Cyber (In)Securities – Issue 143

---

News

1. Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
   The Register – Brandon Vigliarolo
2. Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOne
   Cyberscoop – Greg Otto
3. Marks & Spencer breach linked to Scattered Spider ransomware attack
   BleepingComputer – Lawrence Abrams
4. House passes bill to study routers’ national security risks
   Cyberscoop – Matt Braken
5. Hitachi Vantara takes servers offline after Akira ransomware attack
   BleepingComputer – Sergiu Gatlan
6. Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
   BleepingComputer – Bill Toulas
7. Cybersecurity vendors are themselves under attack by hackers, SentinelOne says
   Cyberscoop – Tim Starks
8. VeriSource now says February data breach impacts 4 million people
   BleepingComputer – Bill Toulas
9. DragonForce expands ransomware model with white-label branding scheme
   BleepingComputer – Ionut Ilascu
10. WooCommerce admins targeted by fake security patches that hijack sites
    BleepingComputer – Bill Toulas
11. Amid CVE funding fumble, ‘we were mushrooms, kept in the dark,’ says board member
    The Register – Jessica Lyons
12. More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
    The Register – Connor Jones
13. Mobile provider MTN says cyberattack compromised customer data
    BleepingComputer – Bill Toulas
14. Vehicles Face 45% More Attacks, 4 Times More Hackers
    Dark Reading – Nate Nelson
15. Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
    Dark Reading – Tatiana Walk-Morris
16. All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack
    SecurityWeek – Ionut Arghire
17. Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
    The Hacker News – Ravie Lakshmanan
18. Anthropic finds alarming ’emerging trends’ in Claude misuse report
    ZDNet – Radhika Rajkumar
19. Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
    The Register – Jessica Lyons
20. ‘SessionShark’ ToolKit Evades Microsoft Office 365 MFA
    Dark Reading – Kristina Beek
21. Assassin’s Creed maker faces GDPR complaint for forcing single-player gamers online
    The Register – Brandon Vigliarolo
22. Interlock ransomware claims DaVita attack, leaks stolen data
    BleepingComputer – Bill Toulas
23. Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances
    SecurityWeek – Ryan Naraine
24. ‘Warning sign’: Espionage driving APAC cyber surge
    InnovationAus – Trish Everingham

Analysis

25. The Trouble with AI in Cybersecurity – Part 5: Ethics on Autopilot
    PrivID (Substack)
26. Mobile Applications: A Cesspool of Security Issues
    Dark Reading – Robert Lemos
27. M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat
    Dark Reading – Kevin Townsend
28. Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy
    SecurityWeek – Danelle Au
29. Why NHIs Are Security’s Most Dangerous Blind Spot
    The Hacker News
30. Navigating Regulatory Shifts & AI Risks
    Dark Reading – Arnaud Treps

CyAN Members: News

31. Comment instaurer une relation de confiance entre le DPO et le Hacker Éthique ?
    Cybersecurity Advisors Network
32. CyAN Global Vice President Kim Chandler McDonald judges Australian Space Awards
    Space Connect
33. Michael do Rozario Named Finalist for Lawyers Weekly Partner of the Year Awards 2025
    Lawyers Weekly

🗓️ Upcoming CyAN (and CyAN Partner) Global Events: