Some stories need a closer, more controversial look.
Click for a Preview
- Today’s top stories – an AI experiment
- AI and the Verification Dilemma
- NaaS: A room full of elephants
- GenAI: Show me the intelligence
- National Public Data’s exposure of 3bn personal info items now holds the record. Privaterecords (MC2) is a close 2nd.
- Crowdstrike /Microsoft: The biggest IT disaster of all time? Estimated at a cost of $5.4bn.
- Did AT&T open Pandora’s Box?
- NIST’s Cybersecurity Framework has been lauded. We explain why we have a very different view to others about this.
- How and why the Securities and Exchange Commission is attempting to bring accountability globally
- The now infamous breach of the MGM hotel chain shows what happens when you don’t implement holistic cybersecurity.
This page covers news, lessons learned from the top stories of the 8000+ reported each month. Keeping it down to less than 10 is a challenge.
Click here to subscribe to our news update service delivered via email. The item numbering begins January 1st.
| Oct 2025 | Headline | News: Updated Octoner 1st |
| #062 | Agentic AI Ransomware Threats | Two Keynotes at the Black Hat conference warned of overlooking hidden ransomware threats that are emerging, buried in Agentic AI attacks. What makes this article from MSSP Alert stand out from the other 834 stories in the last few days was the description of how such attacks can bypass existing defenses such as current End Point Response software, SIEMs, firewalls etc., presumably by automating the RaaS process at overwhelmin speed. This makes our piece on Assume Breach even more important as it nullifies such attacks as they traverse the ecosystem. However, it also indicates as the article says: “Wait until the payload is deploying, and you are already in the red.” It should be pointed out that the article was sponsored by a company called Halcyon but the alert still seems valid. |
| Sep 2025 | Headline | News: |
| #061 | Critical Infrastructure remains the top target. | The first story in this month’s list covered the breadth of attacks. However at the top list, Critical Infrastructure continues to be the top target worldwide with Healthcare getting most attention. Here are a list of other areas that have made the headlines in just a few days in mid-September:
|
| #060 | What? Another Open-source Exploit? | This seems not to be a repeat of the story below even though it involves corruption of GitHub repositories some of which are mentioned below. SentinelOne’s weekly report featured a supply chain attack known as Ghost Action exposing 3,300 “secrets” (it does not define that term) across 573 Github repositories. |
| #059 | Was/is this the biggest cybersecurity breach – ever? | Let’s start with the numbers. If two billion downloads PER WEEK of software infected with malware has your attention the next questions after “What? Say that again!” might be: 1. What software? 2. What damage does it cause? 3. Am I infected? 4. Has it been fixed? 5. How could this possibly be true?” Here’s the story. For the last 20+ years, small open-source public code “Packages” have been downloaded typically from GitHub and included in thousands of software apps. Nobody thinks twice about them – or likely even the developers don’t know about them, since there are nested dependencies with one package being used by a thousand+ other packages usually blindly without continually verifying – as Zero Trust teaches us. How did the infections occur? A new phishing attack caught out a number of developers and maintainers of such open-source code. Oh, and this was not just one package or one victim. This happened to eighteen packages before it was detected! It’s difficult to say how long the impact will be felt. The lessons to be learned. 1. Never trust, always verify. 2. Supply chains are a perilous and recursive part of our lives. Big thanks to Steve Gibson of Security Now whose podcast brought this to our attention. |
| #058 | The Road to More Reliable AI Communications | OpenAI has written a blog and published a paper admitting that LLM “hallucinations” —providing false answers as the truth — are not random bugs but the result of misaligned incentives (which is double-speak for poor coding). Models have been rewarded for sounding correct, not for admitting uncertainty (more double-speak for questionable marketing). This has had AI agents to guess even when unsure (double-speak for not having sufficient context and taking a trial-and-error approach). Larger models only make it worse, presenting errors more persuasively, which has wasted millions of human hours and eroded trust. OpenAI has now acknowledged what many suspected: it has not delivered on its promise. Here’s the shift: OpenAI and others are trying to reward truthfulness and uncertainty — letting models abstain, use retrieval tools for fact-checking, and add confidence scores. They claim this will sharply cut hallucinations. But they miss the bigger point: when there’s uncertainty, AI should ask users for more context. My experience is that dialogue, not guessing, is what eliminates false assumptions. It’s the human’s responsibility to make this happen by asking better, more complete questions. OpenAI takeaway: “Realigning incentives could turn AI from persuasive guessers into trustworthy reasoning tools.” Personally, I can’t wait. |
