On the latest episode of Nerd Out, Dave and Alec welcome back Hunter Headapohl to deep dive into Cybersecurity Awareness Month and cyber threats.
References from the discussion include:
After the security nerd discussions, the trio turned to other nerd news with a little Halloween theme.
On this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open
• H2OSecCon 2026 Call for Presentations
• Critical infrastructure sectors on the most concerning threats – and needed solutions. “With critical infrastructure constantly under myriad threats, sector-focused information sharing and analysis centers and organizations collect, analyze and disseminate actionable cyber and physical threat information to stakeholders and provide them with tools to mitigate risks and enhance resiliency. To mark Cybersecurity Awareness Month, Threat Beat asked: 1) What is the most pressing short-term security concern in your sector? 2) What is one thing the public and/or industry/government can do now to address this?” Responses include DNG-ISAC, E-ISAC, FB-ISAO, Food and Ag-ISAC, Health-ISAC, MS-ISAC, ONE-ISAC, Space ISAC, and WaterISAC.
• CISA’s international, industry and academic partnerships slashed. The cuts “create a dangerous void,” said Errol Weiss, chief security officer for the Health Information Sharing and Analysis Center. “The health sector is one of the most targeted and vulnerable, and this is exactly the wrong time to be pulling back federal support.
• Kristi Noem pledged to boost the nation’s cybersecurity. She gutted it instead
• Trump Administration Cuts Cyberdefense Even as Threats Grow
• U.S. Cyberspace Solarium Commission Annual Assessment: America’s Cyber Resiliency in 2025: Lessons from the Fifth CSC 2.0 Annual Assessment & US ‘slipping’ on cybersecurity, annual Cyberspace Solarium Commission report concludes
Main Topics:
Ransomware recovery perils: 40% of paying victims still lose their data. Paying the ransom is no guarantee of a smooth or even successful recovery of data. But that isn’t even the only issue security leaders will face under fire. Preparation is key.
• UK Government: Supply chain resilience against ransomware
• JLR hack is costliest cyber attack in UK history, say analysts
Melissa becomes third Category 5 hurricane of the extraordinary 2025 season
• NHC issuing advisories for the Atlantic on Hurricane Melissa
• Key messages regarding Hurricane Melissa (en Español: Mensajes Claves)
• Melissa leaps from tropical storm to Category 4 hurricane in 18 hours
• Category 5 Hurricane Melissa’s eye is nearing Jamaica and conditions are worsening
Quick Hits:
• Palo Alto Networks: Why Threat Actors Succeed
• LA Metro digital signs taken over by hackers
• Chatbots Are Pushing Sanctioned Russian Propaganda
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• The White House fired 176 CISA employees on Friday, with more layoffs fearedLayoffs, reassignments further deplete CISA
• Top cyber lawmaker wants answers on CISA workforce reductions
• Tech industry unites behind bipartisan effort to urgently reauthorize US cyber threat information sharing law
• What They Are Saying: Technology Stakeholders Urge Passage Of Peters & Rounds Bipartisan Bill To Restore Critical Cybersecurity Protections (CISA 2015)
Main Topics:
F5, AWS, Third Party Risk & Resilience:
• AWS: Operational issue - Multiple services (N. Virginia).
• AWS: Operational issue - Multiple services (N. Virginia). [RESOLVED] Increased Error Rates and Latencies
• What the Huge AWS Outage Reveals About the Internet
• AWS outage exposes Achilles heel: central control plane
• F5: K000154696: F5 Security Incident
• F5, Inc. Form 8K
• ED 26-01: Mitigate Vulnerabilities in F5 Devices
Ransomware & Data Breaches:
• IT-ISAC: Quarterly IT Sector Ransomware Analysis Q3 2025, July -September. PDF.
• BlackFog’s 2025 Q3 Ransomware Report
Arctic Wolf 2025 Human Risk Report Reveals Escalating Breaches, Overconfidence in Phishing Defenses, and Risky AI Behavior. Key findings from the 2025 Human Risk Behavior Snapshot include:
Quick Hits:
• AG Platkin Sets Standards for Active-Shooter Readiness
• Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data
• NCSC Warns Data Centres Face Rising Cybersecurity Threats
• Microsoft Dominates Phishing Impersonations in Q3 2025
• UK NCSC - UK experiencing four 'nationally significant' cyber attacks every week
• UK NPSA: Protecting our Democratic Institutions: Countering Espionage and Foreign Interference
• DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
In this week's Security Sprint, Dave and Andy covered the following topics:
Main Topics:
Russia, China and North Korea are using ChatGPT to influence you — here’s how. A new report from OpenAI found foreign adversaries are increasingly using artificial intelligence to power hacking and influencing operations. The report found they were using OpenAI’s popular tool ChatGPT. The report showed those adversaries include Russia, China and North Korea. “AI-enabled attacks are becoming more capable and harder to detect,” Daryl Lim, affiliate at the Center for Socially Responsible Artificial Intelligence at Penn State University, told Straight Arrow News. “Adversaries can personalize attacks, evade filters and iterate faster than before.”
