Daily Security Briefing #196

March 17, 2026 | Read Online

Ransomware shifts to data theft, Iranian hackers compromise cameras, and Amazon’s AI flaws exposed…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. Ransomware gangs are shifting their focus from encryption-for-ransom attacks to data-theft extortion as profits decline. Meanwhile, Iranian cyber actors are expanding operations targeting US organizations while also exploiting internet-connected cameras across the Middle East for intelligence collection and battlefield awareness. Additionally, critical vulnerabilities in Amazon’s AI code execution environments have been exposed.

Top Articles

Google Warns Ransomware Groups Shift to Data Theft as Profits Decline Google is warning that ransomware gangs are reinventing their business model as traditional encryption-for-ransom attacks become less profitable and data-theft extortion surges. Better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean more victims can restore their systems without paying, directly eroding criminal revenue. GBHackers

Iranian Hackers Use Compromised Cameras for Regional Surveillance Iranian cyber actors are expanding operations targeting US organizations while also exploiting internet-connected cameras across the Middle East for intelligence collection and battlefield awareness. Recent incidents tied to APT group MuddyWater, camera-focused infrastructure, and hacktivist collective Handala point to an ecosystem that is operational but constrained. GBHackers

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter’s sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells. The Hacker News

Europe Sanctions Chinese and Iranian Firms for Cyberattacks The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. The move aims to deter future attacks and protect sensitive information. BleepingComputer

GlassWorm Malware Hits 400+ Code Repos on GitHub, npm, VSCode, OpenVSX The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. The malware is designed to steal sensitive information from developers. BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.