| #057 | Slow burn | This is a growing story regarding the impact of AI on the future of the Internet. Several factors at work. Public AI agents scour the Internet gathering information to populate its LLMs. Given that uses are increasingly replacing Google search with asking AI agents for information and advice etc., rather than going directly or via search to the actual web site. This has caused visits to actual sites to drastically reduce corresponding product and service sales, making their Internet presense much reduced. Social media does not help since AI has infiltrated these sites together with fake dialogs etc. Sites have attempted to respond by trying to exclude AI searches of their web site. If this works then AI becomes less useful. We shall see how this progresses |
| #056 | But wait, there’s a twist – or two! | It had to happen; we all knew it. A week ago, Slovakian-based IT security software and services company ESET, claims to have “uncovered a new type of ransomware” leveraging GenAI, named PromptLock that generates malicious scripts. Acting autonomously, PromptLock decides which files to search, copy, or encrypt using APIs to access a locally installed AI agent. Click here for the full story. But wait, there’s another twist. Hasn’t this published research created a free blueprint for hackers to copy or develop something similar – or add to what they were already developing? If that is so then it all sounds like a serious mistake that the US taxpayer just funded. (Good grief!). Oh, and I am sending some paper towels to ESET so that they can wipe the egg off their face. |
| #055 | Attack, Attack, Attack | The alarming trend seen across the latest stories on cybersecurity is attacks on the fabric of society. No longer are selected high profile targets such as large enterprises, healthcare insurance companies, and software companies being targeted. The latest collection of alarms and warnings describe wholesale attacks on state and municipal government disruptions large and small, on all of the sixteen areas of critical infrastructure with financial and healthcare institutions being leading targets. A year ago, the message was for all organizations was that “we are at war.” Now it seems that the enemy has landed in your community at a time when government security agencies are being disrupted and politicized. |
| Aug 2025 | Headline | News |
| #054 | Using AI to scale challenging tasks. | In the last week, the good news is that out of the 2,000 or so stories reported, there have been no earth-shattering stories that have crashed systems, given away a billion IDs or grounded aircraft. There was one intersting twist in Quishing attacks – fake versions of QR codes that are everywhere This attack splits the fake QR code over a real one that was legitimate then takes the user to an adversery in the middle site. The other interesting story that mirrors my own experience of looking for key factors for measuring and reducing risk of basic issues rather than spending hours evaluating new threats. The two stories below and the development of my Expert-Guided AI software aligns with the article from SDC (Supply and Demand Chain Executive Web site entitled “Six Ways to End Reactive Cybersecurity.” |
| #054 | Using AI to scale challenging tasks. | In the last week, the good news is that out of the 2,000 or so stories reported, there have been no earth-shattering stories that have crashed systems, given away a billion IDs or grounded aircraft. There was one intersting twist in Quishing attacks – fake versions of QR codes that are everywhere This attack splits the fake QR code over a real one that was legitimate then takes the user to an adversery in the middle site. The other interesting story that mirrors my own experience of looking for key factors for measuring and reducing risk of basic issues rather than spending hours evaluating new threats. The two stories below and the development of my Expert-Guided AI software aligns with the article from SDC (Supply and Demand Chain Executive Web site entitled “Six Ways to End Reactive Cybersecurity.” |
| #053 | This week in cybersecurity. | As a matter of record, I created a technique to use AI to filter 1300-1500 stories down to a top 10 list each week. Please see the list on my blog. If any stand out as critical they will be discussed on this page. |
| #052 | Using AI to scale challenging tasks. | I ran an interesting experiment to identify the top AI stories in the last week. The one that stood for me was the use of a technique called DLL sideloading (see Cyberpedia) to install malware in legitimate software. The real story is how I used Google Alerts, MS Office and AI, to achieve the result. A full description of how I distilled 1500+ stories down to a shortlist of 10 with just 2 mouse clicks(!) is described in the latest posting on my blog. |
| #051 | Are we watching the AI bubble starting to burst? | Last month, I wrote a story about using various forms of Gen AI (e.g. ChatGPT) to combine human expertise and AI scalability. I didn’t pull many punches about AI’s limitations but wrote optimistically that the issues of incorrect information would get sorted out in due course. Last week’s release of ChatGPT-5 is making people think again. Touted by OpenAI as a PHD level breakthrough, it is being pilloried as mistake-riddled and bug-ridden. The amusing but scary example of getting the names of half of the U.S. states as garbage words does not lend confidence to my use of it. Under pressure, OpenAI restored version 4o and users can now flip between 4 and 5. I agree with some of the criticisms but there may be some useful aspects. However, my use of GenAI is lessening. Its use to develop the processes that I need but don’t understand is getting increasingly fraught – basically not working. I’m faced with wasting masses of my time or using expensive outside help. Even the process described in #52 above was fraught with incorrect code and the usual deluge of useless unasked for information. Luckily, I was able to figure it out for myself. Some are saying that we are getting to a turning point as the criticism mounts. My recent article quoted Copilot. It stated: “There is a gap between what I say I can deliver and what I can actually deliver.” The bubble may be bursting for these overhyped and overpriced AI companies. I hope not because on balance it has helped me considerably. |