• The Case for AI Loss of Control Response Planning and an Outline to Get Started
• Can Humans Devise Practical Safeguards That Are Reliable Against an Artificial Superintelligent Agent?
The true cost of cyber attacks - and the business weak spots that allow them to happen. What makes companies like Jaguar Land Rover and Marks & Spencer particularly vulnerable is the way in which their supply chains work.
• UK NCSC: UK experiencing four 'nationally significant' cyber attacks every week
• Cyber attack contingency plans should be put on paper, firms told
• Policyholder Plot Twist: Cyber Insurer Sues Policyholder’s Cyber Pros
• The Ransomware Pricing Paradox: An Empirical Study of the Six Stages of Ransomware Negotiations. PDF
• Paying off cyber criminals no guarantee stolen data won’t be published – study
Severe Weather: Hurricane Season continues
18 Oct: No Kings nationwide protests
Quick Hits:
• Peace in Israel and Gaza?
• Sen. Peters tries another approach to extend expired cyber threat information-sharing law & Peters & Rounds Introduce Bipartisan Bill to Restore Critical Cybersecurity Protections
• Yet another shutdown and its impact on cybersecurity professionals
• Experts: Shutdown Strains Healthcare Cyber Defenses
• Is the government shutdown impacting info sharing for healthcare cyber threats?
• ICYMI! Gate 15 Weekly Security Sprint EP 130. The Evangelist has returned! Cybersecurity Awareness Month and more!
• Poland says cyberattacks on critical infrastructure rising, blames Russia
• Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS
• Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense
• Belgian PM reported to be among targets of ‘jihad-inspired’ drone plot
• Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign
In this special (and now maybe annual!) episode of The Gate 15 Interview, live from the floor of TribalNet 2025, Andy speaks with TribalHub’s Senior Marketing & Communications Manager, Michelle Bouschor, as they catch up and talk incident response, why non-IT leaders need to be part of the conversation, and what’s trending across the conference. Plus, Michelle throws out a fun popup question: what would Andy do if he weren’t working in tech? Listen on Spotiy, Apple or the TribalHub page at podbean!Relevant to their conversation: Tribal-ISAC Unveils Cybersecurity Report. The Tribal Information Sharing and Analysis Center (Tribal-ISAC) released its first-ever report, The Pulse – The State of Cybersecurity Within Tribal Nations, during the Annual TribalNet Conference and Tradeshow in early September. The report was produced by the Tribal-ISAC with assistance from TribalHub, and features cybersecurity insights, trends and more gathered from three key sources: Tribal-ISAC’s 2025 “Tribal Cybersecurity” Survey, TribalHub’s “How Prepared is Your Tribe for AI?” Survey, and Gate 15’s CHIEF and NATIVE Reports.
Additional selected links:
On this week's episode of the Security Sprint, Andy is joined by the Cybersecurity Evangelist herself, Jennifer Walker as well as Sadie Anne Jones! Together they covered the following topics:
Warm Open:
• Tribal-ISAC Unveils Cybersecurity Report & Tribal-ISAC cybersecurity report delivers data, insights into risks
• (TLP:CLEAR) WaterISAC Physical Security Advisory Committee: Insider Threat Management – Fact Sheet.
• Colin Wood on Bluesky: “October isn't only cyber awareness month. It's also National Popcorn Poppin' Month, National Adopt a Shelter Dog Month and Eczema Awareness Month. There's something for everyone, really” It's also National Pizza Month!
Main Topics:
CISA: Cybersecurity Awareness Month - Building a Cyber Strong America. October is Cybersecurity Awareness Month! This year’s theme is Building a Cyber Strong America, highlighting the need to strengthen the country's infrastructure against cyber threats, ensuring resilience and security.
