Cyber (In)Securities – Issue 166

ICS Alerts, Global Breaches, and Building the Cyber Workforce of Tomorrow

From the United States to Norway, Australia to the United Kingdom, and across Asia and Europe, Cyber (In)Securities Edition 166 delivers critical cybersecurity alerts, global breach updates, and expert insights shaping the future of digital resilience.

For Security Leaders and Cyber Teams
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released 32 new Industrial Control Systems (ICS) advisories impacting Siemens, Rockwell Automation, and Güralp Systems products. The National Institute of Standards and Technology (NIST) has finalised its first Lightweight Cryptography Standard to protect IoT devices and other resource-constrained systems. Meanwhile, the emerging Crypto24 ransomware group is targeting high-value organisations in the U.S., Europe, and Asia, using advanced endpoint detection and response (EDR) evasion techniques.

For Privacy, Trust and Safety, and Digital Defence
Multiple critical vulnerabilities in Fortinet products are impacting organisations worldwide, including one confirmed as actively exploited. In Norway, pro-Russian hackers have been linked to sabotage of a water dam. Google has confirmed a global data breach affecting users across multiple countries, and in the U.S., Connex Credit Union has reported a data breach compromising the personal information of 172,000 members.

For Governance, Geopolitics, and AI Security
In Australia, AI chatbots face scrutiny over allegations of encouraging teen suicide, sparking urgent calls for better safeguards. The United Kingdom’s Online Safety Act is under fire for threatening end-to-end encryption and enforcing strict age verification. Globally, the Blue Report 2025 reveals ransomware shifting from encryption to pure data theft, while security researchers highlight vulnerabilities in GPT-5. A multi-region survey found 62% of respondents believe AI agents are easier to deceive than humans, raising concerns for governance, trust, and AI security frameworks.

CyAN Spotlight
Shantanu Bhattacharya returned as a featured speaker at the Uttar Pradesh State Institute of Forensic Science (UPSIFS) in Lucknow, sharing cybersecurity and AI expertise alongside national thought leaders.

Event Success – “Is it possible to future-proof the cyber workforce?”
Held in Sydney, this CyAN event brought together keynote Heather Hoddinott (Hack The Box) and an expert panel featuring Maryam Shoraka (Sydney Trains), Michael do Rozario (Corrs Chambers Westgarth & CyAN Member), Michael McDonald (3 Steps Data & CyAN Member), Andy Pedroso (SoSafe & CyAN Member), and Britt McGill (Leaders IT). Guided by Kim Chandler McDonald and Saba Bagheri, the discussion explored strategies, real-world case studies, and actionable steps to strengthen the cyber workforce.

Editor’s Desk
Kim Chandler McDonald examines the governance and privacy risks of covert surveillance in schools, while Michael McDonald focuses on the architectural flaws that enable these risks — both responding to Wired’s investigation into audio-enabled vape detectors.

Root Access
Michael McDonald highlights vulnerabilities in CyberArk and HashiCorp Vault allowing remote takeover without credentials and warns of new “Win-DoS” zero-click exploits that can turn Windows servers and domain controllers into DDoS botnets.

CyAN Shout-Out
Congratulations to Kim Chandler McDonald (finalist, Unsung Hero) and Saba Bagheri (finalist, Converged Security Resilience Champion) in the 2025 AWSN Awards.

What’s On Our Feed
Featuring updates and thought leadership from Krishna Pasumarthi, Daniela Masoch, Jonathan Wood, Florian Hantke, John Salomon, Vaishnavi J, Mohammed Shakil Khan, Sorin Toma, Kim Chandler McDonald, Will Rivera, and Gilles Chevillon.

Stay informed with the latest in global cybersecurity, governance, AI security, and privacy protection — read the full edition of Cyber (In)Securities 166 today.

You can download this edition by clicking the three dots icon on the bottom right and selecting Download PDF File. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.