| #050 | Zero Day attacks don’t stop. | A large scale Ransomware attack on Sonic Wall’s Firewalls – products that are designed to help prevent such attacks – was widely reported by Cyberscoop and others as attributed to Akira and resulted in 20 end-user organizations (perhaps more) being impacted. This Zero Day attack is an example of the increasing determination of threat actors to probe for known vulnerabilities. |
| #049 | Using AI to scale challenging tasks. | The World Economic Forum reported that the UK government plans to ban public sector organizations from paying ransoms to cyber criminals following ransomware attacks. The move aims to reduce incentives for hackers and protect critical public services from disruption, Reuters reports. Under the planned rules, public bodies would be prohibited from making ransom payments, and compliance would be enforced through audits and penalties. Also, private firms would need to inform the authorities if they planned to pay ransoms. It’s not clear exactly what “public sectors” actually means here or what happens if organizations, private fimes or publicly traded multi-mationals felt compelled to pay ransomeware because the alternative is wores. Nor does it sy what the penalties would be for disobeying the rules. Like the SEC regulations in the U.S., this all sounds like political posturing. We shall see. |
| #048 | AI and Cybersecurity latest concerns and advances. | State-Sponsored attacks are using AI to automate their criminal efforts. The CrowdStrike just-published report says: threat actors use AI to conduct reconnaissance to understand the exploitation value of vulnerabilities to produce phishing attacks, draft résumés, manage job applications and conceal their identities during video interviews an generally improve their tools. On the other hand, Microsoft says it has created an advanced AI system (named Project Ire) that can reverse-engineer and identify malicious software on its own, without human assistance. Unsurprisingly, they do not yet make it clear when and how all of its functionality will be deployed but it appears that it will be included in Microsoft Defender as a key part of this work. The confidence of successful AI implementation of is covered in an interesting article that impacts concerns regarding the reliable management of data impacting the implementation of Resilience and Zero Trust protection of data, software and devices. |
| #047 | This is why AI is the #1 concern. in cybersecurity. | The discovery that shared ChatGPT chats were surfacing in Google search results, even ones with sensitive or private information (ouch!). This resulted in a quick fix by OpenAI to remove the “make public” toggle. I have no idea how they are doing this but OpenAI is working with search engines to “de-index” exposed chats. I took the advice to search for private conversations that I had with ChatGPT etc., to search for my conversations that I’d had – but fortunately found none. The news appeared in several news articles. Scroll down to item #4 in this link. |
| #046 | Unabated to the Security Quarterback? | August starts with the now usual trail of Ransomware stories, such as Chinese APTs targeting US Telecoms with SharePoint exploits, record Ransomware payments kept quiet for a year, AI hacks such as new one known as “Man-in-the-Prompt” attacks, etc., the FBI warning of evolving Social Engineering attacks by the Scattered Spider, gang etc. Overall, it does appear that the threats continue to evolve and grow in impact. It all sounds like a busy summer for CSOs. |
| July 2025 | Headline | News |
| #045 | Wait, Is this the death nell for Quantum Computing!? | A jaw-dropping section of Security Now program this week, discussed a paper reveaing that much of the progress in the world of Quantum Computing has been revealed as fake! Just like the “King’s New clothes” it seems that everyone has believed the “research” being done is based on work that was frankly nothing but contrived evidence. This is described in a technical paper by cybersecurity and cryptograhy experts Peter Gutmann and Stephan Neuhaus in a technical paper entitled: “Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog.” The Dog? Training the dog to bark 3 times is one of the proof points of how fake it is. While being unqualifitied to comment on this technical work, Steve Gibson is qualified. If this is true, then the world is safe from Quantum Comuting destroying Internet protocols for a very long time. (Good grief!) |
| #044 | My News | My New Proactive, Expert-Guided AI software was launched this week on this site and in my latest ISE Magazine article. My new approach to AI is not just informative, it’s transformative – a result of blending the strengths of Generative AI with the human ability to ask questions. AI doesn’t create anything like this or ask “why” questions, whereas humans can’t ask questions about what they don’t know that they don’t know. It also leverages my first development of AI software from decades ago. Anyway, the journey, the analysis and all the details begin right here. |
