With the background of recent government warnings about increased cyber-attacks from Iranian-backed hackers, the Irish Examiner has reported that the Stryker site located in Cork, Ireland has been hit with a wiper attack by the Iranian-backed Handala Hacking Team.

The Stryker facility in Cork employs approximately 5,000 individuals and “has been crippled by a cyberattack” being described as a wiper attack, which wipes all of the targeted system’s data and is politically motivated.

According to the Irish Examiner, the Cork Stryker site’s IT systems have been “’shut down’” and Stryker employee devices have been wiped out. The login pages appearing on these devices have been defaced with the Handala logo. The attack, believed to be a response to business links with Israel, has affected Stryker’s Microsoft environment. .

Israeli media reports that Handala has also claimed responsibility for hacking the Academy of Hebrew Language website, and the Israeli National Cyber Directorate is trying to intercept “a wave of Iranian cyberattacks on Israeli civilian companies.”

The U.S. government has warned U.S. based companies to be on heightened alert for Iranian-backed cyber attacks in retaliation for the strikes against Iran. This attack against Stryker makes this warning an urgent reminder to review the warnings and mitigation actions

The U.S. District Court for the Northern District of Georgia, in Veronica Bramlett, on behalf of herself and all others similarly situated v. RES 360 LLC and Peach City Properties LLC, No. 1:25-CV-3312-MLB (N.D. Ga. Mar. 4, 2026) recently granted in part and denied in part a motion to dismiss a Telephone Consumer Protection Act (TCPA) telephone solicitation claim based on text messages offering to buy the plaintiff’s home.

The complaint alleged that defendants—who offer real estate-related services—sent multiple texts offering to buy the plaintiff’s home and emphasizing a “quick,” “easy,” “hassle-free” transaction, including the ability to close quickly and avoid a public listing. The plaintiff alleged she was on the national do-not-call registry, had no prior relationship with the defendants, had not requested their assistance, and was not interested in selling. The defendants moved to dismiss on the theory that their messages were not telephone solicitations under the TCPA.

The court held the plaintiff plausibly alleged a prohibited purpose because, taking the allegations as true, the defendants’ model was to “take care of all aspects of the transaction” and provide multiple services offered by a real estate agent, charge a fee for those services, and derive profit from that fee. Reading the “hassle-free” and “take the burden off [Plaintiff’s] shoulders” language of the texts in that alleged context, the court found it plausible the texts were intended to encourage the purchase of services and therefore constituted solicitations, even if the texts did not explicitly mention services.

However, the court allowed the claim to proceed only insofar as the plaintiff alleged that the defendants implicitly offered to handle aspects of the transaction in exchange for a fee baked into the home purchase price. The court dismissed other “telephone solicitation” theories, including that the texts were sent to sell other offerings such as loan services, investment opportunities, construction/renovation, conventional brokerage representation, or an option to buy a home from the defendants, because the content of the texts did not support those theories, even considering context and the totality of the allegations.

Bramlett may support a broader point that a marketing text message can be treated as a TCPA telephone solicitation if, in context, it plausibly has the purpose of encouraging the recipient to purchase the sender’s services, even if the message does not explicitly mention those services. Companies sending marketing messages should assess outreach with the expectation that courts may look beyond the face of the message to its context and business model in deciding whether it was sent “for the purpose of encouraging” the purchase of services. On the other hand, plaintiffs may face the burden to prove a clear nexus between the message content and the solicitation theory, and broad theories untethered to what the messages actually say could risk dismissal. Bramlett underscores that how a message reads in context, and not just on what it says expressly, matters.

Microsoft Threat Intelligence issued a report on March 6, 2026, entitled, “AI as tradecraft: How threat actors operationalize AI,” which outlines how threat actors, including those from North Korea, are “operationalizing AI along the cyberattack lifecycle…to bypass safeguards and perform malicious activity.” The threat actors are adopting AI “as operational enablers, embedding AI into their workflows to increase the speed, scale, and resilience of cyber operations.”

The report details how North Korean remote IT worker schemes dubbed Jasper Sleet and Coral Sleet provides the threat actors with “sustained, large-scale misuse of legitimate access through identity fabrication, social engineering, and long-term operational persistence at low cost.” The threat actors are also toying with the  agentic AI use, which could “complicate detection and response.”

The report outlines how the threat actors have incorporated automation into their schemes across the attack lifecycle to ensure North Korean threat actors are “hired, stay hired, and misuse access at scale” at global companies.

The report is a must read for any company that has been hit before by the North Korean tech worker scheme, or those who have not yet been hit, but recruit remote workers for technology positions.

The Washington Post has published a report detailing a whistleblower complaint alleging that a former Department of Government Efficiency (DOGE) employee stole two complete databases from the U.S. Social Security Administration while employed as a DOGE software engineer.

The databases stolen include the “’Numident’ and the ‘Master Death File,’ which could cover records for more than 500 million living and dead Americans, including Social Security numbers and birth data.”

