Assume breach now

CISA issued a targeted advisory this month urging organizations to harden endpoint‑management systems after investigators linked a mass device‑wipe to compromises of Microsoft Intune administrative consoles. (techcrunch.com)) Reporting and agency briefings show a pro‑Iran hacking collective called “Handala” claimed responsibility for the Stryker incident, which involved attackers using compromised Intune access to wipe thousands of phones, tablets and PCs. (cyberscoop.com)) The agency’s broader guidance points to Iranian actors’ reliance on brute‑force and credential‑access techniques against critical sectors; CISA’s AA24‑290A advisory and allied FBI/NSA guidance name healthcare, energy and IT as repeat targets. (cisa.gov)) Maritime and kinetic disruptions in and around the Strait of Hormuz—reports of GPS jamming affecting more than 1,100 transits and at least three commercial vessels struck in early March—prompted separate U.S. maritime advisories and informed CISA’s elevated warnings. (thecyberwire.com)) Private sector defenders have responded: Palo Alto’s Unit42 published a March threat brief noting Iran’s internet availability fell to roughly 1–4% starting Feb. 28, 2026, and vendors such as Qualys rolled out CISA‑aligned dashboards to track prioritized CVEs and exposures. (unit42.paloaltonetworks.com)) Rubrik has publicly promoted an “assume breach” posture in company posts and CEO interviews, and the firm disclosed a 2025 server incident that forced rotation of authentication keys and an internal security update to customers. (rubrik.com))