| #043 | Attack Surface in Critical Infrastructure | This article on high levels of ransomware risk in Canadain Metalwork companies and the rapid increase in Ransomware as a Service threats highlights the dangers of those large organizations with a highly distributed ecosystem and wider array of supply chains. The bigger they are it seems the easier they fall. It also highlights the huge advantage of detecting Ransomware with a Zero Trust approach in the connecting networks as I covered in my last published story on Assume Breach. The article comes a few days after CISA and several other US agencies issued a new warning on the threats on US Criticial Infrastructure systems by Iranian attackers |
| #042 | It’s like trying to trap water in a sieve. | The infrastructure of the government-led cybersecurity initiatives is in disarray according to investigation by Security Now. The partnership between the critical infrastructure industry seems broken with the The Department of Homeland Security’s elimination of the Critical Infrastructure Partnership Advisory Council (CIPAC) framework in March. This has been the most seismic disruption for those in the CI industries and from what remains of CISA. That’s just one example. The effect on preventing cyber attacks on the US private sector that was previously so well handled by CISA is as my headline states. |
| #041 | If You Can’t Beat ‘Em, Join ‘Em. | DOJ Cracks Down on North Korean “IT Workers” Scheme U.S. authorities seized ~200 laptops and dozens of bank accounts linked to North Korean operatives posing as remote IT workers in a broad scheme targeting nearly 100 U.S. companies—including defense contractors—and funneling funds into the regime’s weapons program. The operation exploited stolen identities and even used AI tools to pass technical interviews. A U.S. citizen was arrested, and a $5 million reward is being offered for further intelligence. There are many earlier stories and about N. Koreans imitating U.S. Citizens and then working remotely for US security companies while in N. Korea. |
| June 2025 | Headline | News: |
| #040 | A few stories to end the month | FBI: Scattered Spider targets aviation sector: Business Insider Norwegian dam industrial-control breach. diesec.comwired.com. Citrix NetScaler “CitrixBleed 2” zero‑day exploited.securityweek.com Critical Cisco ISE vulnerabilities allow RCE securityweek.com. ICE rolls out facial-recognition biometrics on phones. wired.comwired.com. UK businesses report surge in cyber-attacks theguardian.com. Iran’s cyber capabilities overstated. thetimes.co.ukthe-sun.com. |
| #039 | The horse has bolted | I was on a call regarding the opting in or out of sharing information. There was much discusion but it allseems irrelevant.That horse has surely bolted with the news from Cybernews of the theft of 16 billion passwords exposed in record-breaking data breach impacting logins to Google, Apple Facebook and many more. If you just changed all your passwords it looks like its time to do it again. Good Grief! |
| #038 | The three monkey syndrome hits the Telcos | Salt Typhoon may or may not have infiltrated into at least Comcast and Digital Reality (owning 300+ data centers hosting most countries of the world). CISA has identified many vulnerabilities within the many telco infrastructures. Salt Typhoon is believed to be the worst-ever state-sponsored malware in history and is still likely to be present and accessing all call and text messages. This implies that the security of all these systems are in themselves insecure. Yes, the bombs from China may only consist of Ones and Zeros but yes, it’s war. Employees of the companies concerned have been instructed not to look for evidence of these hacks presumably because if found they would have to declare the issue and the companies would likely be held liable. Hence the title of this feature of Hear No evil, see no evil, speak no evil. (Good grief!) I am so not shocked by all of this given the almost impossible task of getting Zero Trust attributes to be implemented in Telco and MSP systems. |
| #037 | … and when she got there, the shelves were bare. | Many sources (e.g. Forbes) covered the impact of the June 5th cyberattack that “forced United Natural Foods Inc., the primary distributor for Whole Foods Market, to shut down its systems and halt deliveries to more than 30,000 grocery stores across North America. – a direct hit to the digital backbone of the food supply chain.” Although the nature of the attack has not been publicly revealed what it indicates is an inadequate or untested Resiliency Plan. Easier said than done, of course. Yes there is new legislation – “The Farm and Food Cybersecurity Act of 2025 (link to article) but these are often out of touch: “biennial Risk assesment” and “Annual simulation excercises” (Really, hasn’t any of these people heard of Zero Trust and continual monitoring?!) However, every nation relies on food reaching consumers so this cannot happen. The scary part is that this might just be a threat actor testing things out!!! Two weeks later the problems are not reconciled and there is no (public at least) indication of the cause. This may be truly complicated and related to the story above if it’s something in the service provider supply chain. The issue remains: presumably the resilience plan either did not evisage the issue, or the systems were not designed in at the development stage (no DevSecOps based on Zero Trust) or did not simulate recovery from such a problem. |
