JWT Cracks, South American Telecom Breaches, and the Kinetic-Cyber Nexus in Iran

This week, the Dragon News Bytes team dives into a critical series of high-impact vulnerabilities and escalating geopolitical tensions. We start with a deep dive into the latest wave of JWT authentication bypasses before moving to the "Famous Sparrow" APT targeting South American telecommunications. The episode concludes with a sobering look at how Iranian cyber operations are morphing into kinetic strikes against regional infrastructure.

Topics & References:

• Part 1: The JWT "Golden Key" Vulnerability

• The team discusses a series of critical vulnerabilities in JSON Web Tokens (JWT) where public keys intended for encryption are being misused to gain full administrative access.

• Will Baxter highlights the persistence of these flaws since early 2025, culminating in a CVSS 10.0 "open access" scenario.
  

• Part 2: “Famous Sparrow” Operating in South America

• Will Thomas breaks down a new Cisco Talos report on the likely China-nexus threat actor group "Famous Sparrow".

• The group is targeting South American ISPs and telcos and is typically viewed as an initial access broker for China-nexus APTs.
  

• Part 3: The Kinetic Reality of Iranian Cyber Ops

• Eli Woodward discusses how Iran is launching purposeful kinetic strikes against AWS data centers in Bahrain and the UAE.

• This shows Iran is considering commercial facilities as legitimate military targets, with a focus on key infrastructure across the region.
  

Events & Community:

• NCAA March Madness Watch Party:  March 27th in Atlanta

• 🔗 to register: https://go.team-cymru.com/march-madness-atlanta-2026

• RISE Ireland (Dublin): April 14–15 at Stripe Dublin. 

• 🔗 to register: https://go.team-cymru.com/rise-ireland

Connect with Us:

• Follow us on LinkedIn: https://www.linkedin.com/company/team-cymru

• Subscribe to the Dragon News Bytes feed: https://www.team-cymru.com/dnb