The FBI Got Hacked and Enterprise Zero-Days Hit Record Highs: What March's Security News Tells Us

Page content

The FBI Got Hacked and Enterprise Zero-Days Hit Record Highs: What March’s Security News Tells Us

March has already delivered some sobering reminders about the state of cybersecurity, and we’re only a week in. Between the FBI getting compromised and Google’s latest zero-day report painting a grim picture for enterprise security, there’s a lot to unpack here.

When Even the FBI Isn’t Safe

Let’s start with the elephant in the room – the FBI getting hacked. While the details are still emerging, this incident serves as a stark reminder that no organization, regardless of resources or expertise, is immune to sophisticated attacks.

What’s particularly concerning is how this fits into a broader pattern we’ve been seeing. The same report mentions hijacked cameras being used in operations targeting Iranian leadership – a technique that highlights how everyday IoT devices continue to be weaponized in ways most organizations never consider when setting up their security perimeter.

The Transport for London breach affecting 10 million people is another data point in this trend. These aren’t small-scale attacks targeting vulnerable startups; they’re successful compromises of major institutions with presumably mature security programs.

Zero-Days Are Having a Field Day

Google’s latest threat intelligence report dropped some numbers that should make every CISO lose sleep. Zero-day attacks on enterprise software hit record highs in 2025, with nearly a quarter of detected zero-days specifically targeting security and networking appliances.

Think about that for a moment – the very tools we rely on to protect our networks are increasingly becoming the attack vector. It’s like finding out your home security system has been compromised by the burglars. This trend forces us to rethink our approach to defense-in-depth strategies, especially when our security appliances themselves might be the weak link.

The focus on networking equipment makes tactical sense from an attacker’s perspective. These devices often have broad network access, run with elevated privileges, and historically haven’t received the same security scrutiny as endpoint systems. Plus, they’re perfect for establishing persistent access that can survive system rebuilds and user awareness training.

The Malware Evolution Continues

Speaking of persistent access, researchers have identified a new multi-stage campaign called VOID#GEIST that’s delivering multiple RAT payloads including XWorm, AsyncRAT, and Xeno RAT. What caught my attention isn’t just the sophistication of the delivery mechanism – using obfuscated batch scripts to deploy encrypted payloads – but the diversification strategy.

By deploying multiple RAT variants, attackers are essentially hedging their bets. If one payload gets detected and removed, they’ve got backups already in place. It’s a smart approach that reflects how mature these operations have become. We’re not dealing with script kiddies throwing exploits at the wall to see what sticks; these are methodical campaigns designed to maintain long-term access.

Regulatory Response: EU Takes on Automotive Cybersecurity

On the regulatory front, the EU is implementing new cybersecurity standards for the automotive industry. This move makes sense when you consider how much attack surface modern vehicles represent – they’re essentially computers on wheels with wireless connectivity, GPS tracking, and increasingly, autonomous capabilities.

The timing is interesting too, as the regulation explicitly links climate change concerns with cybersecurity threats. As we push toward more connected, electric, and autonomous vehicles to address environmental challenges, we’re also expanding the potential impact of successful cyberattacks on critical infrastructure.

Workforce Development Gets an AI Focus

EC-Council is betting big on AI-focused security training with their new Enterprise AI Credential Suite. Four new AI-focused certifications alongside an updated CISO program suggests the industry recognizes that AI isn’t just changing how we work – it’s fundamentally changing what we need to secure and how we secure it.

This development reflects a broader challenge we’re all facing: the skills gap isn’t just about finding enough security professionals anymore, it’s about finding professionals who understand both traditional security principles and emerging AI-related risks. The rapid deployment of AI systems across enterprises is creating new attack vectors faster than we can develop defenses for them.

What This Means for Our Daily Work

Looking at these stories together, a few patterns emerge that should influence how we approach security in 2026. First, the sophistication gap between attackers and defenders continues to widen, particularly around zero-day exploitation. Second, our traditional security tools are increasingly becoming targets themselves. Third, the attack surface keeps expanding faster than our ability to secure it comprehensively.

The practical takeaway? We need to get comfortable with the idea that perfect security isn’t achievable, and focus more on resilience and rapid response capabilities. The FBI breach proves that even well-resourced organizations get compromised. The question isn’t whether you’ll face a successful attack, but how quickly you can detect, contain, and recover from it.

Sources