Threat Briefing: March 13, 2026

Cybercriminals are growing more sophisticated, with phishing schemes now exploiting publicly available data to impersonate officials and target permit-fee payments with alarming credibility. Meta’s removal of over 159 million scam advertisements exposes the staggering scale of digital ad fraud and the urgent need for stronger platform oversight. Compounding this, widespread exposure of valid TLS certificates reveals persistent gaps in key management practices, leaving organizations vulnerable to impersonation and compromise of encrypted communication.

Geopolitical pressures are amplifying these threats. Iran-linked actors have targeted major enterprises like Stryker and Verifone, turning state-affiliated attacks on critical industries into active operational realities. Meanwhile, attackers are weaponizing Microsoft Teams itself to deliver A0Backdoor malware, exploiting employee trust in everyday collaboration tools to conduct stealthy enterprise intrusions.

• FBI Warns of Permit Fee Phishing Scam – Cybercriminals are impersonating local city and county officials to fraudulently solicit permit-related payments, using publicly available zoning data, such as application numbers and property addresses, to craft highly convincing emails that direct victims to wire transfer funds. Help Net Security
• Meta Removes 159 Million Scam Ads Amid Legislative Pressure – Meta removed 159 million scam advertisements in 2025 as U.S. lawmakers intensified scrutiny over platform accountability. With Americans losing over $10 billion to scams in 2023, Meta is deploying new detection tools and targeting verified advertisers to make up 90% of ad revenue by 2026. The Record
• Thousands of Valid TLS Certificates Exposed Through Leaked Private Keys – Researchers linked over 40,000 leaked private keys to 140,000 real certificates, 2,622 still valid, exposed across platforms like GitHub and DockerHub. The findings highlight persistent failures in secrets management, including key reuse, long cryptoperiods, and poor revocation practices. GitGuardian
• Iran-Linked Group Claims Attacks on Stryker and Verifone – The Handala Hack Team claimed responsibility for cyberattacks against medical technology firm Stryker and payments company Verifone on March 11, 2026. Stryker confirmed a network disruption, while Verifone reported no breach, though the group’s claims of wiping 200,000 systems and stealing 50TB of data remain unverified. Hack Read
• Microsoft Teams Exploited to Deploy A0Backdoor Malware – Attackers are impersonating IT support staff on Microsoft Teams to trick employees into granting remote access via Quick Assist, then deploying the A0Backdoor malware through signed installers disguised as legitimate Teams components. The backdoor communicates covertly via DNS tunneling, making detection particularly difficult. BleepingComputer