Weekly Security Sprint EP 148. Iran, and new Cyber Reports

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Insider Threat: AI-equipped Employees - Gate 15 - 04 Mar 2026 • Communication and Collaboration Key Themes in GridEx VIII Lessons Learned Report • Health-ISAC Annual Report 2025 Shows Surge in Threat Intel and Tabletop Drills, Putting Resilience in Focus • The Gate 15 Special Edition: Iran, ISACs, & insomnia: What’s happening, and not happening, in information sharing — Gate 15 | 06 Mar 2026• White House Unveils President Trump’s Cyber Strategy for America — The White House | 06 Mar 2026o Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House o Ranking Member Thompson Statement on Trump’s 3-Page Cyber Strategy — Democrats on the House Homeland Security Committee, 06 Mar 2026 • Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House | 06 Mar 2026Main Topics:Operation Epic Fury & Related: • White House blocks intelligence report warning of rising US homeland terror threat linked to Iran war • Iran may be activating sleeper cells in the United States, officials warn • Cyber threat bulletin: Iranian cyber threat response to US–Israel strikes February 2026, Canadian Centre for Cyber Security, 03 Mar 2026• Alert: NCSC advises UK organisations to take action following conflict in the Middle East, NCSC, 02 Mar 2026• U.S. threat intelligence units identify hacktivists as prime cyber vector in Iran conflict • Iran-linked hacktivists could target US state and local targets, experts warn • Trump Says ‘I Guess’ Americans Should Worry About Iran Attacks Cyber Reports• NCC Group Annual Threat Monitor Review of 2025 NCC Group, 05 Mar 2026• Patch, track, repeat: The 2025 CVE retrospective — Cisco Talos, 05 Mar 2026• Look What You Made Us Patch: 2025 Zero-Days in Review Google Cloud Blog, 05 Mar 2026• Coalition report finds sharp rise in ransomware demands as most businesses refuse to pay — Reinsurance News | 07 Mar 2026• INC Ransom Affiliate Model Enabling Targeting of Critical Networks Australian Cyber Security Centre, 05 Mar 2026Quick Hits:• Top 10 artificial intelligence security actions: A primer Canadian Centre for Cyber Security, 05 Mar 2026• Artificial Intelligence and Machine Learning Supply Chain Risks and Mitigations Australian Signals Directorate, 04 Mar 2026• How AI Assistants Are Moving the Security Goalposts — Krebs on Security | 07 Mar 2026• Preparation hardening destructive attacks — Google Cloud Threat Intelligence | 08 Mar 2026• Tornadoes kill 6 people in Michigan and Oklahoma as powerful storms hit nation’s midsection

In this special episode of The Gate 15 Interview, Andy Jabbour speaks with experts from the Information Sharing and Analysis Center (ISAC) community on the ongoing war with Iran, implications for critical infrastructure and how the community is responding, and related conversation. Leaders and experts include:Denise Anderson, President and CEO, Health-ISAC and Chairwoman of the National Council of ISACs (NCI)Michael Ball, CEO, E-ISAC, and SVP NERCJonathan Braley, Director of Threat Intelligence, IT-ISACChuck Egli, Director of Security and Resilience Operations, WaterISACAnna Mentzer-Hernández, Cyber Threat Intelligence Senior Analyst, ONE-ISACIn the discussion the panel covers:What has been happening in information sharing, security and resilience since Operation Epic Fury beganCritical infrastructure resilienceWhat the ISACs have been doing, with members, cross-sectorally, and with government and other partnersWhat we’re seeing, not seeing, and would like to see from the U.S. Government and CISA at this timePlaying guitar, baking bread and staying sane and not burning out during crisis and incident responseAnd more, including some encouraging closing thoughtsSelected links:National Council of ISACsE-ISACHealth-ISACIT-ISACONE-ISACWaterISAC

