This page covers news, lessons learned from the top stories of the 8000+ reported each month. Keeping it down to less than 10 is a challenge.
Click here to subscribe to our news update service delivered via email. The item numbering begins January 1st.
| July 2025 | Headline | News: Updated July 8th |
| #043 | Attack Surface in Critical Infrastructure | This article on high levels of ransomware risk in Canadain Metalwork companies and the rapid increase in Ransomware as a Service threats highlights the dangers of those large organizations with a highly distributed ecosystem and wider array of supply chains. The bigger they are it seems the easier they fall. It also highlights the huge advantage of detecting Ransomware with a Zero Trust approach in the connecting networks as I covered in my last published story on Assume Breach. The article comes a few days after CISA and several other US agencies issued a new warning on the threats on US Criticial Infrastructure systems by Iranian attackers |
| #042 | It’s like trying to trap water in a sieve. | The infrastructure of the government-led cybersecurity initiatives is in disarray according to investigation by Security Now. The partnership between the critical infrastructure industry seems broken with the The Department of Homeland Security’s elimination of the Critical Infrastructure Partnership Advisory Council (CIPAC) framework in March. This has been the most seismic disruption for those in the CI industries and from what remains of CISA. That’s just one example. The effect on preventing cyber attacks on the US private sector that was previously so well handled by CISA is as my headline states. |
| #041 | If You Can’t Beat ‘Em, Join ‘Em. | DOJ Cracks Down on North Korean “IT Workers” Scheme U.S. authorities seized ~200 laptops and dozens of bank accounts linked to North Korean operatives posing as remote IT workers in a broad scheme targeting nearly 100 U.S. companies—including defense contractors—and funneling funds into the regime’s weapons program. The operation exploited stolen identities and even used AI tools to pass technical interviews. A U.S. citizen was arrested, and a $5 million reward is being offered for further intelligence. There are many earlier stories and about N. Koreans imitating U.S. Citizens and then working remotely for US security companies while in N. Korea. |
| June 2025 | Headline | News |
| #040 | A few stories to end the month | FBI: Scattered Spider targets aviation sector: Business Insider Norwegian dam industrial-control breach. diesec.comwired.com. Citrix NetScaler “CitrixBleed 2” zero‑day exploited.securityweek.com Critical Cisco ISE vulnerabilities allow RCE securityweek.com. ICE rolls out facial-recognition biometrics on phones. wired.comwired.com. UK businesses report surge in cyber-attacks theguardian.com. Iran’s cyber capabilities overstated. thetimes.co.ukthe-sun.com. |
| #039 | The horse has bolted | I was on a call regarding the opting in or out of sharing information. There was much discusion but it allseems irrelevant.That horse has surely bolted with the news from Cybernews of the theft of 16 billion passwords exposed in record-breaking data breach impacting logins to Google, Apple Facebook and many more. If you just changed all your passwords it looks like its time to do it again. Good Grief! |
| #038 | The three monkey syndrome hits the Telcos | Salt Typhoon may or may not have infiltrated into at least Comcast and Digital Reality (owning 300+ data centers hosting most countries of the world). CISA has identified many vulnerabilities within the many telco infrastructures. Salt Typhoon is believed to be the worst-ever state-sponsored malware in history and is still likely to be present and accessing all call and text messages. This implies that the security of all these systems are in themselves insecure. Yes, the bombs from China may only consist of Ones and Zeros but yes, it’s war. Employees of the companies concerned have been instructed not to look for evidence of these hacks presumably because if found they would have to declare the issue and the companies would likely be held liable. Hence the title of this feature of Hear No evil, see no evil, speak no evil. (Good grief!) I am so not shocked by all of this given the almost impossible task of getting Zero Trust attributes to be implemented in Telco and MSP systems. |