• Cybersecurity Awareness Month Toolkit
• DHS and CISA Announce Cybersecurity Awareness Month 2025
• Article: DHS, CISA kick off Cybersecurity Awareness Month 2025 to protect critical services, boost national resilience
Cybersecurity Information Sharing Act of 2015 (CISA 2015):
• CISA 2015 sunsets: Cyber Threat sharing without a net?
• CISA Liability Protections Terminate - What Legal & InfoSec Need to Know Before Sharing Cyber Threat Information
• Cyber Threat Information Sharing at Risk: What Companies Should Consider if the Cybersecurity Information Sharing Act of 2015 Is Not Renewed
• Cyber defenders on edge amid shutdown furloughs, expired authorities
• Information sharing under CISA 2015 in limbo after government shuts down
Quick Hits:
• Judge temporarily blocks use of National Guard in Portland
• USNORTHCOM statement regarding protection of federal property and personnel in the Portland Area
• Trump says US is in ‘armed conflict’ with drug cartels after ordering strikes in the Caribbean
• Venezuela says it detected 5 US ‘combat planes’ flying 75km from its coast, calls it a ‘provocation’
• Clop extortion emails claim theft of Oracle E-Business Suite data
• Active exploitation of vulnerability affecting Oracle E-Business Suite
• Oracle Security Alert Advisory - CVE-2025-61882
• CISA and UK NCSC Release Joint Guidance for Securing OT Systems
• Shutdown guts U.S. cybersecurity agency at perilous time
• CISA to furlough 65% of staff if government shuts down this week
• UK NPSA - Manchester Incident
• Security boost for Irish Jews after Manchester synagogue attack
• Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• TribalNet 2025: Cybersecurity Is Central to IT Modernization for Tribes
• Cyberattacks remain big threat for tribes: survey
• CISA to furlough 65% of staff if government shuts down this week
• Cyber shutdown showdown
Main Topics:
Domestic Hostile Events:
• Deadly attack on Michigan church leaves investigators searching for motive
• Michigan church shooter was Marine veteran who White House official says "hated people of the Mormon faith"
• Update from FBI Detroit on Shooting and Fire at a Michigan Church
• Michigan church shooting suspect went on anti-LDS tirade, political candidate said
• Armed man busted after plowing car through police barricade outside Michigan church day after deadly shooting, blaze
• Iraq War veteran Thomas Sanford ID’d as gunman who attacked Grand Blanc LDS church, killing 4 and setting it ablaze
• What we know about Michigan church shooter Thomas Sanford. Authorities have provided no motive for the attack.
• Who is Michigan church attacker Thomas Jacob Sanford: Iraq war vet 'suffered from PTSD' and wore 'Make Liberals Cry Again' shirt
• A List of Notable Shooting Attacks on Houses of Worship in the US in the Past 20 Years
• Marine veteran in custody after 3 killed, at least 8 injured in shooting at a waterfront bar in North Carolina, officials say & Southport mass shooting: Suspect identified in gunfire from boat that killed 3, injured 8, officials say
• Eagle Pass casino shooting: 2 killed, 5 hurt; suspect in custody, authorities say & Two dead, six hurt in shooting at Texas tribal casino; suspect in custody
Ransomware
• 'You'll never need to work again': Criminals offer reporter money to hack BBC
• Co-op says cyber-attack cost it £206m in lost sales
Quick Hits:
• CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices
• Threat Insights: Active Exploitation of Cisco ASA Zero Days
• CISA - SonicWall Releases Advisory for Customers after Security Incident
• Widespread Supply Chain Compromise Impacting npm Ecosystem
• Russia dares NATO to shoot
• New Kremlin-Linked Influence Campaign Targeting Moldovan Elections Draws 17 Million Views on X and Infects AI Models
• Bot Networks Are Helping Drag Consumer Brands Into the Culture Wars
• Outrage Cycle: Cracker Barrel and its CEO Targeted Amidst Logo Controversy
• CISA Releases Advisory on Lessons Learned from an Incident Response Engagement
• Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations
• Designating Antifa as a Domestic Terrorist Organization
• Fact Sheet: President Donald J. Trump Designates Antifa as a Domestic Terrorist Organization
• Ranking Member Thompson Statement on Trump Incorrectly Designating ‘Antifa’ as a Domestic Terrorism Organization
• DHS Issues Statement on Targeted Attack on Dallas ICE Facility3 people shot at Dallas ICE field office: ICE official
• Trump Says He Is Ordering Troops to Portland, Escalating Domestic Use of Military