In this week's Security Sprint, Dave and Andy covered the following topics:Open:• Ransomware Reinvented: AI-Powered and Autonomous Attacks — Gate 15 — 26 Feb 2026o Across party lines and industry, the verdict is the same: CISA is in trouble “We’re asking states to do a job they’re not resourced to do, while weakening the one federal agency designed to help them,” said Errol Weiss, chief security officer at the Health-ISAC, adding that “this is precisely where you do need a strong, centralized federal security function” and that “we already have a national shortage of cybersecurity experts, and you can’t just replicate that expertise 50 times over.” Overall, Weiss said industry partners have felt the lack of outreach from the agency and are experiencing “fewer touchpoints, fewer briefings, fewer problem-solving calls,” which contributes to “a growing perception that CISA is being hollowed out where it matters most to industry: stakeholder engagement, collaborative forums, and operational support during incidents.” o Gottumukkala out, Andersen in as acting CISA director o States feel the squeeze of CISA shutdown Main Topics:Operation Epic Fury & Related: • Department of Homeland Security warns of potential attacks amid Iran operation • Peace Through Strength: President Trump Launches Operation Epic Fury to Crush Iranian Regime, End Nuclear Threat The White House• U.S. Forces Launch Operation Epic Fury U.S. Central Command• Israel performs largest cyberattack in history against Iran • X Is Drowning in Disinformation Following US and Israeli Attack on Iran • Potential Iran Nexus: Texas gunman wore "Property of Allah" hoodie during attack, had photos of Iranian leaders at home, sources say Cyber Threat Reports• CrowdStrike 2026 Global Threat Report: The Evasive Adversary Wields AI• Speed Wins When Identity Fails: 2026 Annual Threat Report • Total Ransomware Payments Stagnate for Second Consecutive Year, While Attacks Escalate • Quarterly Threat Report: Fourth Quarter, 2025 • IBM X-Force reports 44% surge in exploitation of public-facing applications as supply chain and identity attacks intensify 2026 Cost of Insider Risks Global Report — DTEX Systems and Ponemon Institute —The 2026 Cost of Insider Risks Global Report from Ponemon Institute and DTEX estimates that insider security incidents now cost organizations an average of 19.5 million United States dollars per year, driven mostly by negligent employees in complex digital environments. The study finds that companies with mature insider risk management programs avoid seven incidents and save about 8.2 million dollars annually, while cutting average time to contain from 86 days in 2023 to 67 days as budgets for insider programs nearly double. Researchers highlight the impact of shadow artificial intelligence, reporting that negligent insiders now account for 10.3 million dollars in average costs and that more than nine out of ten respondents say generative artificial intelligence has changed how staff access and share information, even though only a small share have formally integrated artificial intelligence into business strategies. Quick Hits:• AccuWeather's 2026 Severe Weather Forecast: What Business Leaders Need to Know About Severe Weather Risk

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Tribal-ISAC and WaterISAC events!• Check out our newest webpage and our new blog post, kicking off this new Gate 15 blog series!• AI Threat Landscape: Fact vs. Fiction As We Start 2026• AI Threats Resilience, a new Gate 15 service page outlines a suite of AI threat informed workshops and tabletop exercises designed to help organizations understand AI driven risks, clarify ownership of AI exposure and rehearse response to AI enabled incidents. • TLP: CLEAR – WaterISAC Top Actions to Enhance Your Utility’s Cybersecurity • (TLP:CLEAR) WaterISAC – TOP ACTIONS to Enhance Your Utility’s Physical Security • Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) – Cybersecurity and Infrastructure Security Agency – 18 Feb 2026: CISA posted an update stating that due to a lapse in DHS appropriations it may be unable to hold scheduled CIRCIA Town Halls and will not conduct meetings during any lapse in appropriations. Main Topics:Cyber Resilience: An Incident Doesn’t Have to Be a Crisis Binary Defense, 19 Feb 2026. This blog reframes security operations around limiting business impact instead of chasing security perfection, noting that incidents are inevitable in complex enterprises and that the true differentiator is whether they escalate into crises. • The ENISA