| #037 | … and when she got there, the shelves were bare. | Many sources (e.g. Forbes) covered the impact of the June 5th cyberattack that “forced United Natural Foods Inc., the primary distributor for Whole Foods Market, to shut down its systems and halt deliveries to more than 30,000 grocery stores across North America. – a direct hit to the digital backbone of the food supply chain.” Although the nature of the attack has not been publicly revealed what it indicates is an inadequate or untested Resiliency Plan. Easier said than done, of course. Yes there is new legislation – “The Farm and Food Cybersecurity Act of 2025 (link to article) but these are often out of touch: “biennial Risk assesment” and “Annual simulation excercises” (Really, hasn’t any of these people heard of Zero Trust and continual monitoring?!) However, every nation relies on food reaching consumers so this cannot happen. The scary part is that this might just be a threat actor testing things out!!! Two weeks later the problems are not reconciled and there is no (public at least) indication of the cause. This may be truly complicated and related to the story above if it’s something in the service provider supply chain. The issue remains: presumably the resilience plan either did not evisage the issue, or the systems were not designed in at the development stage (no DevSecOps based on Zero Trust) or did not simulate recovery from such a problem. |
| #036 | Copilot info ripped | It had to come. Microsoft 365 Copilot has had sensitive information without requiring any user action, interaction, or awareness. Although Microsoft say that it has been patched, we don’t how long this had been in play. A Tracked as CVE-2025-32711 with a CVSS score of 9.3 was added to the list. I guess it had to happen sooner or later but it doesn’t have to be this way. |
| #035 | New Malware Threats Embedded in Image Files. | Back in April 2023 we reported on malware embedded in mp4 image files and what to do about them. This time it’s the turn of Scalable Vector Graphics (SVG) files to be in the spotlight. SVG files even have a mechanism as part of the protocol to embed self-executing Javascript code, so all the threat actors need to do is read the manual. Less frequently used compared to .jpg or .png files these can sit in am email just waiting to be clicked. There are some fixes available the watch word is “hover don’t click” Thanks to Steve Gibson’s Security Now Podcast for this information. |
| #034 | U.S Cybersecurity | Even skipping the political rhetoric, adversaries must be loving the uncertainty and turmoil happening in critical government security circles. Reports from CybersecurityDive – “Trump scraps Biden software security, AI, post-quantum encryption efforts in new executive order.” are typical but maybe another from the same source “Trump’s cyber nominees gain broad industry support” is more hopeful. We will have to read carefully to see if the critical element of holding companies accountable for lack of best security practices still persist? |
| #033 | Cloudy with a chance of hacking. | The annual and somewhat strangely named Pwn2Own (Pwn means hack) event in Germany revealed some sobering thoughts for those who are cloud-centric. The live competition by white hackers on the current systems with the latest updates installed revealed many vulnerabilities in VMWare, Nvidia, Docker and Linux systems. Win 11 and Firefox were not immune either. Scary though this may be, the value is that all of these effective Zero Day exploits will become future patches to the systems. Some sooner than others. |
| #032 | AI Fear Therapy. | As follow-on from the story below about AI being the top concern in Cybersecurity. I’m not sure that this qualifies as news but Cigna healthcare came up with: “Change the people or change the people.” |
| #031 | It, looks like the U.S. governments Hackathon is continuing. | Cybersecurity Dive and others report that the 2000 (about 2/3rds) of CISA’s full time staff will be retained. Contractos whose contracts were ended, have gone too. Given that they were presumably smart people in demand, my wishful thinking is that they will be spreading their knowledge in the community and commercial organizations and may form collaborative group. |
| #030 | The Breach Goes on. | June Gloom (a Los Angeles expression) has arrived with breaches reported at LexisNexis, affecting 364,000, Russian hackers buying passwords from cybercriminals, ransomware attacks on Nova Scotia Power, impacting 280,000, NSpresso Greek customers and many more. It’s an early June reminder that the problem is not going way. Update: the FBI raised the awareness of potential Play Ransomware attacks on 900 organizations using SimpleHelp. Analysts from Forescout say that 35,000 solar power systems connected to the Internet are at risk. The list is endless. |