• Trump Says He’s Sending Troops To ‘War Ravaged’ America City — Authorizes ‘Full Force’
• Pentagon calls up 200 National Guard troops after Trump Portland announcement
• Oregon leaders object to Trump’s deployment of 200 National Guard troops in the state
• Feds march into downtown Chicago; top border agent says people are arrested based on ‘how they look’
• ICE tactics inflame tensions in New York, Chicago and other cities
• Shane Tamura, gunman in shooting at NFL headquarters, had CTE: Medical examiner
On the latest episode of Nerd Out, Dave and Alec talked about the following topics:
Some of the articles reference in the pod included:
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• TribalNet: Casino-systems suppliers protecting operations from cyberattacks
• TribalNet: AI main focus of tribal technology conference
• TribalNet 2025: Cybersecurity Is Central to IT Modernization for Tribes
• The Gate 15 Interview EP 62: Justine Bone, Executive Director, Crypto ISAC
Main Topics:
U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area. The U.S. Secret Service dismantled a network of electronic devices located throughout the New York tristate area that were used to conduct multiple telecommunications-related threats directed towards senior U.S. government officials, which represented an imminent threat to the agency’s protective operations. This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites. In addition to carrying out anonymous telephonic threats, these devices could be used to conduct a wide range of telecommunications attacks. This includes disabling cell phone towers, enabling denial of services attacks and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises. While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.
Ransomware!
• EU cyber agency says airport software held to ransom by criminals
• A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster
• Rising cyberattacks on K-12 schools prompt concern as Uvalde CISD grapples with ransomware
Cyber threat information law hurtles toward expiration, with poor prospects for renewal
• Rand Paul's last-minute demands push key cybersecurity law to the brink
• Peters Urges Senate to Quickly Extend Critical Cybersecurity Protections That Expire on October 1st
• Health-ISAC CSO: A Looming Deadline: The Cybersecurity Information Sharing Act of 2015
• RER and Coalition Urges TRIA Reauthorization
• Commentary: Shrinking cyber budgets and rising threats: Why public-private partnerships are now mission-critical
US threats and violence
• MN man threatened people via email as retaliation for Charlie Kirk's death: Charges
• NH Man Arrested for Allegedly Plotting to Kill Republican Governor Kelly Ayotte With Pipe Bombs
• NCTC Supports U.S. Law Enforcement, First Responders by Sharing Intel Product Aimed at Deterring Attacks by Al-Qa’ida
• ISIS calls for slaughter of Christians and Jews in UK attacks – 'shoot, stab, and ram'
Quick Hits:
• FBI PSA: Threat Actors Spoofing the FBI IC3 Website for Possible Malicious Activity
• NHC issuing advisories for the Atlantic on Hurricane Gabrielle
• UK NPSA: Vehicle Security Barriers at Event Venues
• TikTok: Statement from ByteDance
o Deal to Keep TikTok in U.S. Is Near. These Are the Details.
o Trump expected to approve TikTok deal via executive order later this week, WSJ reports
• OpenAI admits AI hallucinations are mathematically inevitable, not just engineering flaws
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Justine Bone, Executive Director, Crypto ISAC. She has worked at the intersection of technology, governance, and investment for over twenty years from her start in the intelligence community with the New Zealand GCSB and the U.S. NSA, and has since spanned CEO roles, multinational board appointments, and global advisory positions. Today she serves as Executive Director of the Crypto ISAC, leading global collaboration at the nexus of digital assets, cybersecurity, and governance, and working with public and private stakeholders to build trust and resilience in international markets. She has also held leadership roles at Dow Jones, Bloomberg, and MedSec, and worked with public–private collaborations alongside the FDA, DHS, and DOD. Learn more about Justine on LinkedIn.In the discussion Justine and Andy cover:
“there’s a lot that’s the same, but there’s a lot that’s different”
Selected links:
In that latest episode of the Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• TribalNet 2025!
