Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services
Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a third facility in Bahrain, disrupting approximately 60 AWS services across the Gulf region as Iran launched retaliatory strikes following a U.S. and Israeli operation that killed Supreme Leader Ayatollah Ali Khamenei. Amazon confirmed the physical strikes, with two of the UAE’s three availability zones knocked out and Bahrain’s zone suffering prolonged power outages and connectivity failures; the company advised Middle East customers to migrate workloads to unaffected regions and warned that full recovery depends on restoring physical infrastructure in an “unpredictable operating environment.” The incident marks an unprecedented convergence of kinetic warfare and cloud infrastructure disruption, raising urgent questions across the industry about the physical security of hyperscaler data centers operating in active conflict zones.
LexisNexis Confirms Breach as Hackers Leak Stolen Files
Data analytics giant LexisNexis Legal & Professional confirmed this week that a threat actor who leaked approximately 2 GB of data on a criminal forum had indeed obtained it through a breach of “a limited number of servers,” with the stolen files containing mostly pre-2020 legacy data — including customer names, user IDs, business contact information, products used, support tickets, and survey records with respondent IP addresses — alongside what the forum post characterized as .gov email addresses and account records belonging to government agencies and law firms. The company said its investigation determined the matter is “contained” and that no systems remain compromised, though it did not disclose how the attacker initially gained access. The breach is separate from a December 2024 incident involving LexisNexis Risk Solutions, in which a hacker accessed a GitHub repository and stole personal data on more than 364,000 individuals including Social Security numbers and driver’s license numbers.
AI and Deepfakes Supercharge Sophisticated Cyber-Attacks, Says Cloudflare
Cloudflare’s 2026 Threat Report warns that readily available LLMs and AI tools have become a “force multiplier” for cybercriminals, enabling actors who previously lacked the skills to write convincing phishing lures or custom malware to now generate sophisticated attack content rapidly and at scale — what the report calls the “total industrialization of cyber threats.” Beyond lowering the technical barrier to entry, the report flags a more insidious AI-enabled attack vector: AI-generated deepfakes and fraudulent identity documents are being weaponized specifically to bypass corporate hiring filters, allowing threat actors — particularly North Korean operatives — to embed themselves inside target organizations as trusted employees with access to administrative and financial systems. Cloudflare researchers urged security teams to prepare for rapid, continuous evolution in adversary tactics, warning that the same AI advances benefiting defenders are being adopted by attackers faster than most organizations can adapt.
Google Addresses Actively Exploited Qualcomm Zero-Day in Fresh Batch of 129 Android Vulnerabilities
Google’s March 2026 Android security update patches 129 vulnerabilities, with the most urgent fix addressing CVE-2026-21385 — an actively exploited high-severity memory corruption flaw in Qualcomm’s display driver component that researchers believe may be tied to commercial spyware vendors or nation-state threat actors given the nature of its exploitation. The patch bundle also addresses a cluster of critical remote code execution flaws in Android’s Media Framework and System components that can be triggered without user interaction on unpatched devices. Android users on Pixel devices will receive the update automatically, while Samsung, OnePlus, and other OEM customers will face varying rollout timelines — a persistent structural challenge given that carrier and manufacturer delays routinely leave hundreds of millions of devices exposed to known, patchable vulnerabilities for weeks or months after Google publishes fixes.
A Suite of Government Hacking Tools Targeting iPhones Is Now Being Used by Cybercriminals
Google researchers have identified a powerful iPhone exploit kit, dubbed “Coruna,” that originated as a government-grade spyware tool and has since proliferated into the hands of cybercriminals — a troubling sign of an emerging “secondhand exploit” market where nation-state-developed zero-days filter down to financially motivated hackers after their initial use. Google first detected Coruna in February 2025 when a surveillance vendor deployed it against a target on behalf of a government customer, but subsequently found the same kit being used by a Russian espionage group targeting Ukrainian users and then by a financially motivated threat actor in China — with researchers still unable to determine whether the tools were leaked, stolen, or sold. Components of the kit have been linked to Operation Triangulation, the 2023 campaign Russian cybersecurity firm Kaspersky attributed to the U.S. government; the discovery echoes the 2017 EternalBlue incident, in which NSA-developed Windows exploits were stolen and later weaponized in North Korea’s WannaCry ransomware attack, and serves as a stark warning that sophisticated government cyberweapons rarely stay contained to their intended targets.