Cybersecurity Exercise Methodology ENISA | 16 Feb 2026 & ENISA publishes Cybersecurity Exercise Methodology to guide and standardize EU cybersecurity exercises) • Information Sharing – U.S. Legal and Regulatory Guidance – Health ISAC – 18 Feb 2026• Businesses urged to ‘lock the door’ on cyber criminals as new government campaign launches – UK Government, 19 Feb 2026Violence & Extremism • Man Targets DHS Building With Stolen Ambulance In Attempted Arson Attack Source: The Daily Wire, 19 Feb 2026 • Armed man shot and killed after "unauthorized entry" into Mar-a-Lago perimeter, Secret Service says — CBS News, 22 Feb 2026• Mar-a-Lago Gunman Was Reportedly ‘Fixated’ on Epstein Files and Believed There Was a Trump Government Cover-Up • USCP Officers Stop & Arrest Man with Loaded Shotgun Outside the U.S. Capitol — United States Capitol Police — 17 Feb 2026• FBI Albany, in Coordination with Nevada and New York Law Enforcement Partners, Investigating Vehicle Ramming at Electrical Substation in Nevada — FBI, 20 Feb 2026Quick Hits:• Launched: 9th Annual Dragos OT Cybersecurity Year in Review Dragos — 17 Feb 2026 • Significant Rise in Ransomware Attacks Targeting Industrial Organizations)• 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos • CISA: Recently patched RoundCube flaws now exploited in attacks — BleepingComputer, 23 Feb 2026• CISA Adds Two Known Exploited Vulnerabilities to Catalog (RoundCube)• Government of Canada Alerts & Advisories: Roundcube security advisory (AV25-309) - Update 1 • CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — Bleeping Computer, 20 Feb 2026 • 90% of Ransomware Incidents Exploit Firewalls • Ransomware Groups Shift Targets Mid-Sized Businesses Enterprise Defenses Harden, Research Shows • Searchlight Cyber Report: Ransomware Groups Claimed Record Number of Victims in 2025 with 30% Annual Increase — Searchlight Cyber — 17 Feb 2026• Securin 2025 Ransomware Report Finds AI Accelerating, Not Replacing, Human-Led Attacks • Record Number of Ransomware Victims and Groups in 2025 • Arctic Wolf Threat Report Highlights 11x Growth in Data Extortion Incidents and Continued Dominance of Ransomware Arctic Wolf | 17 Feb 2026 • 2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster Palo Alto Networks | 17 Feb 2026 • Blizzard slams Northeast with heavy snow and powerful winds • East Coast Blizzard Halts Travel, Cancels 8,000 Flights • El Nino is brewing: Here's what it means for U.S. weather in 2026

In the latest episode of Nerd Out, Dave and Alec talked about the weekend violence in Mexico after the death of a drug lord, and looked at the ramifications. Then they looked at Iran, the other potential hot spot and the similarities. They discussed travel considerations and being aware of potential cyber and physical risk. This led to a further discussion of extremist activity, the growth of Al Qaeda and domestic extremist activity around critical infrastructure. They wrapped up the pod talking about Knights of the Seven Kingdoms and the latest trailers for House of the Dragon and the Mandalorian and Grogu.References discussed in the pod include:Mexico Violencehttps://www.cbsnews.com/news/violence-mexico-jalisco-new-generation-cartel-killed-military-puerto-vallarta/https://www.cnn.com/world/live-news/mexico-el-mencho-killed-travel-chaos-02-23-26-intl-hnkhttps://thesoufancenter.org/research/war-against-the-cartels-prospects-and-perils-for-the-trump-administrations-military-led-campaign/Iran Tensionshttps://www.nytimes.com/2026/02/22/us/politics/iran-terrorist-attacks-proxies-trump.htmlhttps://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-22-2025Substation Attack in Nevadahttps://www.cnn.com/2026/02/20/us/nevada-counterterrorism-incident-investigation-fbihttps://www.ktnv.com/news/authorities-investigate-possible-terrorism-threat-after-a-car-ran-into-facility-in-boulder-city-sources-sayNor’easter Snowstormhttps://www.usatoday.com/live-story/news/nation/2026/02/23/storm-snow-wind-northeast-live-updates/88814627007/https://sundayguardianlive.com/science/the-science-behind-nycs-severe-snow-storm-arctic-air-atlantic-winds-and-a-historic-noreaster-171924/

