Daily Briefing
Morning Briefing — 22 March 2026
Today’s signal: Iran’s threat to close the Strait of Hormuz dominated the global risk landscape on Friday. Energy markets moved immediately. Separately, CISA added five actively exploited vulnerabilities to its KEV catalogue — three targeting Apple devices — with a 3 April patch deadline. Ransomware operations continued unabated, with five new victims across three continents.
Security & Defence
Iran threatens full Strait of Hormuz closure in response to US military posture
Iran’s Revolutionary Guard announced it would completely close the Strait of Hormuz to all shipping if the United States follows through on President Trump’s threats against Iranian energy infrastructure. The strait handles roughly 20% of global oil transit. Treasury Secretary Bessent stated the US has “plenty of funds” for a potential military engagement — a signal that Washington is not backing down.
Why it matters: A Hormuz closure — even a temporary one — would trigger immediate energy price spikes and force European utilities to activate strategic reserves. For critical infrastructure operators, this is a supply continuity scenario that requires contingency planning now, not after the first tanker is turned away.
CNBC (primary) · Reuters (primary)
Cyber & Vulnerabilities
CISA adds five actively exploited vulnerabilities — patch deadline 3 April
The US Cybersecurity and Infrastructure Security Agency added five vulnerabilities to its Known Exploited Vulnerabilities catalogue. All are confirmed under active exploitation in the wild:
- CVE-2025-32432 — Craft CMS remote code execution via code injection
- CVE-2025-54068 — Laravel Livewire unauthenticated code injection
- CVE-2025-43510 — Apple watchOS/iOS/macOS improper locking
- CVE-2025-43520 — Apple multi-platform kernel buffer overflow
- CVE-2025-31277 — Apple Safari/iOS/macOS buffer overflow
Why it matters: Three of five target Apple devices — unusual concentration. Organisations with BYOD policies or executive device fleets should prioritise these patches. The Craft CMS and Laravel vulnerabilities affect web-facing infrastructure and can be exploited without authentication.
CISA KEV Catalogue (official)
Ransomware: five new victims claimed across law, energy and media sectors
Multiple ransomware groups posted new victims on leak sites on 22 March. Notable targets include a major US law firm and a German battery manufacturer’s subsidiary — both in sectors GSL clients operate in:
- SilentRansomGroup — Phelps Dunbar (US law firm, 400+ attorneys)
- Qilin — Marc Dorcel (French media company)
- Payload — HOPPECKE Singapore (German battery manufacturer subsidiary)
- TheGentlemen — SATS Sports Club (Sweden) and PTT Philippines
Why it matters: HOPPECKE is a critical European battery and energy storage supplier. An attack on their Singapore subsidiary raises questions about lateral movement risk into European operations. Supply chain partners in the energy storage sector should verify their exposure.
Ransomware.live (osint)
53 sources scanned · 4 countries · 18:45 CET
Primary and official sources take precedence. State media is marked. This is an intelligence briefing, not editorial commentary. If a source is corrected, we publish an immediate update.