Alex: ...

Jordan: The White House just told every adversary — and every CISO — that America is going on offense. Seven pages. That's all it took to reshape the cyber doctrine. Meanwhile, U.S. companies are staring down retaliatory strikes from Iran, Russian state hackers are hijacking Signal accounts, and American-made iPhone exploits are showing up in Moscow's toolkit. It's March 10th, 2026, and the threat landscape just shifted under your feet.

Alex: Welcome to Cleartext. I'm Alex Chen, alongside Jordan Reeves. Today we've got a packed episode. We're going to dig deep into the new White House cyber strategy and what offensive preemption actually means for your risk posture. We'll connect that directly to the Iran conflict and the very real possibility of retaliatory cyber operations hitting your infrastructure this week. Then we'll cover Russian operations targeting encrypted comms, a disturbing story about U.S. exploit tools ending up in adversary hands, a pair of breaches that should have your vendor risk team on alert, regulatory developments on HIPAA and the compliance morass, and a record-breaking funding round that's worth sixty seconds of your time. Let's get into it.

Jordan: So the seven-page strategy document. Let's be clear about what this actually says. The Trump administration, through National Cyber Director Cairncross, is formally declaring that the U.S. posture is shifting from absorb-and-respond to preempt-and-deter. They're blending offensive cyber operations with diplomacy, law enforcement pressure, and — this is the interesting part — direct CEO engagement.

Alex: That CEO pressure piece is what I want to unpack. Because when the government starts pulling private sector leadership into the deterrence equation, that changes the conversation in the boardroom fundamentally. If you're a CISO and your CEO gets a call from the National Cyber Director's office asking for cooperation on a preemptive operation or threat intelligence sharing related to an active campaign, that's not a hypothetical anymore. That's Tuesday morning.

Jordan: Right. And the liability questions are enormous. If you're cooperating with a government offensive operation, even passively through intelligence sharing, what does that mean for your exposure? What does that mean if the adversary retaliates against your infrastructure specifically because of that cooperation? These are questions your general counsel needs to be thinking about today.

Alex: The other strategic implication — and this connects directly to our next story — is that preemption invites escalation. And we're already seeing the escalation vector with Iran.

Jordan: The Iran situation is no longer theoretical. The U.S. military campaign is active. Cybersecurity Dive reported today that local governments, critical infrastructure providers, and major enterprises are at heightened risk of disruptive attacks. Not espionage. Disruption. That's a critical distinction. We're talking about attacks designed to break things, not steal things.

Alex: If you're running critical infrastructure — energy, water, transportation, healthcare — your alert level should already be elevated. I'd be reviewing incident response playbooks this week, specifically the scenarios around destructive malware and wiper attacks. Iran's playbook historically includes wipers. We saw it with Shamoon. We saw variants targeting the energy sector. That capability hasn't atrophied.

Jordan: And the targeting of local governments is significant. These are entities with smaller security teams, tighter budgets, often running legacy systems. If you're a CISO at a state or municipal level, this is your moment to escalate to leadership. The threat is named, it's attributed, and it's directional. That's as clear a warning as you're going to get from the intelligence community without a classified briefing.

Alex: The combination of the new offensive strategy and an active conflict with a capable cyber adversary — that's the macro picture every CISO needs to internalize this week. Your risk calculus changed. Update it.

Jordan: Let's pivot to the Russian operations, because these two stories are related and they paint a very specific picture. Dutch intelligence has attributed a campaign targeting WhatsApp and Signal accounts to Russian state hackers. The targets are government officials, military personnel, journalists, and by extension, any executive who communicates with those people. The attack vector is phishing designed to hijack the accounts themselves, not break the encryption.

Alex: This is the part that I think CISOs underestimate. Your executives use Signal and WhatsApp because they believe those platforms are secure. And they are — until someone social-engineers their way into the account. The encryption is irrelevant if the adversary is reading messages as the authenticated user. This requires an executive briefing. Not an email. A conversation. Walk your C-suite through the specific phishing techniques. Show them what a fake device-linking QR code looks like. Show them what a spoofed verification message looks like.

Jordan: And then there's the iPhone toolkit story, which is genuinely alarming. Google identified a set of hacking tools used by a Russian espionage group and a Chinese cybercriminal group. Sources say these tools originated from a U.S. government defense contractor. American-made offensive tools, built for American intelligence purposes, now in the hands of our primary adversaries, targeting iPhones.

