Cyber (In)Securities – Issue 173

Exploited Vulnerabilities, Global Espionage, and Cyber Accountability

The latest edition of Cyber (In)Securities tracks the geography of today’s threats, from exploited vulnerabilities and major breaches in Europe to state-linked espionage across Asia and the growing focus on accountability in Australia. Edition 173 brings together critical alerts, global news, and CyAN member insights to help leaders navigate an increasingly complex cyber landscape.

Global Cybersecurity Threats: Exploited CVEs, Breaches, and Espionage

CISA added five high-risk CVEs to the Known Exploited Vulnerabilities Catalog, including flaws in GNU Bash, Jenkins, and Samsung devices. New industrial control system advisories were also issued for Raise3D Pro2 printers and Hitachi Energy MSM products.

In Europe, Allianz Life and Motility suffered breaches affecting millions, while regulators warn that OT systems remain a top target. Asia sees intensifying campaigns from China-linked espionage groups against ASEAN networks, North Korean IT worker infiltration schemes spreading beyond US companies, and Japan’s Asahi brewery disrupted by a cyber attack. In Australia, resilience takes center stage as Qantas cuts executive pay in response to security failures and the call grows louder to build a “human firewall.”

Other major developments include:

• Ransomware exploiting MFA weaknesses in SonicWall VPNs.
• AWS targeted through social engineering.
• Sextortion and romance scam arrests across Africa.

Trust, Safety, and Digital Resilience

The Trust & Safety Festival in India features notable CyAN members, continuing the network’s role in shaping global conversations on digital trust and safer online spaces. Oracle customers report mass data theft claims, and the UK debates the future of cyber threat information sharing as legislation nears expiration.

Governance and Accountability

Cyber accountability is rising, with Qantas moving to cut executive pay in response to breaches. South Korea’s repeated incidents raise concerns over national defenses, while Europe prepares for further OT attacks.

Editor’s Desk & Root Access

• Kim Chandler McDonald explores the human cost of burnout in cybersecurity, the broken promise of “teach kids to code,” and the governance failures when incidents go underreported.
• Michael T. McDonald examines the risks of a newly exploited Sudo flaw, malware spreading through fake apps, and the first malicious MCP server targeting AI.
• John Salomon highlights Microsoft’s decision to provide free extended updates for Windows 10 in Europe.

CyAN Blogs, Articles & Commentary

• Deepfakes, Digital Trust, and the Urgent Case for Safety by Design — Kim Chandler McDonald
• The Weakest Link is Still Human: Why Social Engineering Remains the Top Cyber Threat — Isobel McCaffery
• Teen Safety as the Price of Admission for OpenAI and Its Peers — Vaishnavi J (TechPolicy.press)

CyAN Community Highlights

• Rupesh Shirke nominated for the SANS ICS/OT Practitioner of the Year Award.
• Dr. Alexander Rasin welcomed as CyAN’s newest member.
• Mentorship in Action: Kim Chandler McDonald meets mentee Isobel McCaffery, reflecting the strength of CyAN’s APAC mentorship program.

What’s On Our Feed

This edition features LinkedIn insights and updates from Matthieu Camus, Sylvain Harji, Jean-Christophe Le Toquin, Subela Bhatia, Henry Röigas, Scott Jeffries, Gilles Chevillon, Vaishnavi J, Yedhu Krishna Menon, Sarah Jane Mellor, Michael Do Rozario, and Peter Coroneos.

You can download this edition by clicking the three dots icon on the far right and selecting Download PDF File. For the best reading experience, we recommend enlarging it by clicking the fullscreen icon, which is the third icon from the right. All article titles inside the flipbook are clickable links.