Iran is muddying the waters.

24 snips

Mar 6, 2026

A rundown of Iran-linked MuddyWater intrusions and their backdoors hitting U.S. and Israeli networks. Coverage of China-associated campaigns targeting South American telecoms. Alerts about critical Cisco firewall fixes and actively exploited Hikvision and Rockwell vulnerabilities. A deep dive into the Anthropic–Pentagon fallout and the Pentagon’s pivot to OpenAI. A bizarre Wikimedia JavaScript worm incident adds unexpected chaos.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

MuddyWater Uses Signed Backdoors To Maintain Footholds

MuddyWater conducted recent intrusions against U.S. and Israeli targets using backdoors Dindor and Fakeset signed with fake certificates.
Researchers observed attempted exfiltration from a US airport, bank, and software company and warn attackers retain footholds for further operations.

INSIGHT

New Multi‑Platform Malware Targets South American Telecoms

A China-linked actor targeted South American telcos with three new malware families: TurnDoor (Windows DLL sideload backdoor), PeerTime (BitTorrent C2 Linux backdoor), and BruteEntry (proxy-scanner).
Cisco Talos links victim profiles to Salt Typhoon tactics but finds no confirmed operational tie.

ADVICE

Patch Cisco Firewalls Now No Workarounds Exist

Apply Cisco's patches immediately for 48 firewall vulnerabilities including two CVSS 10 flaws in Secure Firewall Management Center.
There are no workarounds; the critical issues include HTTP auth bypass and insecure deserialization enabling root or remote code execution.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Iran’s MuddyWater breaches multiple U.S. organizations. The FBI probes a breach of wiretap management systems. A China-linked threat actor targets South American telecoms. Cisco patches critical firewall flaws. CISA flags actively exploited bugs in Hikvision cameras and Rockwell industrial systems. A House committee advances the controversial KIDS online safety bill. The FBI arrests a suspect accused of stealing millions in seized crypto from the U.S. Marshals Service. Ben Yelin and Ethan Cook unpack the dispute between Anthropic and the Pentagon. Wikimedia worm wreaks widespread wiki woes.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we’re bringing you a featured conversation from our Caveat podcast, where Ben Yelin sits down with N2K Lead Analyst Ethan Cook to unpack the fallout between the Pentagon and Anthropic, what led to the deal unraveling, and what it means as the government pivots to a similar AI contracting agreement with OpenAI. You can listen to their full conversation here and catch new episodes of Caveat featuring Dave and Ben every Thursday with special appearances by Ethan.

Selected Reading

Iranian APT Hacked US Airport, Bank, Software Company (SecurityWeek)

Tech Giants, Washington Rally for Anthropic in Pentagon Feud (GovInfo Security)

FBI investigates breach of surveillance and wiretap systems (Bleeping Computer)

Chinese state hackers target telcos with new malware toolkit (Bleeping Computer)

Cisco Patches 48 Firewall Vulnerabilities with Two CVSS 10 Flaws (Hackread)

CISA Flags Hikvision Camera & Rockwell Logix Vulnerabilities as Actively Exploited (SOCRadar)

House panel marks up kids digital safety act amid Democrat backlash (The Record)

US contractor's son arrested over alleged $46M crypto theft (The Register)

Wikipedia hit by self-propagating JavaScript worm that vandalized pages (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

Learn more about your ad choices. Visit megaphone.fm/adchoices