• FB-ISAO Releases an All-Faiths Analysis of Attacks on U.S. Houses of Worship in 2024, FB-ISAO Releases an All-Faiths Analysis of Attacks on U.S. Houses of Worship in 2024 & FB-ISAO Newsletter
• Water at the 2025 WaterPro Conference
• Errol LinkedIn: A Looming Deadline: The Cybersecurity Information Sharing Act of 2015
• Health-ISAC and CI-ISAC Australia joint white paper
Main Topics:
Charlie Kirk Assassination
• The Hostile Event Attack Cycle (HEAC)
• De-escalation Reference Card: CISA De-escalation Reference Card & CISA De-escalation Reference Card Printer Friendly
Insider Threat Awareness Month: Fake Faces, Real Damage: The Corporate Risk of AI-Powered Manipulation. Security professionals are rapidly confronting a new reality: artificial intelligence (AI) and big data, while excellent tools for improving productivity and business operations, are equally lowering the barriers for sophisticated attacks by a wide range of threat groups. From hostile nation-states to issue-motivated groups to cybercriminals, these technologies are enabling attacks that are more personalized, scalable, and harder to detect. The widespread availability of our personal data—from what we post on social media to the massive resale of information gathered by data brokers from both our devices and our online activity—has made open-source data the key ingredient for highly effective AI-driven deception and disruption and enabled the creation of deepfakes.
Quick Hits:
• NOAA - Hurricane Erin: When distant storms pose a danger to America’s coastal communities
• Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure
• 'Chilling reminder': Multiple historically Black universities under lockdown after receiving threats
• 1 injured while U.S. Naval Academy building was cleared after reported threat
• Police Swarm UMass Boston After Unconfirmed Shooting Report Sparks Campus Chaos
• USCP Clears False Bomb Threat & Police clear possible bomb threat at DNC headquarters
• A shooting at Denver-area high school leaves community shaken during third week of school
• Man Pleads Guilty to Attempting to Use a Weapon of Mass Destruction and Attempting to Destroy an Energy Facility in Nashville
• Out of the woodwork: Examining the global aspirations of The Base
• The Online Radicalization of Youth Remains a Growing Problem Worldwide
• CTC - The Global State of al-Qa`ida 24 Years After 9/11
• 18 Popular Code Packages Hacked, Rigged to Steal Crypto
• Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads
• npm Supply chain Attack: Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents
• Salesloft: March GitHub repo breach led to Salesforce data theft attacks
• Ransomware Losses Climb as AI Pushes Phishing to New Heights
• Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• Patch It or Pay: Closing the Door on Exploits. This blog is part of Gate 15’s Summer of Security: Ransomware Resilience Series, highlighting the essential considerations for organizational leaders and cybersecurity professionals.
Main Topics:
• House panel approves cyber information sharing, grant legislation as expiration deadlines loom
• CISA Delays Cyber Incident Reporting Rule for Critical Infrastructure
Ransomware & Data Breaches:
• Australian Government - Australian Institute of Criminology: Examining the activities and careers of ransomware criminal groups. PDF
• Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response
• Cyberattack on Jaguar Land Rover threatens to hit British economic growth
• Hackers linked to M&S breach claim responsibility for Jaguar Land Rover cyber-attack
• How JLR's Cyber Breach is Disrupting Global Operations
• Jaguar Land Rover staff home for another day as company reels from cyber attack
Presidential Message on National Preparedness Month
• National Insider Threat Awareness Month; Help prevent the exploitation of authorized access from causing harm to your organization
• Plan to avoid scams this National Preparedness Month
• ABA Foundation and FBI Release New Infographic to Help Americans Spot and Avoid Deepfake Scams
Quick Hits:
• All IT work to involve AI by 2030, says Gartner, but jobs are safe. All work in IT departments will be done with the help of AI by 2030, according to analyst firm Gartner, which thinks massive job losses won’t result.