Alex: The supply chain implications here go beyond the exploit market. If you're a CISO, you need to ask a very uncomfortable question: how confident are you that the mobile devices your executives carry are not compromised by state-level tooling? Because the answer, after today's reporting, is that you should be less confident than you were yesterday. MDM alone isn't sufficient against this class of attack. You need to be looking at mobile threat defense, hardware attestation, and frankly, having a conversation about compartmentalization of sensitive communications.

Jordan: The irony of a strategy document promoting offensive operations on the same day we learn our offensive tools are being used against us — that's not lost on anyone in this community.

Alex: Let's shift to the breach stories. Ericsson disclosed that fifteen thousand employees and customers were affected by a breach that came through a compromised third-party service provider. This is the Ericsson U.S. subsidiary.

Jordan: Telecom infrastructure company. That's the supply chain for the supply chain. When Ericsson gets breached through their vendor, the blast radius extends into carriers, into network operators, into the infrastructure that runs communications for governments and enterprises.

Alex: The lesson is the same one we keep repeating, but it bears repeating because the data keeps proving it: your vendor risk management program is a first-order security control. Contractual security requirements, right to audit, evidence of continuous monitoring — these aren't nice-to-haves. They're the difference between being a victim and being a bystander.

Jordan: The ShinyHunters story is more immediately actionable. They're claiming active exploitation of Salesforce Experience Cloud instances. The known vector is misconfigured guest user permissions on Aura endpoints. Salesforce has already warned customers. But ShinyHunters is claiming there's a new bug in play beyond the misconfiguration.

Alex: If you run Salesforce Experience Cloud — and statistically, a significant percentage of this audience does — you need to audit guest user permissions today. Not this week. Today. Check your Aura endpoint exposure. If you have a Salesforce admin team, they should already be on this. If they're not, that's a process failure worth examining.

Jordan: Moving to governance. Two stories that are really two sides of the same coin. First, the HIPAA Security Rule is getting its first major overhaul in decades. Finalization could come as early as May 2026. The new requirements are grounded in modern cybersecurity frameworks, which means if you've been building to NIST CSF or similar, you have a head start. If you haven't, you're looking at significant architecture and budget implications.

Alex: Healthcare CISOs, this is your planning window. May is two months away. Even if finalization slips, the direction is clear. Start socializing the budget conversation now. When the rule drops, you don't want to be starting from zero with your CFO.

Jordan: And then the GAO report, which essentially validates what every CISO who operates across multiple regulatory frameworks already knows: conflicting definitions, conflicting timelines, overlapping requirements. It's a compliance tax that drains resources from actual security.

Alex: The silver lining — and it's thin — is that this report was presented to a congressional panel. Which means there's at least institutional awareness that harmonization is needed. Whether that translates to action is another question entirely. But if you're building compliance automation or investing in GRC tooling, this is a tailwind for that business case.

Jordan: Quick hit on the funding story. Armadin just raised a hundred and eighty-nine point nine million dollars in a combined Seed and Series A. That is the largest early-stage round in cybersecurity history. Accel led. Google Ventures, Kleiner Perkins, Menlo Ventures, and In-Q-Tel participated. In-Q-Tel's involvement tells you the intelligence community sees this as strategically relevant.

Alex: The thesis is AI-driven threats requiring a new category of defense. We've seen a lot of companies claim that space. This kind of capital says the investors believe Armadin has something differentiated. CISOs should watch this one. Don't buy anything yet. But get a briefing.

Jordan: Agreed. At that funding level with those backers, they'll be knocking on your door soon enough.

Alex: So let's talk about the emerging theme. Jordan, I keep coming back to this idea that the boundaries between government cyber operations and enterprise security are dissolving. The offensive strategy, the Iran retaliation risk, the exploit tools leaking from contractors to adversaries — the enterprise is no longer adjacent to the conflict. The enterprise is the terrain.

Jordan: That's exactly right. And it means the CISO role is evolving again. You're not just managing risk to the business. You're managing risk that originates from geopolitical conflict, flows through government policy, and lands on your infrastructure. The skill set required now includes geopolitical awareness, government relations, and crisis communications at a level that most security leaders weren't hired for five years ago.

Alex: The action item is concrete. If you don't have a relationship with your regional CISA office, with your FBI field office cyber squad, with the relevant ISAC for your sector — build those relationships this quarter. When the retaliation comes, and it will come, you need those channels open and warm, not cold.

Jordan: And brief your board. Not on the technical details. On the strategic reality. The U.S. is in an active cyber conflict posture. That changes the risk profile. They need to hear it from you before they read it in the Wall Street Journal.

Alex: That's our show for Tuesday, March 10th. If today's episode was useful, share it with a peer who needs to hear it. We're back tomorrow with more. I'm Alex Chen.

Jordan: I'm Jordan Reeves. Stay sharp.