Cyber (In)Securities – Issue 169

Welcome to Cyber (In)Securities Issue 169, your global roundup of the most critical cybersecurity news and insights. This edition spans Australia, the United States, France, China, and Egypt, capturing alerts, incidents, and expert perspectives reshaping the security landscape. From CISA’s latest industrial control systems advisories, to mis-issued DNS certificates undermining Internet trust, to record-breaking DDoS attacks, data breaches, and AI-driven phishing campaigns, this issue examines the events and policies putting pressure on today’s security leaders.

Security Leaders and Cyber Teams
CISA released five new ICS advisories across Honeywell, Mitsubishi, and Delta. Cloudflare confirmed mis-issued certificates for the 1.1.1.1 DNS service, exposing weaknesses in global trust infrastructure. In Australia, a developer revealed how gift card PINs can be brute forced in minutes. Cloudflare also blocked a record 11.5 Tbps DDoS attack, WhatsApp warned of targeted attacks, Salesloft and Drift campaigns hit Cloudflare, Palo Alto Networks, and Zscaler, and hackers issued an ultimatum to Google after a breach warning.

Governance, Identity, and AI Security
France fined Google €325M for cookie violations, Texas sued PowerSchool over a breach affecting 62 million students, and Disney agreed to a 10 million dollar FTC settlement on children’s data. BleepingComputer reported a new TP-Link zero-day, exploitation of Sitecore flaws, and breaches at Chess.com. CyberScoop covered Egypt’s takedown of the Streameast piracy network and a House panel’s approval of cyber information-sharing legislation. Dark Reading reported on funding cuts increasing cyber risks for state and local agencies, and Chinese actors gaming Google search.

Toolbox and Releases
Fresh Linux desktop experiences resembling macOS emerged, WINUX offered a Windows-style Linux alternative, and adoption data revealed the fastest-growing chatbot isn’t ChatGPT or Gemini.

CyAN Spotlight

  • Kim Chandler McDonald received Highly Commended, Unsung Hero at the Australian Women in Security Awards 2025.
  • Welcome to new member Rujuta Rane.
  • Editor’s Desk: Kim Chandler McDonald explores AI companions for children and the risks families can’t undo.
  • Root Access: Michael McDonald analyses industrialised phishing campaigns dropping RATs.
  • Member updates: Will Rivera, Vaishnavi J., Caroline Humer, along with Aniket Ajagaonkar at MRNYC25, plus insights from Osama Soliman, Yedhu Krishna Menon, John Salomon, Jean-Christophe Le Toquin, Jonathan Wood, Gilles Chevillon, and Sapann Harish Talwar

You can download this edition by clicking the three dots icon on the bottom right and selecting Download PDF File. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.