Some stories need a closer, more controversial look.
Click for a Preview
- Today’s top stories – an AI experiment
- AI and the Verification Dilemma
- NaaS: A room full of elephants
- GenAI: Show me the intelligence
- National Public Data’s exposure of 3bn personal info items now holds the record. Privaterecords (MC2) is a close 2nd.
- Crowdstrike /Microsoft: The biggest IT disaster of all time? Estimated at a cost of $5.4bn.
- Did AT&T open Pandora’s Box?
- NIST’s Cybersecurity Framework has been lauded. We explain why we have a very different view to others about this.
- How and why the Securities and Exchange Commission is attempting to bring accountability globally
- The now infamous breach of the MGM hotel chain shows what happens when you don’t implement holistic cybersecurity.
This page covers news, lessons learned from the top stories of the 8000+ reported each month. Keeping it down to less than 10 is a challenge.
Click here to subscribe to our news update service delivered via email. The item numbering begins January 1st.
| Jan 2026 | Headline | News: Updated January 1st |
| #01 | Open Source Risks | Since covering the major breaks in open source code recently, informal discussions with practitioners agreed there not be a solution. Last week the issue was raised in government circles finally but it is a significnt problem since most software uses open source code of some kind without even understanding it. |
| Dec 2025 | Headline | News: Updated December 23rd |
| #080 | Christmas Cheer | SentinalOne’s weekly Good the Bad and the Ugly starts each article with a piece on the good news in cybersecurity. We don’t usually comment on these stories but this week saw 3500 arrests and confiscation of a staggering $300 million in illegal extraction of funds from visctims in the massive Operation HAECHI IV. The half-year long operation was lead by South Korea working with 34 countries. |
| #079 | Just when you thought it was safe to develop your own software | Today’s AI helps you generate your own code so you can learn as you develop your own code. Deep Seek the Chinese AI Agent is really good at that though I’m too smart to actually use this suspicious agent. The rest are, however, completely safe (until they have a Zero Day – ed!). OK so I use Visual Studio and happily use some of the thousands of plugins from Nuget. These are in NPM – the package management repository for JavaScript, NuGet the repository for the .NET ecosystem used by Visual Studio and PyPi which collectively account for 90% of free open-source plugins that save hours, days or months of writing specialist code. But wait, aren’t these the same open-source code that are polluted with malware that we heard were the subject of massive breaches earlier in the year. the same open-source code that is in almost every software product you can buy and used by every software company without inspecting the code. So much for Never Trust Always Verify. Other than pulling the sheets over your head until the problem goes away, it is important to press suppliers and be diligent yourself to examine the code you are generating and using. (good grief!) |
| #078 | Christmas is coming | The threat actors are getting fat on ransomare – we know that. But for now, Christmas is disruption fun month! Key Vulnerabilities & Exploits: Critical flaws in React components are being heavily exploited for remote code execution. Fortinet Brute-Force: A global wave of attacks hit Fortinet SSL VPNs, with attackers then exploiting FortiManager. (Will the security software folkds ever learn?) China-Nexus Actors: Deploying new malware (Brickstorm) and using AI for automated espionage, targeting US entities. |
| #077 | Hot Topic | The topic of reslience as a superset of cybersecuriity and the overarching way to keeping organizations running when inevitably hit with attacks is taking a lead role in creating a methodologies and approaches. This was underscored by industry leaers in this week’s CSA 2025 Zero Trust event and captured in the article below. |
| #076 | Strengthening the Organization | Our latest development is about changing the attitudes to cybersecurity and resilience of organizations. Our latest article has just been published by ISE Magazine. You can also follow the developments here at https://cybyr.com/strengthening as we explore the power of language to effect change across the organization. |
| #075 | First it was Github now it’s npm-packages | An npm-package poisoning worm is a self-replicating malware that infects the Node Package Manager (npm) software ecosystem, primarily by compromising legitimate developer accounts and automatically injecting malicious code into the packages they maintain. The latest: the Shai-hulud self-replicating worm’s dangerous new variant is burrowing into new territories in its latest attack, flaunting features that threaten not only the npm code repository, but also GitHub and the cloud ecosystem — and to boot, it features new wiper functionality. More on this story from DarkReading. This type of supply chain attack exploits the inherent trust in open-source software to spread autonomously across numerous projects and organizations. Oh, and the npm manager curates more than two million software packages usin sofware around the world. |
| Nov 2025 | Headline | News |
| #074 | Happy Thanksgiving | Yes it time to tuck in to that thanksgiving turkey with all the trimmings. Oh, and while you are celebrating, know that all your favorite threat actors will be celebrating too by tucking into your data, looking to see how much funds you have to pay for their ransomware extraction. Those working in Critical Infrastructure organizations should be aware that your adversaries know that you will be short-staffed during the extended break. So when you return, you may find a pile of steaming …..! Oh and those adversaries maybe on vacation too because their attacks are already planted and programmed to start just as you slice your pumpkin pie. Enjoy! |
| #073 | Cloudflare Disruption | Today’s Cloudflare outage looks like a massive Distributed Denial of Service attack that took down masses of Internet sites, etc. A developing story. |