First of all, how did a software engineer even have access to these databases that contain highly sensitive data, and then have the ability to download massive amounts of data on 500 million individuals to a thumb drive? My head is exploding.

Second, the whistleblower alleges that the software engineer left DOGE in October 2025 to start a new job at a government contractor, “where he told colleagues he ‘possessed two tightly restricted databases of U.S. citizens’ information’ and planned to share that information with his new employer.” If the software engineer did so, not only are both against the law, but are separate unauthorized disclosures that may require notification to every person whose data is contained on those databases. My head is imploding now too.

The Social Security Administration inspector general is allegedly investigating the whistleblower’s complaint, but the allegations are extremely alarming, and an investigation is not sufficient. Who knows how long it will take for the investigation to conclude? Meanwhile, if true, potentially all of our Social Security data on a thumb drive is in the hands of a software engineer, who clearly does not understand the importance and consequences of their actions, and potentially the individual’s new employer. Laws have been passed to protect our Social Security information for a reason. We expect it to be protected and accessed, used, and disclosed in accordance with the law. If true, this situation underscores how important those laws are, and how detrimental it is when they are broken with impunity.

The American Hospital Association (AHA) is advising hospitals and healthcare entities to “take precautionary measures in case Iran, its proxies or self-radicalized individuals attempt attacks in the U.S.” during the conflict between Israel, the United States and Iran. The precautionary measures include strengthening cybersecurity and physical security measures.

Although the AHA is unaware of any specific credible threats against U.S. based healthcare organizations, adversaries of the United States are known to attack critical infrastructure, including healthcare organizations, during geopolitical conflicts. In the past, nation state adversaries use cyber proxies or hacktivist groups to disrupt critical infrastructure during conflicts, and concern is heightened that such disruption could occur during this current conflict with Iran.

The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the Department of Defense and the National Security Agency have also recently issued a joint Fact Sheet warning critical infrastructure organizations to review cybersecurity protections in light of geopolitical tensions involving Iran. The fact sheet “details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors.”

The fact sheet “urges owners and operators of critical infrastructure organizations and other potentially targeted entities to review this fact sheet to learn more about the Iranian state-backed cyber threat and actionable mitigations to harden cyber defenses.” Reviewing the fact sheet and implementing the mitigations should be a high priority for all critical infrastructure organizations.

Cybersecurity firm Darktrace recently issued its Annual Threat Report, which offered some startling statistics and findings. The Threat Report provides a “comprehensive assessment of the global cyber threat landscape and the trends shaping cyber risk in 2026.”

Findings are summarized below, but we strongly encourage read the whole report.

  • Email attacks are getting more sophisticated (which we know). Darktrace analyzed 32 million phishing emails and determined that threat actors are using AI to create content and evade detection, in addition to a marked increase in “identity-targeting techniques.”
  • QR-code phishing attacks increased 28% between 2024 and 2025. A new technique, dubbed “splishing” (“in which a QR code is split into two distinct images”) and QR code “nesting” (“where a legitimate QR code is embedded with a malicious one”) are designed to bypass link-scanning tools and re-route victims to malicious sites.
  • Newly created domains are on the rise. 1.6 million phishing emails “relied on newly created domains spun up specifically for malicious activity.”
  • “70% of phishing emails passed DMARC authentication, helping them appear legitimate to both users and automated controls.”
  • Critical national infrastructure is being targeted.

The report is consistent with what we see on a day-to-day basis. It provides valuable insight into the threats facing companies and individuals and what the trends will be in 2026, all of which can be used to build a cybersecurity strategy and education for your organization.

The U.S. Court of Appeals for the Fifth Circuit recently issued a significant Telephone Consumer Protection Act (TCPA) decision in Bradford v. Sovereign Pest Control of TX, Inc., No. 24-20379, Doc. 85-1 (5th Cir. Feb. 25, 2026). The court affirmed summary judgment for the company and held that the TCPA’s “prior express consent” standard does not require “prior express written consent” for prerecorded or autodialed calls to wireless numbers, even if the calls are alleged to be telemarketing.

The defendant, Sovereign Pest, provides pest-control service plans. The plaintiff provided his cell-phone number on the service-plan agreement and later stated that he did so in case the company needed to contact him. During the course of the agreement, Sovereign Pest placed prerecorded calls seeking to schedule renewal inspections. The plaintiff scheduled inspections after receiving the calls and renewed his service plan four times. He later filed a putative class action alleging the calls were unsolicited prerecorded calls made without his prior express written consent.