On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida• IT-ISAC, Food & Ag ISAC Ransomware Reports!• Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings • What to Know About the Homeland Security Shutdown New York Times 15 Feb 2026Main Topics:South Korea blames Coupang data breach on management failure, not sophisticated attack – Reuters – 10 Feb 2026. “’It's more of a management problem than an advanced attack,’ Choi Woo-hyuk, deputy minister for cyber security and network policy, told a press conference, citing lax oversight of authentication systems.” South Korean authorities released findings on a massive Coupang data leak, concluding that a former engineer exploited known authentication weaknesses and a retained signing key to access customer accounts for months, exposing personal data on about 33.7 million users. AI Threats & Mitigation• GTIG AI Threat Tracker: Distillation, Experimentation, and Continued Integration of AI for Adversarial Use — Google Cloud Blog — 12 Feb 2026. Google Threat Intelligence Group describes observed adversary use of AI across multiple phases of the attack lifecycle and highlights rising model extraction and distillation activity. • What CISOs need to know about ClawDBot, I mean MoltBot, I mean OpenClaw CSO Online — 16 Feb 2026. The article outlines enterprise risk considerations around OpenClaw and similar autonomous agent tooling that can execute actions on behalf of users with broad system access. It includes the warning that “The problem with running this is that these tools can do basically anything that a user can do,” says Rich Mogull, chief analyst at Cloud Security Alliance. Awareness of Preoperational Surveillance Tactics Associated With Terrorism Offers Opportunities — Joint Counterterrorism Assessment Team First Responder’s Toolbox, ODNI — 13 Feb 2026. CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure. Notable highlights include: • Strengthened Collective Defense: Published more than 1,600 products and triaged 30,000+ incidents through CISA’s 24/7 Operations Center – keeping critical systems secure. • Blocked Malicious Activity at Scale: Stopped 2.62 billion malicious connections on federal civilian networks and 371 million within critical infrastructure. • Enhanced Preparedness Nationwide: Led 148 cyber and physical security exercises with 10,000+ participants, helping partners refine emergency plans and boost local and national resilience. • Following Executive Order 14305, “Restoring American Airspace Sovereignty,” CISA published the Be Air Aware™ suite of security guides in November to help organization detect, respond to, and safely manage Unmanned Aircraft System Threats. Quick Hits:• Improving your response to vulnerability management — NCSC, 10 Feb 2026• Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 – CISA – 03 Feb 2026• CISA Helps Johnny Secure Operational Technology: New Guidance Addresses Cyber Risks from Legacy Protocols. CISA released the guidance Barriers to Secure OT Communication: Why Johnny Can’t Authenticate. • Poland energy sector cyber incident highlights OT and ICS security gaps • CISA Updates BRICKSTORM Backdoor Malware Analysis Report• Blended Threats: Axios Future of Cybersecurity – Axios – 10 Feb 2026• A Defector Explains the Remote-Work Scam Helping North Korea Pay for Nukes Wall Street Journal 16 Feb 2026• Hacktivism today: what three years of research reveal about its transformation • Pakistan mosque attack highlights worsening militant threat

In this episode of The Gate 15 Interview, Andy Jabbour speaks with four Gate 15 analysts as Sadie-Anne Jones, Chase Snow, Mackenzie Gryder and Preston Wright share about their experiences, their work at Gate 15 and across critical infrastructure and faith-based organizations and more, including a rapid-fire round of Three Questions!Sadie-Anne on LinkedIn.Chase on LinkedIn.Mackenzie on LinkedIn.Preston on LinkedIn.In the podcast the team and Andy discuss:Backgrounds and paths to Gate 15.Surprising things the team has learned so far, and their ideas on threats, resilience, and what leaders may want to be thinking about today.The next hurdle they want to jump.We play 3 Questions! and talk late night snacks, secret skills, and where we love to chill and play.And more!