• Salesloft Drift updates
• Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers
• Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack
• Frostbyte10 flaws in Copeland E2 and E3 controllers highlight cyber threats to refrigeration, HVAC, lighting infrastructure
• Czech NUKIB alerts critical infrastructure sector to rising cyber risks from Chinese data transfers, remote management
• ‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American
• Chinese Hackers Impersonate US Lawmaker in Malware Scheme During Trade Talks
• US military kills 11 in strike on alleged drug boat tied to Venezuelan cartel, Trump says
• Targeting Iran’s Leaders, Israel Found a Weak Link: Their Bodyguards
• U.S. and Canadian Intelligence Partners Issue Guidance to Protect Western Tech Startups from Exploitation in International Pitch Competitions
• The Blockchain Is Not Your Friend: Examining EtherHiding and using Blockchain for Attacks
• New Cyber Resources from the Canadian Centre for Cyber Security: Cyber security hygiene best practices for your organization - ITSAP.10.102
o Virtualizing your infrastructure (ITSAP.70.011)
o Universal plug and play (ITSAP.00.008)
In this week's Security Sprint, Dave and Andy covered the following topics:
Main Topics:
Annunciation Catholic Church Attack
• Minneapolis Suspect Knew Her Target, but Motive Is a Mystery
• Shooter who opened fire on Minneapolis Catholic school posted rambling videos
• Robin Westman: Minneapolis gunman was son of church employee
• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting
• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers
• Minneapolis Catholic Church shooter mocked Christ in video before attack
• Minneapolis school shooter 'obsessed with idea of killing children', authorities say
• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers
• In Secret Diaries, the Church Shooter’s Plans for Mass Murder
• Minneapolis church shooting search warrants reveal new details and evidence
• 'There is no message': The search for ideological motives in the Minneapolis shooting
• Minneapolis Church Shooting: Understanding the Suspect’s Video
• More Of Minnesota Shooter’s Writings Uncovered: ‘Gender And Weed F***ed Up My Head’
• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle school
Hoax Active Shooter Reports
• More than a dozen universities have been targeted by false active shooter reports
• This Is the Group That's Been Swatting US Universities
• FBI urges students to be vigilant amid wave of swatting hoaxes
AI & Cyber Threats
• The Era of AI-Generated Ransomware Has Arrived
• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research
• Anthropic: Detecting and countering misuse of AI: August 2025
• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
• FBI warns Chinese hacking campaign has expanded, reaching 80 countries
• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks
• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networks
Quick Hits:
• Storm-0501’s evolving techniques lead to cloud-based ransomware
• Why Hypervisors Are the New-ish Ransomware Target
• FBI Releases Use-of-Force Data Update
• Denmark summons US envoy over report on covert American ‘influence operations’ in Greenland
• Falsos Amigos
• Surge in coordinated scans targets Microsoft RDP auth servers
• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424
• Citrix patches trio of NetScaler bugs – after attackers beat them to it
• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats
• US sanctions fraud network used by North Korean ‘remote IT workers’ to seek jobs and steal money
• H1 2025 Malware and Vulnerability Trends
• The FDA just overhauled its COVID vaccine guidance. Here’s what it means for you
• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin
• DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says
• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,’ ‘negligence’
• Email Phishing Scams Increasingly Target Churches
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• Nerd Out EP 61. The 2/3 of the Year Awards!
Main Topics:
FBI PSA - Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure. The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service's (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally.
Info Ops:
• Most Adults in 25 Countries Say Spread of False Information Is a Top National Threat. The findings come from Pew’s seventh iteration of its Global Attitudes Survey: International Opinion on Global Threats, which was last published in 2022.
• Foreign disinformation enters AI-powered era. At least one China-based technology company, GoLaxy, seems to be using generative AI to build influence operations in Taiwan and Hong Kong… Documents also show that GoLaxy has created profiles for at least 117 members of Congress and over 2,000 American political figures and thought leaders.
• Toxic politics and TikTok engagement in the 2024 U.S. election
• Why wind farms attract so much misinformation and conspiracy theory
UN - Terror threat posed by ISIL ‘remains volatile and complex,’ Security Council hears. The threat posed by the terrorist group ISIL – known more widely in the Middle East as Da’esh – remains dynamic and diverse, with Africa currently experiencing the highest level of activity worldwide.
• PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General for Counter-Terrorism, United Nations Office of Counter-Terrorism.
• PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General, United Nations Office of Counter-Terrorism.
• UN Report: ISIS Fighters’ Migration to Afghanistan and the Taliban’s Failure
• ISIS-K poses major threat with 2,000 fighters in Afghanistan, UN says
FEMA Employees Warn That Trump Is Gutting Disaster Response. After Hurricane Katrina, Congress passed a law to strengthen the nation’s disaster response. FEMA employees say the Trump administration has reversed that progress. Employees at the Federal Emergency Management Agency wrote to Congress on Monday warning that the Trump administration had reversed much of the progress made in disaster response and recovery since Hurricane Katrina pummeled the Gulf Coast two decades ago. The letter to Congress, titled the “Katrina Declaration,” rebuked President Trump’s plan to drastically scale down FEMA and shift more responsibility for disaster response — and more costs — to the states. It came days before the 20th anniversary of Hurricane Katrina, one of the deadliest and costliest storms to ever strike the United States.
