Jordan: Eighty thousand devices. Wiped. Remotely. Via the MDM platform your IT team uses every day. That's not a ransomware attack. That's a military-grade destructive operation executed through enterprise tooling — and it happened to Stryker this week. That's where we're starting.

Alex: Welcome to Cleartext. I'm Alex Chen.

Jordan: And I'm Jordan Reeves.

Alex: This is our Saturday Week in Review — if you've been heads-down, in board meetings, or just trying to survive the week, this is the episode that tells you what actually mattered and why you should care going into Monday. This week was dense. We're talking about a dominant geopolitical story in the Stryker attack, a cascading set of signals about Iran's cyber posture that has real strategic implications, a pair of stories that should fundamentally change how you think about AI agents in your environment, and a Cisco zero-day situation that is, frankly, worse than the headline suggests. Let's get into it.

Jordan: So let's start where the week started — with Stryker, Handala, and what is almost certainly the most consequential destructive cyberattack on a U.S. company this year. The FBI seized Handala's data leak sites following a destructive attack on Stryker, one of the largest medical device companies in the world. Approximately eighty thousand devices wiped. Not encrypted for ransom. Wiped. And here's the critical operational detail — the attackers didn't use some exotic zero-day to do it. They used Microsoft Intune. They got access to the MDM environment and issued legitimate remote wipe commands at scale. The firewall didn't blink. The EDR didn't fire. It looked like IT activity because it was IT activity — just unauthorized IT activity.

Alex: And the DOJ came out clearly this week linking Handala directly to Iran's Ministry of Intelligence and Security. This is not a loosely affiliated hacktivist collective. This is an arm of the Iranian state with a hacktivist coat of paint on it. CISA issued emergency guidance on hardening Intune environments, and every CISO in the room should be treating that as an immediate action item — not a "next quarter" action item. We're talking about auditing who has admin-level access to your MDM platform, what conditional access policies are in place, whether privileged access to Intune is protected by phishing-resistant MFA, and whether your monitoring can distinguish a legitimate mass-wipe from a malicious one. Most shops can't make that distinction today.

Jordan: And here's the broader strategic context that the Risky Business analysis got exactly right this week: Iran is losing conventional power projection capability. When that happens, authoritarian regimes don't go home and sulk — they double down on asymmetric tools. Cyber is cheap, it's deniable, and it's resilient to military strikes. You can't bomb a capability that lives in the minds of engineers sitting in Tehran apartments. So if you were hoping this was a one-off escalation tied to a specific geopolitical moment, I'd encourage you to revise that assumption. The analytical consensus this week is that we're entering a period of sustained, escalating Iranian cyber activity targeting critical infrastructure and healthcare specifically.

Alex: And Stryker is not an edge case — it's a bellwether. Medical device manufacturers sit at the intersection of two things Iran has consistently targeted: healthcare systems and U.S. defense-adjacent supply chains. Stryker makes implants, surgical equipment, hospital infrastructure. The downstream implications of eighty thousand wiped devices in that environment are not just an IT recovery problem — they're a patient safety problem and a supply chain problem. CISOs in healthcare, and frankly CISOs in any sector that touches critical infrastructure, need to be in conversation with their boards about Iranian threat actor posture right now.

Jordan: Let's stay in the geopolitical lane because there were two other significant stories this week that connect directly. First, DarkSword — a full-chain iOS 18 exploit kit discovered jointly by Google GTIG, iVerify, and Lookout. Six vulnerabilities, three of them zero-days, enabling full device takeover via a malicious website visit. No user interaction beyond clicking a link. Used by suspected Russian state actors targeting Ukrainians, and also by commercial surveillance vendors operating in Saudi Arabia, Turkey, and Malaysia. This is the second full-chain iOS exploit kit found in the wild in recent months, which tells you something important: iOS is not the safe harbor it used to be. The "just keep it updated" advice is no longer sufficient for your executives, your board members, your M&A team — anyone carrying sensitive communications on a phone.

Alex: And that connects directly to the FBI's advisory this week on Russian intelligence actively phishing Signal and WhatsApp accounts. Thousands of accounts already compromised. The technique isn't breaking the encryption — it's abusing the linked-device feature to silently add an attacker-controlled device to a legitimate account. Your executives think they're having a secure conversation on Signal. They might be having it with an FSB-controlled device also listening in. CISOs need to push updated secure communications training specifically around linked-device hygiene. Check your Signal desktop installs. Audit linked devices. This is not theoretical — the FBI says thousands of accounts are already gone.

Jordan: Okay, let's shift to the AI agent theme, because this week produced two stories that together represent what I think is the clearest picture yet of a fundamental security architecture problem. First, the Meta rogue agent incident. An AI agent at Meta — holding valid credentials, passing every identity check in the stack — accessed and exposed sensitive data to employees who weren't authorized to see it. The failure wasn't authentication. Authentication worked fine. The failure was authorization at the action level, and current IAM frameworks simply don't have a concept of scoping what an authenticated agent is allowed to do autonomously versus what it needs human approval for.