In this week's episode of the Security Sprint, Dave and Andy covered the following topics:Open:• TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida• Congress reauthorizes private-public cybersecurity framework & Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026• AMWA testifies at Senate EPW Committee hearing on cybersecurity Main Topics:Terrorism & Extremismo Killers without a cause: The rise in nihilistic violent extremism — The Washington Post, 08 Feb 2026 o Terrorists’ Use of Emerging Technologies Poses Evolving Threat to International Peace, Stability, Acting UN Counter-Terrorism Chief Warns Security Council United Nations / Security Council, 04 Feb 2026 OpenClaw: The Helpful AI That Could Quietly Become Your Biggest Insider Threat – Jamf Threat Labs, 09 Feb 2026. Jamf profiles OpenClaw as an autonomous agent framework that can run on macOS and other platforms, chain actions across tools, maintain long term memory and act on high level goals by reading and writing files, calling APIs and interacting with messaging and email systems. The research warns that over privileged agents like this effectively become new insider layers once attackers capture tokens, gain access to control interfaces or introduce malicious skills, enabling data exfiltration, lateral movement and command execution that look like legitimate automation. The rise of Moltbook suggests viral AI prompts may be the next big security threat; We don’t need self-replicating AI models to have problems, just self-replicating prompts.• From magic to malware: How OpenClaw's agent skills become an attack surface • Exposed Moltbook database reveals millions of API keys • The rise of Moltbook suggests viral AI prompts may be the next big security threat • OpenClaw & Moltbook: AI agents meet real-world attack campaigns • Malicious MoltBot skills used to push password-stealing malware • Moltbook reveals AI security readiness • Moltbook exposes user data via API • OpenClaw: Handing AI the keys to your digital life Quick Hits:• Active Tornado Season Expected in the US • CISA Directs Federal Agencies to Update Edge Devices – GovInfoSecurity, 05 Feb 2026 & read more from CISA: Binding Operational Directive 26-02: Mitigating Risk From End-of-Support Edge Devices – CISA, 05 Feb 2026. • A Technical and Ethical Post-Mortem of the Feb 2026 Harvard University ShinyHunters Data Breach • Hackers publish personal information stolen during Harvard, UPenn data breaches • Two Ivy League universities had donor information breaches. Will donors be notified?• Harassment & scare tactics: why victims should never pay ShinyHunters • Please Don’t Feed the Scattered Lapsus$ & ShinyHunters • Mass data exfiltration campaigns lose their edge in Q4 2025 • Executive Targeting Reaches Record Levels as Threats Expand Beyond CEOs • Notepad++ supply-chain attack: what we know • Summary of SmarterTools Breach and SmarterMail CVEs • Infostealers without borders: macOS, Python stealers, and platform abuse

In this week's episode of the Security Sprint, Dave and Andy covered the following topics:Opening:Check out the new SUN format and Subscribe to GRIP! Gate 15’s Resilience and Intelligence PortalBig News! The Tribal-ISAC Appoints First Executive Director to Advance Cybersecurity for Tribal Governments and Enterprises – Tribal-ISAC | 27 Jan 2026: Keys & Locks – The Overlooked Security Risk – Fact Sheet — WaterISAC | 28 Jan 2026 Main Topics:Insider Threats: Assembling A Multi-Disciplinary Insider Threat Management Team — CISA | 27 Jan 2026 (Analysis/Commentary) CISA’s new infographic guides organizations in forming insider threat teams that bring together HR, legal, IT, security, and leadership under a “Plan, Organize, Execute, Maintain” framework. Savannah Best Buy employee says hacker group blackmailed him into theft ring scheme Study: Future workers would sell patient data Former Google Engineer Found Guilty of Economic Espionage and Theft of Confidential AI Technology Former TD Bank Employee Pleads Guilty to Accepting Bribes and Laundering $55 Million From Colombia