Everything you need to know about what just happened in cybersecurity. No jargon. No fluff. Just the truth about what's coming for your business, your family, and your data.
Wow. A LOT has happened in the last two weeks, and honestly, even we are just now catching up. We’ve been heads down building, deploying, and protecting our clients, and when we came up for air and looked around at the news cycle? It’s been absolute chaos.
So let’s break it all down. No tech jargon. No “cyber synergy” nonsense. Just what happened, why it matters to you, and what you can actually do about it. Whether you’re a dentist in Raleigh, a law firm in Fuquay, or a teacher wondering if your school’s data is safe. This one’s for you.
Buckle up. This is a big one.
01 // THE_SECURITY_TOOL_THAT_BECAME_THE_WEAPON
Imagine you hire a security guard for your building. He shows up every day, checks the doors, checks the windows, makes sure nobody got in. You trust this guy completely.
Now imagine someone replaced that security guard with an identical-looking imposter. Same uniform. Same badge. Same routine. Except this one is secretly copying every key in your building and handing them to criminals.
That’s exactly what happened with a tool called Trivy. It’s one of the most popular security scanners on the planet. Thousands of companies use it to check their systems for vulnerabilities. On March 19, hackers poisoned Trivy itself. They slipped malicious code into the official releases, and suddenly the tool that was supposed to protect people was quietly stealing their passwords, encryption keys, and cloud credentials.
Over 10,000 cloud environments may have been infected. The attack spread to other tools too, including AI software used by more than a third of all monitored cloud systems. CISA (the federal cybersecurity agency) flagged it as a critical threat on March 26.
WHY_THIS_MATTERS_TO_YOU
If you use any cloud-based software for your business (email, file storage, accounting, scheduling, patient records) your provider probably runs tools like this behind the scenes. You’d never know if their security guard got swapped out. This is why we don’t just trust vendor promises. Our Guardian platform runs 166+ security tools on its own infrastructure, monitored by 18 AI agents that flag abnormal behavior in real time. When one tool goes bad, the others catch it. That’s the difference between hoping your vendor is safe and actually knowing.
02 // A_131_BILLION_DOLLAR_COMPANY_GOT_ERASED
Stryker is a $131 billion medical device company. They make the surgical equipment and hospital beds your doctor uses. On March 11, Iranian hackers didn’t just break in. They didn’t steal data and ask for a ransom. They straight up erased everything.
Employees watched their screens go black in real time. The malware wiped computers globally. Order processing, manufacturing, shipping. All of it. Gone. Their stock dropped 5% overnight, which on a company that size is billions of dollars vanishing.
Here’s the part that should scare you: this wasn’t ransomware. With ransomware, the bad guys lock your files and sell you the key back. There’s at least a negotiation. Wiper malware doesn’t negotiate. It just destroys. There is no key. There is no recovery unless you have backups stored somewhere the attackers can’t reach.
If a $131 billion company with an entire IT department can get wiped, what happens to a 10-person dental practice? A 5-attorney law firm? A small town government office? The answer is: they close. Permanently.
WHAT_YOU_CAN_DO_RIGHT_NOW
Ask yourself one question: if every computer in your office got wiped tonight, could you be back up and running tomorrow? If the answer is “I don’t know” or “probably not,” you need offline backups. Not Dropbox. Not Google Drive. A backup that is physically disconnected from your network so an attacker can’t reach it. This is the single most important thing you can do for your business this week. Period.
03 // THE_FCC_JUST_BANNED_YOUR_ROUTER
This one flew under the radar but it’s massive. On March 23, the FCC added all consumer routers made in foreign countries to its banned equipment list. Effective immediately. New models from overseas can no longer be approved for sale in the United States.
Think about that for a second. Netgear. Linksys. Asus. TP-Link. D-Link. Pretty much every router brand you’ve ever heard of manufactures overseas. There is currently no major U.S.-made consumer router on the market. If your router dies tomorrow and you need a new one, your options just got very complicated.
The reason? Chinese hacking groups called Volt Typhoon and Salt Typhoon have been caught hiding inside American routers, using them as launchpads to spy on critical infrastructure. The government’s response was basically: if we can’t trust the supply chain, we’re shutting it down.
Your existing router still works. They’re not coming to take it. But if you’re a business buying new networking equipment in 2026, expect higher prices and fewer choices until manufacturers figure out the new rules.
CFS_TAKE
This is exactly why we deploy enterprise-grade Ubiquiti UniFi infrastructure for our clients instead of consumer gear. UniFi equipment is designed, engineered, and quality-controlled by a U.S. company. We’ve been building networks on this platform for years because we saw the consumer router problem coming. If your business is still running on a $60 router from Best Buy, it’s time to have a conversation.
04 // AI_IS_WRITING_BETTER_SCAM_EMAILS_THAN_HUMANS
Remember when you could spot a scam email because it was full of typos and broken English? Those days are over.
According to a new report, 40% of business email scams are now written by AI. Not assisted by AI. Written by it. These emails are grammatically perfect, personalized to the recipient, and nearly impossible to distinguish from a real message from your boss, your bank, or your vendor.
It gets worse. The FBI issued a warning that hackers are now using AI to clone people’s voices. They call your office sounding exactly like your boss, your accountant, or a vendor you trust. They ask for a wire transfer. They ask for login credentials. And because it sounds exactly like someone you know, people comply.
