Threat Level: CRITICAL
War Without End
DEVELOPING STORY — The Iran conflict entered its eighth day as this issue went to press (Saturday, March 7). The situation remains fluid. Casualty figures and strike claims are unverified.
Operation Epic Fury: Week One of a New War
The US-Israel assault on Iran that began February 28 has not slowed. It has accelerated. By Day 8, CENTCOM confirmed striking nearly 200 targets inside Iran, command centres, missile launch sites, drone carriers, nuclear infrastructure. Israel announced its operation was entering a “next phase” aimed at further dismantling the regime. Over 5,000 bombs have been dropped since the war began. The death toll crossed 1,450.
Iran is fighting back with everything it has. Missile and drone barrages hit Israel, US bases across Kuwait, Bahrain, Qatar, the UAE, and Saudi Arabia. The US embassy in Riyadh was struck by drones. Ali Al-Salem Air Base in Kuwait was hit repeatedly. Six US service members have been killed, four identified from a Kuwait drone strike, and at least five more seriously wounded. Iran struck a British air base in Cyprus, sparking calls to end the UK military presence on the island. Azerbaijan reported being hit by an Iranian drone. Saudi Arabia intercepted three drones. Dubai airport saw planes holding in the air as explosions rocked Tehran’s Mehrabad Airport.
Iran’s strategy is regional chaos. Tehran warned it would “set fire” to any ships attempting to pass through the Strait of Hormuz. Oil hit its highest price since 2024. Defence Secretary Hegseth insisted “this is not Iraq” while conceding more casualties are likely. The US Senate backed Trump’s war powers. Trump demanded a role in selecting Iran’s next leader after Ayatollah Khamenei was killed in Week 1 strikes. Cost estimates already exceed $1 billion.
The darkest moment: a girls’ school bombing in Iran killed 175 people. The White House denied US responsibility, Press Secretary Leavitt cited an ongoing Pentagon investigation. Israel is being accused of applying its “genocidal Gaza playbook” to Iran, framing the conflict as existential, targeting civilian infrastructure alongside military sites. (AP, CBS News)
Europe Dragged In
Europe is being sucked into a conflict it did not seek. Italy announced it would provide air defence systems, anti-drone and anti-missile systems to Gulf allies. The UK scrambled four additional Typhoon jets to Qatar. PM Starmer vowed to “shield” Britons in the region. But Britain’s slow response drew criticism from partners who question its military effectiveness. (Reuters)
The environmental cost is mounting too. Gulf airspace closures, oil infrastructure attacks, and the sheer volume of ordnance are compounding the climate damage already caused by the Gaza and Ukraine wars. Water shortages are emerging as a strategic risk across the region, a dimension few analysts predicted would matter this fast. (NYT)
Ukraine: Iran War Derails Peace, Drones Evolve
The Iran war is directly impacting Ukraine. Peace talks have been derailed. Rising oil prices benefit Russia. The Druzhba pipeline is now a fresh diplomatic flashpoint. Zelensky fears Trump’s attention has permanently shifted, but he’s playing it strategically, offering Ukrainian drone specialists to Gulf countries to help counter Iranian drones and missiles. Consultations are underway with the UAE, Qatar, Jordan, Bahrain, and Kuwait.
On the ground, Ukraine captured more territory than it lost in February, a rare bright spot. Ukrainian forces struck three Russian ships in a Black Sea port. But Russia’s Shahed war is entering a new phase: Ukraine’s military drone chief warned that the next generation will be defined by extreme speed, making interception vastly harder. The Shahed design, cheap, deadly, and now copied by the US itself, has reshaped modern warfare. (Firstpost)
Israel Expands in Lebanon
While the world watches Iran, Israel is advancing in Lebanon. The IDF ordered immediate evacuations across dozens of southern Lebanese border villages. Strikes on Beirut’s Dahiyeh suburbs intensified, with residents reporting panic. Hezbollah launched retaliatory attacks. Israel framed the advance as protecting border towns, but analysts see a wider ground war taking shape, a second front opening while global attention is consumed by Tehran. (NYT)
The Epstein Reckoning
Økokrim Seizes Oslo Accords Documents from Rød-Larsen
The biggest Epstein-Norway development this week: Økokrim has seized documents related to the Oslo Accords from the raid on Terje Rød-Larsen and Mona Juul’s home. Aftenposten broke the story, classified Norwegian Foreign Ministry documents connected to the historic 1993 peace process were found in Rød-Larsen’s possession, raising explosive questions about how state secrets ended up in the home of a man under investigation for Epstein-linked corruption.
