hacking-toolkit-us-government/

Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar https://www.politico.com/news/2026/02/28/cisa-cyber-leadership-madhu-gottumukkala-00804515

CISA CIO Robert Costello exits agency https://cyberscoop.com/cisa-cio-robert-costello-exits-agency/

OpenAI alters deal with Pentagon as critics sound alarm over surveillance https://www.nbcnews.com/tech/tech-news/openai-alters-deal-pentagon-critics-sound-alarm-surveillance-rcna261357

Inside Anthropic’s Killer-Robot Dispute With the Pentagon https://www.theatlantic.com/technology/2026/03/inside-anthropics-killer-robot-dispute-with-the-pentagon/686200/?gift=2iIN4YrefPjuvZ5d2Kh30zpPxOtZj8TuGGLnTN11Z-s

CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements https://www.404media.co/cbp-tapped-into-the-online-advertising-ecosystem-to-track-peoples-movements/

Large-Scale Online Deanonymization with LLMs https://simonlermen.substack.com/p/large-scale-online-deanonymization

Hackers Weaponize Claude Code in Mexican Government Cyberattack https://www.securityweek.com/hackers-weaponize-claude-code-in-mexican-government-cyberattack/

New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

CISA orders agencies to patch Cisco devices now under attack https://www.cybersecuritydive.com/news/cisa-emergency-directive-cisco-sd-wan-devices/813110/

CISCO SD-WAN THREAT HUNT GUIDE https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf

ClawJacked attack let malicious websites hijack OpenClaw to steal data https://www.bleepingcomputer.com/news/security/clawjacked-attack-let-malicious-websites-hijack-openclaw-to-steal-data/

Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums https://www.wired.com/story/security-news-this-week-area-man-accidentally-hacks-6700-camera-enabled-robot-vacuums/

Intellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal https://therecord.media/spyware-intellexa-greece-sentenced

Moscow man accused of posing as FSB officer to extort Conti ransomware gang https://therecord.media/moscow-man-accused-of-extorting-conti-gang

Farewell, Felix https://blog.recurity-labs.com/2026-03-02/Farewell_Felix

Atmos Sphere 2026 https://www.atmosgroup.com.au/atmos-sphere-2026

Agentic Threat Hunting Framework https://nebulock.io/blog/agentic-threat-hunting-framework

Nebulock-Inc/agentic-threat-hunting-framework https://github.com/Nebulock-Inc/agentic-threat-hunting-framework