| #036 | Copilot info ripped | It had to come. Microsoft 365 Copilot has had sensitive information without requiring any user action, interaction, or awareness. Although Microsoft say that it has been patched, we don’t how long this had been in play. A Tracked as CVE-2025-32711 with a CVSS score of 9.3 was added to the list. I guess it had to happen sooner or later but it doesn’t have to be this way. |
| #035 | New Malware Threats Embedded in Image Files. | Back in April 2023 we reported on malware embedded in mp4 image files and what to do about them. This time it’s the turn of Scalable Vector Graphics (SVG) files to be in the spotlight. SVG files even have a mechanism as part of the protocol to embed self-executing Javascript code, so all the threat actors need to do is read the manual. Less frequently used compared to .jpg or .png files these can sit in am email just waiting to be clicked. There are some fixes available the watch word is “hover don’t click” Thanks to Steve Gibson’s Security Now Podcast for this information. |
| #034 | U.S Cybersecurity | Even skipping the political rhetoric, adversaries must be loving the uncertainty and turmoil happening in critical government security circles. Reports from CybersecurityDive – “Trump scraps Biden software security, AI, post-quantum encryption efforts in new executive order.” are typical but maybe another from the same source “Trump’s cyber nominees gain broad industry support” is more hopeful. We will have to read carefully to see if the critical element of holding companies accountable for lack of best security practices still persist? |
| #033 | Cloudy with a chance of hacking. | The annual and somewhat strangely named Pwn2Own (Pwn means hack) event in Germany revealed some sobering thoughts for those who are cloud-centric. The live competition by white hackers on the current systems with the latest updates installed revealed many vulnerabilities in VMWare, Nvidia, Docker and Linux systems. Win 11 and Firefox were not immune either. Scary though this may be, the value is that all of these effective Zero Day exploits will become future patches to the systems. Some sooner than others. |
| #032 | AI Fear Therapy. | As follow-on from the story below about AI being the top concern in Cybersecurity. I’m not sure that this qualifies as news but Cigna healthcare came up with: “Change the people or change the people.” |
| #031 | It, looks like the U.S. governments Hackathon is continuing. | Cybersecurity Dive and others report that the 2000 (about 2/3rds) of CISA’s full time staff will be retained. Contractos whose contracts were ended, have gone too. Given that they were presumably smart people in demand, my wishful thinking is that they will be spreading their knowledge in the community and commercial organizations and may form collaborative group. |
| #030 | The Breach Goes on. | June Gloom (a Los Angeles expression) has arrived with breaches reported at LexisNexis, affecting 364,000, Russian hackers buying passwords from cybercriminals, ransomware attacks on Nova Scotia Power, impacting 280,000, NSpresso Greek customers and many more. It’s an early June reminder that the problem is not going way. Update: the FBI raised the awareness of potential Play Ransomware attacks on 900 organizations using SimpleHelp. Analysts from Forescout say that 35,000 solar power systems connected to the Internet are at risk. The list is endless. |
| May 2025 | Headline | News: |
| #029 | AI is now the biggest Threat. | “AI Surpasses Ransomware as Top Cybersecurity Concern in 2025!” A landmark shift where AI—not ransomware—is now considered the foremost cybersecurity concern. This reflects growing fears over deepfakes, autonomous threats, and the misuse of generative AI. Artic Wolf’s new state of cybersecurity report available on their web site, shows that the concern of security leaders was neither malware or ransomware (that came 2nd by some margin) but Large Language Models and the associated privacy concerns. Given the emotional impact of AI and the”fear of the unknown,” perhaps its not such a surprising finding! It is less surprising that credential/ID theft, Cloud access misconfiguration, social engineering, insider threats, phishing and email comprise fill the rest of the list. The excellent report has a regional and global persepective. |
| #028 | May 12 Analysis | There were over 250 alerts today. Here we used AI to examine the top 6. See our In-depth analysis of:
|
| #027 | Reducing Ransomware Risks | The MEF.net has published a new blog authored by Cybryr.com on the MEF.net web site aimed at service provider members. It’s intention is to show how them how to drastically reduce the chances of ransomware for their customer clients by implementing MEF Zero Trust enabled services. |
| #026 | Alarm Bells Ringing | When an an attack begins with elevating its level of priviliege then blocks the ability of security software to update itself to fix the problem, then you know your in trouble. The sotfware concerned is SentinelOne’s Endpoint Detection and Response Software developed to detect and remove such attacks. This is a scary, if inevitable, new trend. Bleeping Computer has the full story entititled: New “Bring Your Own Installer” EDR bypass used in ransomware attack. |