The political fallout was immediate. VG reported that PM Jonas Gahr Støre has a “forklaringsproblem,” an explanation problem. Støre denied knowledge of the classified Rød-Larsen documents, but opposition figures aren’t buying it. Dagbladet ran the headline “Direkte løgner” (Direct lies). E24 confirmed that parts of the Oslo archives were found at Rød-Larsen’s residence. TV2 revealed that Rød-Larsen had been sending UN Secretary-General Ban Ki-moon’s travel plans to Epstein. (Aftenposten, VG)
DOJ Releases Missing Epstein Files on Trump
The US Department of Justice released previously withheld Epstein files containing material related to Donald Trump. VG covered the release prominently. The files follow weeks of bipartisan fury over selective redactions, some shielding powerful figures, others exposing victims. The release comes after NPR revealed the DOJ had removed FBI interviews with a survivor. The House Oversight Committee separately requested testimony from financier Leon Black, signaling the investigation is widening into Epstein’s financial network. (VG)
Mette-Marit’s Standing Collapses
Multiple polls this week show that Norwegian public opinion has turned sharply against Crown Princess Mette-Marit. German outlet Bunte reported “Norwegians don’t want Mette-Marit as queen anymore.” Danish outlet Seniornews called it “devastating news” arriving mid-trial for her son Marius Borg Høiby, himself facing assault charges. International coverage has been relentless: Daily Mail, German tabloids, Dutch royals press, and Lithuanian media all covered the Epstein connection alongside the Høiby trial.
Promiflash revealed that Epstein didn’t just know Mette-Marit, he also knew Crown Prince Haakon’s ex-girlfriend. The web keeps expanding. Meanwhile, Mette-Marit’s doctor denied press claims linking her lung condition to the scandal, and a major Norwegian fan account announced it was shutting down, citing the situation as “very difficult.” (European Correspondent)
WEF’s Brende Resigns; Nobel Committee Under Pressure
World Economic Forum president Børge Brende, former Norwegian foreign minister, has resigned following an internal review of Epstein connections. AOL and multiple outlets linked Epstein to the Nobel Peace Prize network through Jagland, Rød-Larsen, and Brende. Thorbjørn Jagland continues to appear in Epstein-related coverage across Turkish, Finnish, and Scandinavian media. SVT (Swedish TV) ran a feature connecting Jagland and Rød-Larsen to the released investigation files. Historian Hilde Henriksen Waage told Aftenposten she “considered seeking political asylum in Sweden,” a remarkable statement about the pressure surrounding Norway’s peace diplomacy establishment.
UN experts have stated the Epstein files “may reveal crimes,” a significant escalation in international rhetoric. The Stortinget (Norwegian parliament) is set to debate foreign aid via international actors, a direct result of the Rød-Larsen/IPI funding scandal.
Swedish Connections Surface
The Barbro Ehnbom thread continues to develop. Two new document references (EFTA01040045 and EFTA01037107) surfaced on yirah.fi linking Ehnbom, a Swedish figure in the Epstein orbit, to the file releases. SVT’s coverage explicitly named both Jagland and Rød-Larsen. The Nordic angle is no longer a sideshow, it’s becoming central to the international investigation.
ITsec This Week
LexisNexis Breach: 3.9M Records via Unpatched React Flaw
Legal and data analytics giant LexisNexis confirmed a major breach after threat group FulcrumSec claimed to have exfiltrated 2.04 GB of data. The attack exploited an unpatched React vulnerability (“React2Shell”), a single overprivileged service that turned into a keys-to-the-kingdom moment. Exposed data includes 3.9 million records, profiles for federal judges, 118 users at the SEC, and DOJ personnel credentials. A separate claim alleges cloud systems were also breached, exposing 400K users including .gov accounts and AWS infrastructure. This is LexisNexis’s second breach in two years. (TechRepublic, Cybernews)
“Coruna” — The iPhone Exploit Kit Nobody Saw Coming
Google’s Threat Intelligence Group identified Coruna, a sophisticated iOS exploit kit chaining 23 separate vulnerabilities into a weaponized attack platform. It’s been used for espionage and crypto theft, stealing seed phrases from iPhone users. The toolkit was deployed by suspected Russian spies and Chinese crypto scammers. Security firm iVerify says code analysis suggests it may have originated from a US intelligence contractor, meaning American-built hacking tools are now in the hands of foreign adversaries and common criminals. iVerify described it as the “first known mass iOS attack” campaign of its kind. (TechRepublic, Nextgov)
Qualcomm Zero-Day Under Active Attack — CVE-2026-21385