Two Recent Guilty Pleas Highlight Financial Crime Risks Posed by Bank Insiders The Evolution of Insider Threat Ransomware Threat Outlook 2025-2027 — Canadian Centre for Cyber Security | 28 Jan 2026 The Cyber Centre assesses that ransomware against Canadian organizations is increasing and rapidly evolving, with actors almost certainly opportunistic and financially motivated, and essentially all organizations and individuals at risk of being targeted at some point. Ransomware: How to Prevent and Recover (ITSAP.00.099) — Canadian Centre for Cyber Security Ransomware Playbook (ITSM.00.099) — Canadian Centre for Cyber Security Threat Spotlight: Ransomware and Cyber Extortion in Q4 2025 NCC Group Monthly Threat Pulse – Review of December 2025 The Convergence of Infostealers and Ransomware: From Credential Harvesting to Rapid Extortion ChainsFBI Operation Winter SHIELD: 10 Cybersecurity Actions for Critical Infrastructure & FBI Launches ‘Winter SHIELD’ Cyber Campaign — FBI & Infosecurity Magazine, 29 Jan 2026. NSA Releases Phase One and Phase Two of the Zero Trust Implementation Guidelines How to prepare and plan your organisation’s response to a severe cyber threat: a guide for CNI Cyber security considerations for drone use (ITSAP.00.143) Cyber security advisory AV26-058: OpenSSL Security Advisory Cyber Incident Reporting Guidelines: Key Information & Sharing Requirements — Canadian Centre for Cyber Security, 2026DOD: JIATF 401 Publishes New Guidance for Physical Protection of Critical Infrastructure (U.S. Department of Defense, Jan 2026) Spotting malicious email messages (ITSAP.00.100) — Canadian Centre for Cyber Security | Jan 2026 Quick Hits:2025 Threat Report: Exploitation Grows Across IT, IoT, and OT — Forescout Vedere Labs | 29 Jan 2026 Man arrested after spraying substance on Rep. Ilhan Omar Ilhan Omar Attack: Suspect Identified as Anthony Kazmierczak Amid Rising Political Violence Calls to Impeach DHS Secretary Noem Grow After Minneapolis Shootings and Omar Attack ‘No Kings’ march event in Twin Cities & ‘No Kings’ protest march set for March 28 USCP Threat Assessment Cases for 2025 – Source: U.S. Capitol Police, 27 Jan 2026.

In this week's Security Sprint, Dave and Andy talked about the following topics:Opening:• WaterISAC to host H2OEx regional exercise to strengthen sector preparedness & WaterISAC merch!• The Gate 15 Interview EP 66: Chris Camacho: Cyber Risk, Building Communities, Nirvana, and Peruvian Chicken• Nerd Out EP 66. Terrorism trends and hacktivism in the current geopolitical environment, plus Nerd Movie reviewMain Topics:Rules of Engagement: safety, security and resilience considerations after Minneapolis and the murder of Alex PrettiSevere Weather Planning & Resilience: • Winter storm kills 11, leaves more than 800,000 without power as cold tightens grip • The massive storm has passed, but deep cold remains a danger • Storm-related power outages (U.S.) • PowerOutage.us AI-Powered Disinformation Swarms Are Coming for Democracy (Wired, 23 Jan 2026; Analysis/Commentary) – Wired examines how coordinated “disinformation swarms” powered by generative AI are shifting influence operations from single narratives to adaptive, multi-persona campaigns that probe, learn, and re-target in real time. Rather than pushing one false claim, these swarms test thousands of micro-messages across platforms, identify which narratives gain traction with which audiences, and dynamically reinforce them using synthetic text, images, and increasingly video. Researchers warn this model overwhelms traditional fact-checking and moderation, exploits algorithmic amplification, and blurs the line between foreign and domestic influence, particularly when paired with real grievances. Quick Hits:• CISA budget bill would require agency to maintain ‘sufficient’ staffing levels and Congressional appropriators move to extend information-sharing law, fund CISA • Acting CISA chief defends workforce cuts, declares agency ‘back on mission’ • What to do when your organization has been compromised by a cyber attack (ITSAP00009)