| #025 | Tough Times Ahead for CISA | Reports in Cyberscoop say that the current U.S. admiistraion is about to 17% of the CISA workforce in 2026. Considering that they have done a better job than anyone else in protecting the everyone – not just in the U.S. – perhaps it won’t happen. |
| #024 | AI and Cybersecurity State of the Art. | So many new Phishing and US Government turmoil-related stories in play at the beginning of the month but on a more productive note, this ISMG interview at CSA 2025 with Nadir Izrael of Armis gives interesting insights into the power struggle between nation-state attackers and security systems both developing Agentic AI solutions that cover the scale and scope ofthe issue. Yes, it is a piece by a vendor but nice educational none-the-less. |
| April 2025 | Headline | News: |
| #024 | 2024 was a bad year for cybercrime | The FBI’s IC3 (Internet Crime Complaint Center) survey of cybercrime costs for 2024 was just published. Tradionally, this has been the definitive annual report for 25 years. The new report shows that last year, a staggering 860,000 complaints with losses of $16.6bn is one third more than 2023. A quarter of a million involved losses that averaged almost $30k! The highlights are also covered in this week’s SentinelOne article. |
| #023 | Sophisticated attacks | The latest sophisticated phishing attack using a complicated methodology is fooling Gmails security and causing problems. All the details are on this link. The idea of limiting coverage to 5 articles per month is becoming challenging with so many new kinds of phishing attacks in play. |
| #022 | Don’t worry, it won’t happen to us! | Four years ago it may have worked for small businesses to take a few defense steps to deflect attackers to softer targets. Today’s reality is born out by systematic attacks on small businesses by mostly Russian-based Akira’s AI-powered AkiraBot. This was uncovered by SentinelLABS. Akribot has been used to spam over 400,000 small business websites since September 2024. So much for “we’re just a small company, it won’t happen to us!” |
| #021 | Now you see it, now you don’t, then you see it again! | In what has become the chaotic norm in 2025, CISA’s funded via MITRE’s CVE program – the most critically important source of cybersecurity threats and measure of their importance – looked like it hade been defunded by CISA. In a fast turnaround the funding was reinstated at least for the next 11 months as revealed by this article from Forbes. Disaster averted – at least until tomorrow (Good grief!). In a mid-April update, according to Cybersecurity Dive, CISA announced a major push to eliminate perhaps up to 1,300 jobs – though this number has not been confirmed. Reports have said that CISA apparently intends to shed up to 1,300 jobs but even that has been discounted. “The states should be responsible for security.” Sounds great. Get those states cybersecurity-savvy. However, there’s a big problem: there is a drastic shortage of expertise and no forum for collective actions, ideas and systems. (Good grief). |
| #020 | AI and Zero Trust: the Verification Dilemma | This is not a news item but in a way it could be more important. At last week’s DoD Zero Trust event, Dr Douglas Rose or Emerald One spoke of the “Verification Dilemma.” Since AI intelligence is based on uncertain information especially from complex system including supply chains, then “how can we verify that which we do not understand?” That is does that break Zero Trust’s “Always Verify” approach when attempting to implement AI and Zero Trust to any system? This is a big deal since “Never Trust, Always Verify” is a cornerstone of Zero Trust and the impact on the secure operation of every kind of system could be compromised. Oh dear. |
| #019 | Headless Chicken Syndrome. | What hat better way to defend the U.S. from cyberattacks than the inexplicable firing of General Timothy Haugh, the head of both the National Security Agency and U.S. Cyber Command? This happened a few days after he testified about the threats of cyberattacks from China. No reasons were given. |
| #018 | Setting a trap for Ransomware! | My new article “Assume Breach” is on the implementation of Zero Trust Frameworks developed by the MEF Forum and implemented in Service Provider networks to detect and remove APT attacks that enable ransomware. The reality is that almost every ransomware attack traverses the network, where it can be detected and disabled. The article was published in print last week in ISE magazize and online on April 1st. Link to the online article.. The expanded version is live here on this site at https://cybyr.com/assumebreach/. |
| May 2025 | Headline | News: |
| #029 | AI is now the biggest Threat. | “AI Surpasses Ransomware as Top Cybersecurity Concern in 2025!” A landmark shift where AI—not ransomware—is now considered the foremost cybersecurity concern. This reflects growing fears over deepfakes, autonomous threats, and the misuse of generative AI. Artic Wolf’s new state of cybersecurity report available on their web site, shows that the concern of security leaders was neither malware or ransomware (that came 2nd by some margin) but Large Language Models and the associated privacy concerns. Given the emotional impact of AI and the”fear of the unknown,” perhaps its not such a surprising finding! It is less surprising that credential/ID theft, Cloud access misconfiguration, social engineering, insider threats, phishing and email comprise fill the rest of the list. The excellent report has a regional and global persepective. |