| #072 | Sorry to hear that, so sad. | That email from a friend saying someone you know well has been killed outside their front door – giving details sent by their husband. So sad. You can find out more by clicking the link to Google Gemini. BUT WAIT! !! What is this??.. Yes it’s phishing attack. The link looks legit ad the details seem to be only what an insider would know. Unfortunately, this is malware embedded in a Google Gemini link or LLM intrusion that could steal who knows what information and then remove the malware it installed on your device and then be gone. I “discussed” with Gemini, who said there is no validation of any lnks to their system so cannot give any validity to safety of any pages stored in their systems. that seems a disaster. an exercise in ngligence. Lesson to be learned: Hovver Don’t Click or Tap any linkt to a gemini page!! Good Grief! |
| #071 | Ransomware Month? | Ransomware and AI attacks continue their rise with global manufacturing and local governments reporting increases in breaches. A number of these stories are covered in this mid-month summary on our Blog Page. |
| #070 | Crowdstrike – Insights | The new Crowdstrike Global Threat Report paints a surprising picture: 79% of all detected attacks are malware-free using valid credentials, social engineering remote management tools, etc., to breach ecosystems without generating classic alerts. Deeper ATP and other penetration attacks begin within 48 minutes on average and 51 seconds at the fastest. There seems little ned to atck at midnight on a Sautrday night now (which is when the recent Nevada attacks occurred.) |
| #069 | Ransomware Month? | Ransomware and AI attacks continue their rise with global manufacturing and local governments reporting increases in breaches. A number of these stories are covered in this mid-month summary on our Blog Page. |
| #068 | Piling on | It’s no wonder that cybersecurity defenses are becoming stretched to breaking point. (1) Increasing attacks deeper into the business and critical infrastructure (2) increasingly complex and sophisticted threat types (3) impact of AI infiltrations are compounded by the impact on the defenders. CyberSirra’s article revealed just a few months ago the attrition of cybersecurity staff is unsurprisingly relentless. 50% will change jobs and 25% will quit! The high-pressure work environments, chronic understaffing, and a lack of organizational support and recognition contribute to a unappealing workplace. |
| Oct 2025 | Headline | News |
| #067 | It’s getting Personal | Whether your in a large, medium or very small organization you can be affecting by these nasty issues. 1. Paypal was hacked 2. 700 Qilin Ransomware as a Service attacks focused on Notepad and Paint.ex corruption targeting unapproved corporate devices and is proving a source of increasing concern. 3 Customers seeaking refunds from hotels.com seeking refunds had the reqursts intercepted by threat actors obtaining personal information in order to commit fraud. |
| #066 | Infrastructure under attack | In terms of impact on users, the network devices and software are key targets. For the average user, the continual verification of the supply chain is out of reach, just as is basic OS software, security software and key applications. Automatic updates as a best practice is vital but can be flawed too. This week it’s F5 ‘s turn to have it’s software that provides security to be stolen from a state-sponsored actor and a critical vulnerability affecting over 73,000 WatchGuard Firebox devices. Given the resources available it puts deployed systems at risk when highly-resourced threat actors discover loopholes. Lesson to be learned? Tricky since holding any hardware or software vendor (particularly major vendors) legally liable for breaches caused by their hardware or software products many not be possible. Definitely worth a discussion with your legal and contracts people/department. An update on last month’s Jaguar/Landrover attack is a report saying that the final cost was in the order of $5bn! |
| #065 | Doesn’t this just drive you crazy? … | Every time I get a docusign email about something I need to sign, I seem to get a deluge of emails that look like they’ve come from Docusign but are phishing attacks. Now to make matters worse a new phishing kit called “MatrixPDF” turns PDF’s into malware. Tips to avoid. May not be free but (1) isable JavaScript in your PDF reader, (2) don’t open PDF’s from unknown or suspicious senders (aren’t they all?) , or scan before opening using a virus scalnner. On reflection maybe just don’t open any PDFs!! |
| #064 | Here’s the good news … | With breaches to Quantas and 40 other companies via and attack on Salesforce database, widespread attacks on Oracle’s EBS suite, Sonic Wall’s firewalls configurations, Simonmed’s theft of 1.2 million people’s data including 200GB of medical imaging data, a new Zero Day privilege escalation on windows, 70,000 Discord users and all linkedin users logins stolen and … (ok that’s enough – ed. So where is the good news?) . Oh yes, since every human’s data is now on the dark web there is nothing left to steal. Good grief! Lesson to be learned: Never use the dreaded Google or Facebook login tor your ID will reused on every bank account and financial site’s login you own. |
| #063 | Government shutdown cripples CISA | With the government shutdown furloughing most of the staff at CISA and the expiry of CISA 2015 legal protection, the US cybersecurity defense is left exposed to all manner of attacks on critical infrstructure and the fabric of US society. This is at a time of increasing ransomware attacks, sophisticiated Agentic AI attacks (see #62 below) and failures with antiphising training reported by an MIT study. The new phrase seems to be “What could possibly (NOT) go wrong?” Good grief! Update: as the RIFs get under way it seems that CISA staff are also being relocated to homland security to bolster the anti-imigration initiative, making matters worse. |
| #062 | Agentic AI Ransomware Threats | Two Keynotes at the Black Hat conference warned of overlooking hidden ransomware threats that are emerging, buried in Agentic AI attacks. What makes this article from MSSP Alert stand out from the other 834 stories in the last few days was the description of how such attacks can bypass existing defenses such as current End Point Response software, SIEMs, firewalls etc., presumably by automating the RaaS process at overwhelming speed. This makes our piece on Assume Breach even more important as it nullifies such attacks as they traverse the ecosystem. However, it also indicates as the article says: “Wait until the payload is deploying, and you are already in the red.” It should be pointed out that the article was sponsored by a company called Halcyon but the alert still seems valid. |
See Breaking News – January to September 2025 and earlier