Quick Hits:
• 25% of security leaders replaced after ransomware attack
• Gate 15: Hack Yourself First: Pen Testing for Prevention
• FB-ISAO: Ransomware Incident Review January to June 2025
• Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
• Maryland Transit Administration says cybersecurity incident is affecting some of its servicesNevada state government offices closed after network security incident
• Audit of Antisemitic Incidents 2024
• MIT report: 95% of generative AI pilots at companies are failing
• Report: Russian Sabotage Operations In Europe Have Quadrupled Since 2023
• CISA Requests Public Comment for Updated Guidance on Software Bill of Materials
• Risky Bulletin: NIST releases face-morphing detection guideline
• CVE-2025–41688: Bypassing Restrictions in an OT Remote Access Device
• Think before you Click(Fix): Analyzing the ClickFix social engineering technique
In the latest episode of Nerd Out, Dave goes through the annual (3rd or 4th - who knows) 2/3 of the year awards! The categories are:
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Adam Rak, Executive Director CyberUSA, Head of Strategic Partnerships, and San Carlos City Council Member and Former Mayor. Adam is a highly accomplished, analytical government relations executive with 25 years of experience and proven success promoting initiatives in the technology and cyber security industry. Possesses detailed expertise in developing partnerships and programs to achieve organizational objectives, and enhance industry reputation. Learn more about Adam on LinkedIn.
In the discussion Adam and Andy cover:
Selected links:
In this week's Security Sprint, Dave and Andy are joined by Alec Davison and they covered the following topics:
Warm Open:
• Crypto ISAC
• Odin.fun Exploited for $7 Million as 58.2 BTC Stolen in Security Breach
• BtcTurk under attack again: withdrawals suspended after alleged $50 million hack & Major Turkish Crypto Exchange BtcTurk Allegedly Hacked for Nearly $50 Million
• Treasury Sanctions Cryptocurrency Exchange and Network Enabling Sanctions Evasion and Cyber Criminals
• More everyday in the SUN. Join the GRIP! Get the SUN!
Main Topics:
EPA, WaterISAC caution utilities on drone threats and cyber risks in evolving security landscape. The U.S. Environmental Protection Agency (EPA) and WaterISAC recognized that UASs (unmanned aerial systems), or drones, can pose significant threats to critical infrastructure, due to their accessibility, versatility, and potential for misuse. These threats can range from unauthorized surveillance, physical attacks, and even cyber attacks. Drones have revolutionized the critical infrastructure sector by enabling efficient and cost-effective inspections, reducing the need for manual labor and minimizing safety risks associated with hazardous environments, while providing real-time data and high-resolution imagery, allowing for more accurate monitoring and maintenance of infrastructure assets, leading to improved operational efficiency and reduced downtime.
UK NPSA: Security Fences and Gates. Fences, along with integrated gates, play a key role in delivering security solutions both for perimeters and protecting important assets. This guidance is intended to aid those responsible for delivering security solutions including fences and gates to identify the factors that need to be considered. NPSA wish to advise that fences and gates are no longer tested to the Manual Forced Entry Standard (MFES). As a result, all fences and gates which were previously given an MFES rating have been removed from the Catalogue of Security Equipment. This document provides advice on the requirements for security fences and gates and signpost alternative security standards that should be considered. Please use the NPSA Forced Entry Standards Guidance1 to assist you. NPSA Forced Entry Standard 2024
Hurricane Erin:
• NHC issuing advisories for the Atlantic on Hurricane Erin
• Key messages regarding Hurricane Erin
• Hurricane Erin to grow, will next threaten US coast with dangerous conditions
Quick Hits:
• NOAA - July 2025 was planet's 3rd warmest on record
• Dragos Industrial Ransomware Analysis: Q2 2025
• CISA: Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators
• Canada’s Guide on Biometric Management Is a Useful Resource for All Corporate Security Directors
• Canadian Centre for Cyber Security
o Steps to address data spillage in the cloud (ITSAP.50.112)
o Introduction to cloud computing (ITSAP.50.110)
o Models of cloud computing (ITSAP.50.111)
• Norway spy chief blames Russian hackers for hijacking dam
• Colt Telecom attack claimed by WarLock ransomware, data up for sale
• SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations & Risky Bulletin: Academics pull off novel 5G attack
• Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities
• ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver
• Plex warns users to patch security vulnerability immediately