| #028 | May 12 Analysis | There were over 250 alerts today. Here we used AI to examine the top 6. See our In-depth analysis of:
|
| #027 | Reducing Ransomware Risks | The MEF.net has published a new blog authored by Cybryr.com on the MEF.net web site aimed at service provider members. It’s intention is to show how them how to drastically reduce the chances of ransomware for their customer clients by implementing MEF Zero Trust enabled services. |
| #026 | Alarm Bells Ringing | When an an attack begins with elevating its level of priviliege then blocks the ability of security software to update itself to fix the problem, then you know your in trouble. The sotfware concerned is SentinelOne’s Endpoint Detection and Response Software developed to detect and remove such attacks. This is a scary, if inevitable, new trend. Bleeping Computer has the full story entititled: New “Bring Your Own Installer” EDR bypass used in ransomware attack. |
| #025 | Tough Times Ahead for CISA | Reports in Cyberscoop say that the current U.S. admiistraion is about to 17% of the CISA workforce in 2026. Considering that they have done a better job than anyone else in protecting the everyone – not just in the U.S. – perhaps it won’t happen. |
| #024 | AI and Cybersecurity State of the Art. | So many new Phishing and US Government turmoil-related stories in play at the beginning of the month but on a more productive note, this ISMG interview at CSA 2025 with Nadir Izrael of Armis gives interesting insights into the power struggle between nation-state attackers and security systems both developing Agentic AI solutions that cover the scale and scope ofthe issue. Yes, it is a piece by a vendor but nice educational none-the-less. |
| March 2025 | Headline | News: |
| #017 | When Open Source gets contaminated | The report showing that 23,000 Github were infiltrated with malware begs the question what other open-source software embedded in software products, app and web plugins, network and IoT system software, etc., have actually been checked for malware or sleeping code. This has been apparent since the 2023 Log4J attack but is it actually part of a DevSecOps regime across all technologies |
| #016 | Now, with every video file you convert you receive free malware! | FBI warns about fake file converters that embed malware in your videos. This latest scam offers video conversion that works really well …. except your converted file has malware embedded in it! Full story is covered here. |
| #015 | In case you thought there ware no new threats … | We have not covered most of the new threats discovered this year because there were just too many. Here’s just a few. PHP CGI is a method of running PHP scripts through the Common Gateway Interface (CGI) to handle HTTP requests. A vulnerability that has been around for 8 months has seen a lot of recent exploits use do generate Remote Code execution as part of the new all too familiar Advance Persistent Threat attack. These are being used to create persistence and Elevation of Privilege and so forth. another attack covered widely is vulnerabilities in Juniper Networks’ Junos OS MX routers to deploy custom backdoors. In case you thought there ware no new threats We have not covered most of the new threats doiscovered this year because there were just too many. Here’s just a few. PHP CGI is a method of running PHP scripts through the Common Gateway Interface (CGI) to handle HTTP requests. A vulnerability that has been around for 8 months has seen a lot of recent exploits use do generate Remote Code execution as part of the new all too familiar Advance Persistant Threat attack. These are being used to create preseistance and Elevation of Privilege and so forth. another attack covered widely is vulnerabilities in Juniper Networks’ Junos OS MX routers to deploy custom backdoors. The FBI’s warning about the Medusa Ransomware attack has been all over the news and the FBI has given guidance on how to circumvent it. |
| #014 | New Leadership at CISA | Sean Plankey has been appointed to lead the Cybersecurity and Infrastructure Security Agency. Plankey, who brings experience in cybersecurity and national security, previously held key roles at the Department of Energy and the National Security Council. The appointment is subject to congress approval. |
| #013 | Cuts in Government Cybersecurity | According to Yahoo News, the US government has cut the $10m funding of the Center for Internet Security a major defense against interference in elections. Similarly workers in CISA also defending from foreign intervention were also laid off. |
| #012 | Shocking Developments | Despite the dominations of Russian attacks on western organizations a new missive to the U.S. cybersecurity has stated the White House is reportedly dropping Russia from its list of threats to cybersecurity and is instead honing in on China, part of the administration’s apparent broader effort to curry favor and push for a peace deal that would end the country’s ongoing war in Ukraine. Link to the story |
| February 2025 | Headline | News: |
| #011 | Emails from me | Quick tip. When you receive many emails in your inbox from yourself with the “To:” headerhaving a bunch of random characters it becomes worrying and irritating. to get block them. Opeining (no clicking on links!) the email and looking at the file proprtoes likely reveals random IP addresses as the real source but you can set up a rule to block emails from yourself that do not come from yourself. |
