In today’s cybersecurity news…
Meta apps offer new scam protection
Meta is adding new scam detection features across Facebook, Messenger, and WhatsApp to warn users about suspicious activity before interaction. The updates include alerts for unusual device-linking attempts on WhatsApp, warnings for suspicious friend requests on Facebook, and expanded AI-based scam detection on Messenger that can review chats for common fraud patterns. This is all meant to help users identify and block potential scams before they become a problem. (The Verge)
Google’s Wiz acquisition finalized
Google completed its $32 billion all-cash acquisition of cloud security startup Wiz, the largest deal in Google’s history. Wiz will join Google Cloud but continue supporting multiple platforms including AWS, Azure, and Oracle Cloud as its own multi-cloud security provider. The deal closed after U.S. and EU regulatory approval. Wiz surpassed $1 billion in annual recurring revenue in 2025. (TechCrunch)
China curbs state-run OpenClaw use
Chinese authorities have barred state-run enterprises and government agencies, including major banks, from installing OpenClaw AI on office computers or personal devices connected to company networks due to security risks. OpenClaw is an agentic AI platform that autonomously manages tasks and accesses private data, raising concerns from some over external communications and rogue behavior. Some employees and military families face restrictions, while other notices require prior approval. Chinese tech firms like Tencent, Alibaba, and MiniMax continue promoting OpenClaw apps. (Bloomberg)
CISA orders n8n RCE flaw patch
CISA has directed U.S. federal agencies to patch a remote code execution vulnerability in the n8n workflow automation platform, actively exploited in attacks. The flaw allows authenticated attackers to execute arbitrary code, potentially exposing sensitive data such as API keys, database credentials, and CI/CD secrets. n8n patched the issue in December, but Shadowserver reports over 40,000 unpatched instances online. Federal agencies have to remediate by March 25th, but CISA urges all organizations to secure their n8n deployments immediately. (BleepingComputer)
Huge thanks to our sponsor, Dropzone AI
Can you show me exactly what your AI did? Not just the verdict. The reasoning. Every tool it queried, every piece of evidence, every step it took to get there.
Most cannot. Dropzone AI can. Every investigation is fully transparent. You do not have to trust the AI. You can verify it.
See it for yourself at Booth 455. dropzone.ai/rsa-2026-ai-diner
Comet AI browser tricked into phishing scam
Researchers have shown that agentic AI browsers, like Perplexity’s Comet, can be manipulated into phishing scams in minutes by exploiting how the AI reasons and narrates its actions. Guardio researcher Shaked Chen described this as “Agentic Blabbering”, where the AI exposes its observations and plans, allowing attackers to train malicious pages to bypass defenses. Stav Cohen explained intent collision, where user requests merge with attacker instructions, enabling hidden commands to execute. Related work from Trail of Bits and Zenity Labs demonstrated prompt injections and zero-click attacks to exfiltrate data like Gmail content and 1Password credentials. (The Hacker News)
France’s National Cybersecurity Agency sees ransomware drop
The French Cybersecurity Agency (ANSSI) reported 128 ransomware attacks in 2025, down from 141 in 2024, partly due to law enforcement operations like Operation Endgame. SMBs remained the main targets, while healthcare and education sectors saw the largest year-over-year increase. Qilin, Akira, and LockBit 3.0/LockBit Black were the most common strains, with new variants also observed. Overall cyber incidents stayed stable at 1,366 confirmed cases, data exfiltration claims rose, and DDoS attacks declined. (Infosecurity Magazine)
Stryker offline after wiper malware attack
Medtech company Stryker is offline after a wiper malware attack claimed by Handala, an Iranian-linked pro-Palestinian hacktivist group. The attackers say they stole 50 terabytes of data and wiped over 200,000 systems, servers, and mobile devices, affecting offices in 79 countries. Staff reported losing both corporate and personal device data. Internal services and applications were disrupted, forcing some teams to revert to manual workflows. Handala, linked to Iran’s Ministry of Intelligence and Security, has targeted Israeli organizations since December 2025 with destructive malware. (BleepingComputer)
‘LeakyLooker’ found in Google Looker Studio
Tenable researchers uncovered nine vulnerabilities in Google Looker Studio, dubbed LeakyLooker, that could have let attackers extract or manipulate sensitive cloud data. The flaws affected SQL connectors, authentication, and report-sharing features, allowing 0-click attacks using report owner credentials and 1-click attacks targeting viewers. Services at risk include BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets, and Cloud Storage. Google patched the platform globally with no customer action required. (InfoSecurity Magazine)