• ClickFix phishing links increased nearly 400% in 12 months, report says
In this week's Security Sprint, Dave and Andy covered the following topics:
Main Topics:
Physical Security:
• FBI Releases 2024 Reported Crimes in the Nation Statistics
o Hate crimes hit second largest record in 2024: FBI
o Crime down in every category in 2024, FBI report says
o Jews targeted in 69% of religion hate crimes in 2024, 71% since October 2023, per FBI data
o FBI Report: Anti-Jewish Hate Crimes Across U.S. Nearly 10x Higher Than Any Other Group
o NYC Sees Drop in Antisemitic Hate Crimes, Yet Jews Still Targeted Most, Police Say
• CDC shooter blamed COVID vaccine for depression; union demands statement against misinformation
o CDC Shooter Believed Covid Vaccine Made Him Suicidal, His Father Tells Police
o Suspect identified in Atlanta shooting outside CDC: What to know
• Shooter kills three in a Target parking lot in Austin before being captured, police say
o Child among 3 killed in north Austin shooting, suspect detained
o 'I was running for my life' | 3 dead in shooting at North Austin Target
The Cost of a Call: From Voice Phishing to Data Extortion - Update (August 5) & Google says hackers stole its customers’ data by breaching its Salesforce database
Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home; For likely the first time ever, security researchers have shown how AI can be hacked to create real-world havoc, allowing them to turn off lights, open smart shutters, and more. In a new apartment in Tel Aviv, the internet-connected lights go out. The smart shutters covering its four living room and kitchen windows start to roll up simultaneously. And a connected boiler is remotely turned on, ready to start warming up the stylish flat. The apartment’s residents didn’t trigger any of these actions. They didn’t put their smart devices on a schedule. They are, in fact, under attack. Each unexpected action is orchestrated by three security researchers demonstrating a sophisticated hijack of Gemini, Google’s flagship artificial intelligence bot.
Quick Hits:
• NOAA - Prediction remains on track for above-normal Atlantic hurricane season
• New state, local cyber grant rules prohibit spending on MS-ISAC
• Joint Counterterrorism Assessment Team (JCAT): Hybrid and Electric Vehicle Emergency Planning and Postattack Response Considerations
• Canadian Centre for Cyber Security - Potential SSL VPN Zero-Day vulnerability impacting Gen 7 SonicWall Firewalls
• SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation
• Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
• CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities
• CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability
• Leak Reveals the Workaday Lives of North Korean IT Scammers
• US companies spending record amounts to protect executives as threats rise
• Mysterious Crime Spree Targeted National Guard Equipment Stashes
• American Nazis: The Aryan Freedom Network is riding high in Trump era
• Florida Man Sentenced to 20 Years for Conspiring to Destroy Baltimore Region Power Grid & Neo-Nazi leader sentenced to 20 years for plotting Baltimore power grid attack
• Leader of Transnational Terrorist Group Pleads Guilty to Soliciting Hate Crimes, Soliciting the Murder of Federal Officials, and Conspiring to Provide Material Support to Terrorists
In this week's Security Sprint, Dave and Andy covered the following topics:
Warm Open:
• Decrypted: FunkSec Ransomware; Avast releases free decryptor for AI-assisted FunkSec ransomware & Skip directly to the decryptor download.
Main Topics:
Hostile Events:
• NYC shooting at heavily secured office building raises questions about what more can be done
• FBI Arrests Dayton Man for Making Social Media Post Threatening to Kill Tens of Thousands & Man accused of threatening to kill 30K Black people in Cincinnati days after megaviral attack video
• Tennessee man threatened to kill public officials, kept explosive devices in his home, authorities say
Cyber Threat Reports:
• CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target
• Censys: 2025 State of the Internet: Malware Investigations
• Forescout - Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places
• Cside: Client-Side Attack Report Q2 2025
DHS Launches Over $100 Million in Funding to Strengthen Communities’ Cyber Defenses
Quick Hits:
• FBI PSA - Unsolicited Packages Containing QR Codes Used to Initiate Fraud Schemes
• Leading phone repair and insurance firm collapses after paying crippling ransomware demand — Cutting 100+ employees to just eight wasn’t enough
• Canadian Centre for Cyber Security - Security considerations for critical infrastructure (ITSAP.10.100)
• Iran hiring criminal networks in Europe to attack Jews, US religious freedom report finds
• UNC2891 Bank Heist: Physical ATM Backdoor & Linux Forensic Evasion Evasion
• Swedish crypto exchange Trijo hacked for 7.8 MSEK
On this week's Security Sprint, Dave is solo and talked about the following topics.
Warm Opening.
Main Topics.