A high-severity memory corruption flaw in Qualcomm chipsets is being actively exploited in targeted Android attacks. The integer overflow in the Graphics subcomponent allows attackers to bypass security controls and gain unauthorized device access. Google’s March 2026 Android update patches 129 flaws including this zero-day. Exploitation is tied to commercial spyware or nation-state threat groups. If you have an Android device, patch now. (Dark Reading)
Iran’s MuddyWater Targets US Networks with Dindoor Backdoor
As bombs fall on Tehran, Iran’s cyber forces are embedding themselves deeper into American infrastructure. Broadcom’s Symantec and Carbon Black discovered MuddyWater (Iranian state-linked) inside US banks, airports, nonprofits, and the Israeli arm of a software company using a new backdoor called Dindoor. Google’s head of threat intelligence warned that Iran will “absolutely” respond to kinetic strikes with cyber-attacks targeting organizations globally. Meanwhile, camera-hacking has become part of the war playbook, Wired reported that hacking security cameras is now standard reconnaissance in both the Iran and Ukraine conflicts. (The Hacker News)
APT28 Exploited MSHTML Zero-Day Before Patch Tuesday
Russia’s APT28 (Fancy Bear) is linked to exploitation of CVE-2026-21513, a CVSS 8.8 MSHTML flaw, before Microsoft’s February patch. Akamai identified the connection. This is the same group that has been active in Ukraine-related espionage for years, now exploiting Windows vulnerabilities to maintain access to Western targets while Russia’s attention is supposedly elsewhere. (The Hacker News)
Breach Roundup
| Target | Impact |
|---|---|
| LexisNexis | 3.9M records, federal judge profiles, SEC/DOJ personnel, .gov accounts |
| French Health System | 15M citizens, medical records via centralized health platform |
| TriZetto | 3.4M, health and personal data stolen in 2024, undetected for a year |
| Texas (unnamed) | 25M Americans, called “largest US hack in history” by Texas AG |
| Conduent | Millions, ransomware, notifications sent a year late |
| UH Cancer Center | 1.2M, Social Security numbers, research data |
| 1.2M Bank Accounts | French financial systems, impersonation, not malware |
| Madison Square Garden | Oracle EBS campaign, confirmed months after attack |
| Star Citizen | Player data leaked, disclosure delayed by over a month |
| Kettering Health | 14 hospitals, 44 consolidated lawsuits over 2025 Interlock ransomware |
Trends
- Malware is optional: CrowdStrike’s 2026 report finds 82% of attacks are now malware-free. Identity compromise is the #1 path. Average breakout time: 29 minutes
- Zero-days accelerating: Google GTIG tracked 90 zero-days exploited in 2025. Enterprise software and networking devices are primary targets. Spyware vendors now exploit more zero-days than nation states
- Cyber is now kinetic: Iran and the US/Israel are trading cyber-attacks alongside missile strikes. Camera hacking, infrastructure disruption, and network infiltration are standard war ops
- APT36 “Vibeware”: Pakistan-linked hackers using AI-generated malware to flood Indian government networks, hiding C2 in trusted cloud services
- Phobos admin guilty: Russian national pleads guilty to wire fraud for running the Phobos ransomware-as-a-service operation
- VMware Aria Operations (CVE-2026-22719): Exploited in the wild, CISA warned. Patch immediately
Week in Numbers
| Stat | Context |
|---|---|
| 1,450+ | Killed in Iran war (8 days) |
| 5,000+ | Bombs dropped on Iran |
| $1B+ | US war cost estimate |
| 82% | Attacks now malware-free |
| 3.9M | LexisNexis records exposed |
| 23 | iOS exploits in Coruna kit |
| 90 | Zero-days exploited in 2025 |
| 15M | French medical records leaked |
| 175 | Killed in Iranian school bombing |
What to Watch Next Week
- Iran war escalation: Will Iran follow through on Strait of Hormuz blockade? Will Pakistan enter the conflict?
- Oil & supply chains: Gulf shipping disruption, Hormuz closure risk, and energy price spikes rippling globally
- Lebanon ground war: Israel’s “protection” advance looks like prelude to wider operations
- Rød-Larsen Oslo Accords documents: What did Økokrim actually find? Støre’s “explanation problem” isn’t going away
- Leon Black testimony: House Oversight pushing for Epstein financier, could crack open the money trail
- Iranian cyber retaliation: MuddyWater already embedded in US networks. Expect escalation
- LexisNexis fallout: Federal judge profiles, DOJ credentials exposed, national security implications emerging
- Coruna exploit kit: US-origin hacking tools in criminal hands, expect more iOS attacks and policy response
FTRCRP — Future Trust & Responsible Computing Practice Issue #006 — Mar 1-7, 2026 Curated by Lara · Reviewed by mr0