Russian intelligence is also running a massive campaign targeting people who use Signal, WhatsApp, and Telegram. They’re not breaking the encryption. They’re tricking people into voluntarily handing over access to their accounts through fake login pages and phishing links. Current and former government officials, military personnel, and journalists are the primary targets, but the techniques will trickle down to everyone.
HOW_TO_PROTECT_YOURSELF
The old advice of “look for typos” is dead. The new rule is: verify everything through a second channel. If you get an email from your boss asking you to wire money, call them. Not on the number in the email. On the number you already have saved. If someone calls and it sounds like your vendor but something feels off, hang up and call them back directly. Trust your gut. And turn on two-factor authentication on every account you have. Not the text message kind. Use an authenticator app. Right now. Today.
05 // THE_COMPANIES_YOU_TRUST_ARE_LYING_ABOUT_PRIVACY
If you read Issue #001, you know we talked about encryption and why it matters. Well, Meta just proved our entire point.
On March 17, Meta announced it’s removing end-to-end encryption from Instagram DMs. They added it two years ago. Now they’re taking it away. Your Instagram messages will once again be readable by Meta, by advertisers who pay for the data, and by anyone who serves Meta with a legal request. They told users to “just use WhatsApp” if they want privacy. Cool. Thanks.
And Apple? The company that runs commercials about how much they protect your privacy? It came out this week that Apple has been unmasking users of its “Hide My Email” feature for federal agents. The feature literally markets itself as a way to keep your real email address private. Turns out Apple can connect those anonymous addresses to your real identity whenever law enforcement asks. So “Hide My Email” doesn’t hide it from the people most likely to come looking.
Meanwhile in Florida, state legislators are pushing a bill that would force companies to build backdoors into encrypted messaging so law enforcement can read anyone’s messages with a subpoena. Security experts universally agree: you cannot build a door that only the good guys can walk through. If a backdoor exists, hackers will find it.
The one bright spot? France actually rejected a similar backdoor proposal on March 25. So at least someone is paying attention.
06 // HOSPITALS_ARE_GETTING_DESTROYED
The University of Mississippi Medical Center is Mississippi’s only children’s hospital. Its only Level I trauma center. The only place in the state that does organ transplants. On March 12, the Medusa ransomware gang shut down all 35 clinic locations for nine straight days.
Doctors couldn’t access patient records. Surgeries were delayed. Revenue dropped 20%. That’s $34 million gone. The hackers demanded $800,000 and claim to have stolen over a terabyte of patient data. That’s names, social security numbers, medical histories, insurance information. Everything.
This isn’t an outlier. Healthcare is the #1 most targeted industry for cyberattacks. And the government knows it. A massive overhaul of HIPAA security requirements is expected to be finalized in May 2026 with an estimated first-year compliance cost of $9 billion across the industry. Every healthcare provider will be required to implement multi-factor authentication, encrypt all patient data at rest and in transit, conduct annual penetration testing, and be able to restore systems within 72 hours of an attack.
If you work in healthcare, run a medical or dental practice, or handle patient data in any capacity: the clock is ticking. These aren’t suggestions anymore. They’re about to be law.
THIS_IS_WHAT_WE_DO
CyberFortify was built for exactly this. We serve dental practices, medical offices, and law firms across North Carolina. Our Guardian platform handles HIPAA-grade security, encrypted mesh networking, endpoint monitoring, and 24/7 automated threat detection. One of our clients had a real cyberattack detected and contained within 24 hours of Guardian going live. Not weeks later. Not after the damage was done. Day one. If you’re a healthcare provider and you’re not sure where you stand with the new HIPAA requirements, reach out. We’ll tell you the truth, even if the truth is “you’re fine.”
07 // UPDATE_YOUR_STUFF_RIGHT_NOW
We don’t normally dedicate an entire section to software updates, but this cycle is different. In the last two weeks, hackers have been exploiting vulnerabilities before the fixes even come out. Mandiant (Google’s threat intelligence team) released a report showing that the average time between a vulnerability being discovered and hackers using it has dropped to essentially zero. They’re not waiting for you to patch. They’re already inside.
Here’s your action list. Do these today. Not tomorrow. Today.
Not sure if your business computers are up to date? That’s literally what we do. Guardian’s endpoint agent (NyxGuard) monitors every device on your network and flags missing patches automatically. No spreadsheets. No guessing. No praying.
08 // THE_NUMBER_THAT_SHOULD_KEEP_YOU_UP_AT_NIGHT
For the first time ever, cyberattacks have overtaken inflation and recession as the #1 fear of small business owners in America. And they should be.
Small businesses get hit with 350% more social engineering attacks than large companies. Why? Because hackers know you don’t have a security team. They know you’re running QuickBooks on a computer that hasn’t been updated since 2023. They know your WiFi password is probably taped to the wall. And they know that one successful phishing email to your office manager could give them the keys to your entire business. That’s not a scare tactic. That’s the math.
YOUR_ACTION_ITEM_THIS_WEEK
We give you one thing to do every issue. Something real. Something you can knock out today.
Go to every account you care about and turn on two-factor authentication using an authenticator app.
Not the text message codes. Those can be intercepted. Download Microsoft Authenticator or Google Authenticator on your phone and set it up for your email, your bank, your social media, and your business software. It takes about 2 minutes per account. It stops 99% of unauthorized access. It’s free.
Start with your email. If a hacker gets your email, they can reset the password on everything else. Protect the castle first.
Austin Eatman
Co-Founder // CyberFortify Solutions
FORTIFIED_WEEKLY
This briefing was Issue #002.
Get the next one delivered before it goes public.
← BACK TO ALL BRIEFINGS