On appeal, the Fifth Circuit concluded that the statutory text of the TCPA requires only “prior express consent” and does not distinguish between telemarketing and informational calls for purposes of the consent standard. In reaching its conclusion, the court declined to follow the Federal Communication Commission’s (FCC) regulation that imposes a written consent requirement for prerecorded telemarketing calls. Citing Supreme Court authority that courts must interpret Congress’s enacted text using ordinary tools of statutory interpretation without deferring to an agency’s reading, the court interpreted TCPA without deference to the FCC’s added “written” requirement. Applying that standard to the record, the court held the plaintiff provided prior express consent based on his provision of his number, his statements, and later confirmations that the company could call him, his lack of objection, and his repeated renewals of the service.

Bradford could reshape TCPA litigation strategy (at least in the Fifth Circuit) in several ways. It may be harder for plaintiffs to establish liability where “no written consent” is pleaded as the core theory. Courts may also be more willing to consider defendants’ claim that consent was given based on relationship-based and operational evidence, including intake flows, account notes, call logs, recordings, and vendor records. At least in the Fifth Circuit, TCPA cases may turn less on what’s “in writing” and more on what’s in the record.

Data brokers are lining up to comply with California’s one-stop deletion tool requirement under the Delete Act, and the numbers signal a major shift in how privacy rights may be exercised and enforced in California starting this summer.

At its most recent meeting, the California Privacy Protection Agency (CPPA) reported that more than 575 data brokers have registered with its Delete Request and Opt-out Platform (DROP). DROP is the first tool of its kind in the United States. It allows California residents to submit a single request to delete personal information held by brokers registered in California. The platform went live on January 1, 2026, and early usage was immediate and substantial. The CPPA reported that over 242,000 California residents have signed up with DROP, and more than 18,000 deletion requests were submitted within 48 hours of launch. However, a big operational turning point arrives soon; data brokers must begin complying with those deletion requests on August 1, 2026.

Historically, deleting personal information held by data brokers has often required consumers to identify brokers one by one, locate opt-out or deletion pages, and repeat the process across dozens or even hundreds of companies. DROP is designed to reduce that burden by centralizing the request process into one form for brokers registered in the state. If the platform performs as intended at scale, it could meaningfully reduce “privacy friction” by consolidating deletion requests into a single workflow for California residents; raising the compliance baseline for brokers by standardizing intake and response expectations; and increasing accountability because registration and compliance timelines are visible to regulators.

For brokers, the compliance impact is direct. The volume of registered brokers, along with a large resident signup count, suggests that this August could bring sustained, high-volume deletion activity. Plus, once a platform makes consumer requests easier to submit at scale, non-compliance becomes easier to detect and potentially easier to prioritize for enforcement. If early participation is any indicator, DROP could quickly become the default way Californians exercise deletion rights, and the easiest way for regulators to spot which brokers are keeping up and which are not.

Next up for the CPPA, beyond the data broker ecosystem, are compliance checklists and guidance for cybersecurity audits and risk assessments, as well as guidelines for automated decision-making technology, aimed at helping companies comply with regulations adopted in 2025.

ShinyHunters continues to wreak havoc against well-known brands; most recently, Wynn Resorts. Wynn Resorts has confirmed that “an unauthorized third party acquired certain employee data.” It is believed that the threat actor was ShinyHunters. Fortunately for Wynn, the incident is not affecting its operations, and its resorts remain fully functional.

ShinyHunters announced it was the culprit on its leak site on February 20, 2026. It alleges that it stole more than 800,000 records, including Social Security numbers. Wynn was removed from the site four days later, and reported that “the unauthorized third party has stated that the stolen data has been deleted.”

Wynn has confirmed that it will be offering credit monitoring and identity protection services to affected employees.

Wynn is not alone in being a target of ShinyHunters. It is reported that over 100 organizations have been successfully attacked through vishing attacks and compromised single sign on credentials by ShinyHunters.

The techniques used by ShinyHunters and other threat actors using vishing campaigns are relevant and provide strong current scenarios to warn employees through education and training, and to use for cybersecurity tabletop exercises.

Sophisticated vishing (voice phishing) attacks continue to target and victimize company call centers and help desks. Recently, a large ad tech company reported that customer information had been compromised as a result of a vishing attack. The company warns that the information obtained in the incident can be used by threat actors to conduct phishing and vishing attacks against customers through the use of emails, texts or telephone numbers.

The attackers, believed to be ShinyHunters (again), use similar tactics in their attacks against companies in all industries. The threat actor, impersonating a company’s information technology employee, calls company employees, (often a help desk or call center), and tricks them into entering credentials and multifactor authentication (MFA) codes on phishing sites that mimic the company’s portal, or asks them to assist the “employee” with changing his or her credentials to access the company network. They also use device code vishing to bypass MFA defenses. Once they have access to the company network, and access to the data the impersonated employee had access to, they often escalate privileges and exfiltrate data to use against the company in an extortion campaign.

These attacks continue to escalate and call centers and help desks are central to thwarting them. Companies may wish to consider immediate additional training and education for in-house call center and help desk personnel, update processes for employees to change credentials through voice requests, implement more robust identification requirements (including using internal company information that only employees would have access to), and conducting tabletop exercises on how to respond to them.