| #010 | Department of Chaos | The idea that the way to better security is by removing the experts, exposing identities and appologizing if it all goes wrong is well under way. I will make no further comment other than to post this link by Cyberserscoop. Clue: the title of the piece is “Cybersecurity, government experts are aghast at security failures in DOGE takeover.” |
| #009 | Department of Leaks | Even for those of an apolitical disposition this takes the biscuit. When the ill-starred DOGE group has someone in their workforce who was fired by a cybersecurity company for leaking secrets, you know we are in for a long night. When you read this Gizmodo artcle you may wonder if the light at the end of the tunnel is and oncoming laser beam. |
| #008 | United we … | It’s many months since United Healthcare suffered the double blow of the CEO being murdered that followed the massive exfiltration of 100 million patients’ personal data. Now comes the revelation that it was actually 190 million patients who had their credentials stolen! This, in itself, undermines the trust we perhaps misplace in corporate institutions especially in healthcare where personal information can reveal personal vulnerabilities or just expose credential stuffing. What forced them to reveal this information so long after the event? Or was something newly discovered!? |
| #007 | AI Update | The advent of DeepSeek, the low cost Chines Generative AI project is already raising eyebrows bothe in the information being scraped and appears to have no security guardrails in terms of the kind of information being supplied and the use of information being gathered and used. You have been warned. |
| Note | Less Overwhelm | Last year this colum failed to stick to a maximum of 10 stories per month. This year it will be five. (We already missed that in January.) |
| January 2025 | Headline | News: |
| #006 | Trying to figure this one out… | One of our clients received a phone call (supposedly) from Wells Fargo related to a fraudulent event on his account. In a typical scam they were trying to have him move money into some spurious account. What was not normal is that they were able to list very recent transactions by number, amount and payee without my client giving any information. The call appeared to come from a Wells Fargo number. My client, who is very cautious, had the good sense to call Wells Fargo to check that it was genuine. It wasn’t, and they said there had been attacks in the past. My research shows that supposedly had an insider threat attack where an employee exposed the details of just two clients – but that happened many months ago. Apart from the obvious lesson of always call your bank back on a legitimate number, the question remains on how did this happen? Were Wells Fargo being entirely truthful on the extent of the attack? I won’t go into more detail here but I will update this if I find out more. |
| #005 | New Guidelines for Small Business … | A new guideline for implementing Zero Trust for small business was published this month by the Clous Security Alliance. It’s news (for me!) because I made significant contributions to this work over the last several months. Here’s the link. The work lead by Frank de Paolo, CISO of Enpro is part of the story. It followed work I published last year on the topic in ISE magazine. More on this site at cybyr.com/smb. |
| #004 | In other news … | The UK is about to ban the payment of ransomware by public infrastructure services. Full Report. A hacker group known as “Codefinger” has been able to use AWS encryption infrastructure to disable user data, seemingly with no possibility of restoration without payment of ransomware. Full Report. |
| #003 | Too much – Too late? | In the very the final days of the current presidency, a new executive order has been signed into law. It lays out 53 deadlines for the execution of initiatives covering AI, Quantum computing and various cyber-threats. See the full article from CyberScoop. Why so late when the publication was mooted 3 months ago? Speaking of new regimes, the cybersecurity community is holding its breath to see what new appointees might bring, disrupt, empower, mandate, will CISA be able to continue its good work, etc? |
| #002 | Vitamin C# | Having spent the last few weeks doing battle with migrating my AI Cybersecurity software to the memory safe language C#, it’s time to return the latest in the world of threats, ransomware and more. Speaking of Vitamin C# it’s hardly good for my health. The design of C# is to quote an old colleague, is “the kind of thinking that gives idiots a bad name.” It makes 30 year old Visual Basic look like a design for the future. Speaking of health, HIPPA regulations are getting a long overdue update. These include really obvious practices of mandating encryption, using MFA, incident response and more. A bit late for even the latest Ransomware hacks such as Rhode Island. Salt Typhoon has finally been flushed out of the top telco bodies, so not a bad start. This year will see a more rigorous filtering of stories down to about five or so per month instead of twelve from last year. |
| #001 | Being in the Now | For today only, Jan 1st, there’s no looking back on lessons learned or predicting 2025 just the “now.” For us, it’s assessing the status of our work, and taking a fresh look at reducing the stress with a manageable plan and achieving each step. Therefore, please look at our current informative work on the 10 layers of defense and our transformative Virtual CSO services. |
See Breaking News – Second Half of 2024