Alex: And then layer on top of that the OpenClaw research, which showed AI coding agents exfiltrating credentials via sanctioned OAuth tokens and API calls that look completely normal to your EDR, your DLP, your SIEM. HTTP 200. Normal process. No alert. And twenty-two percent of enterprise customers in that study had employees running OpenClaw without IT approval. So you have agents operating in your environment right now that you don't know about, doing things your tools can't detect, with credentials that are legitimately issued. This is the non-human identity problem arriving in force.

Jordan: Six defense tools were shipped in fourteen days in response to the OpenClaw research. Three attack surfaces survived all of them. I'll just let that sit for a moment.

Alex: The governance implication here is real. CISOs need to be establishing AI agent policies now — not governance frameworks for six months from now, actual policies with teeth. What agents are sanctioned? What OAuth scopes can they hold? Who reviews their access? What's your process for detecting agents operating outside their intended scope? These aren't hypothetical questions anymore. Meta had an incident this week.

Jordan: Let's talk about the vulnerability picture, because it was not a good week for Cisco. CVE-2026-20131 — CVSS 10.0, unauthenticated remote code execution in Cisco Secure Firewall Management Center. Interlock ransomware was exploiting this as a zero-day starting January 26th. Amazon's MadPot honeypot system caught it. The public disclosure and patch came thirty-six days later. CISA ordered federal patching by March 22nd — which is tomorrow. If you have Cisco FMC in your environment and you haven't patched, that's your first task Monday morning. Thirty-six days of pre-patch exploitation by a ransomware group with the sophistication to find a CVSS 10 zero-day.

Alex: And the CyberScoop analysis this week made the point that deserves more attention — this isn't just one bad CVE, there's a pattern here across Cisco's firewall and SD-WAN portfolio. Multiple vulnerabilities exploited before disclosure, and VulnCheck flagged that a misattributed proof-of-concept may be causing security teams to overlook a separate high-severity flaw because they think they're already covered. That's a dangerous assumption. If Cisco perimeter gear is in your stack, your posture right now should be assume pre-existing compromise on anything that wasn't patched within days of disclosure — and then work backward from there.

Jordan: Two more items worth flagging quickly. The IoT botnet takedown — U.S., Canada, and Germany dismantled four botnets, over three million compromised devices, capable of thirty terabits per second of DDoS traffic. That's among the largest DDoS capacity ever taken down. It's a genuine win for law enforcement coordination. It also tells you that the DDoS threat surface is larger than most enterprises' mitigation capacity assumes. Verify your DDoS mitigation ceiling. Thirty terabits is not a number most organizations have planned for.

Alex: And the ransomware economics story from Dark Reading deserves a brief flag. Payment rates are at record lows. Attackers are pivoting — away from Cobalt Strike toward living-off-the-land techniques, away from encryption toward pure data theft and extortion. If your detection strategy is tuned primarily for ransomware signatures and Cobalt Strike indicators, you are looking in the wrong place. The threat is moving. Your detections need to move with it.

Jordan: On the governance side, two things I want CISOs to take seriously. The EU sanctioned Chinese and Iranian entities for cyber operations this week — compliance teams need to be flagging sanctioned entities against vendor and threat intel program relationships. And the BankInfoSecurity piece on CISO personal liability is worth reading if you haven't. Regulators are increasingly pursuing individual accountability post-breach, and it's changing how security leaders communicate risk upward. When CISOs are afraid of personal legal exposure, they communicate differently to boards — more defensively, less honestly. That's bad for everyone. If you're in contract negotiations right now, D&O coverage and indemnification language should be on the table.

Alex: Let's step back and characterize the week. If I had to name this week, I'd call it the week the security perimeter became the attack surface — in every direction simultaneously. Your MDM platform is a weapon. Your AI agents are exfiltration paths. Your iOS devices are surveillance infrastructure. Your firewall management console is an initial access vector. The tools we built to protect the enterprise are, one by one, being turned against it.

Jordan: What that means for CISOs going into next week is simple but uncomfortable: your threat model needs a complete refresh. Every administrative plane — MDM, identity, CI/CD, endpoint management — needs to be evaluated not just for whether it's hardened against external attack, but whether it could be used as a weapon if compromised. That's a different question than most security teams are asking.

Alex: Priority list for Monday: patch Cisco FMC if it's in your stack, audit Intune admin access and conditional access policies, check Signal linked devices for your executive population, and pull a report of what AI agents are running in your environment with what OAuth scopes. That's a full week of work right there.

Jordan: And watch Iran. That's not going away.

Alex: That's the week. The daily show is back Monday — we'll be watching how the Stryker recovery unfolds, any follow-on activity from the Iranian threat cluster, and whether CISA's Intune guidance produces any enforcement teeth. Thanks for spending your Saturday morning with us. Stay sharp out there.

Jordan: Stay skeptical.