Cybersecurity Headlines

Adam Palmer, CISO at First Hawaiian Bank, brings pragmatic risk and governance perspective. Jon Collins, Field CTO at GigaOm, offers cloud architecture and threat analysis. They discuss AI-assisted VoidLink multi-cloud malware, zero-click flaws in AI extensions, shadow AI and insecure defaults, and national cloud rehearsal practices. Short, sharp takes on resilience, visibility, and treating AI as privileged.

A deep dive into a surge of Ivanti RCE activity traced to a single bulletproof IP. An explanation of how scammers manipulate AI-generated Google overviews to embed phishing links. A rundown of a DNS-based ClickFix technique that uses nslookup to retrieve malicious payloads. A mail-based scam targeting hardware wallet users is also covered.

State-backed actors allegedly used an AI model across the entire attack lifecycle, from profiling to exfiltration. Apple released a fix for a decade-old iOS vulnerability that could allow arbitrary code execution. Federal cybersecurity leadership warned about impacts of a DHS funding lapse on operations and staffing. Russia and NYC tech trials also raise tech and privacy concerns.

Attackers repurpose employee-monitoring tools to maintain stealthy access. Nevada rolls out a statewide data classification framework. A Georgia healthcare breach now affects over 626,000 people. An abandoned Outlook add-in becomes a phishing kit. Hundreds of Chrome extensions are caught harvesting browsing histories.

Antitrust clearance for a major cloud acquisition and its market ripple effects. A large vendor refreshes Secure Boot certificates ahead of expiration and what that means for devices. A nation-state uses deepfake video calls to target cryptocurrency executives. Exploits of help-desk software and a noisy Linux botnet using IRC round out the headlines.

China-linked UNC3886 exploiting zero-days and rootkits against Singapore telecoms. VoidLink malware showing multi-cloud persistence, credential theft, container escape and kernel hiding. Analysts spotting AI-generated code artifacts in malware development. Over 135,000 OpenClaw instances exposed due to default network settings and high-risk flaws.

Chris Ray, Field CTO at GigaOm, brings practical security architecture insight. Nick Ryan, former CISO, offers hands‑on risk and incident response experience. They discuss viral Maltbook misconfigurations and shadow AI apps. They unpack an AI-assisted AWS takeover, machine‑speed attacks, and behavioral defenses. They debate new GSA CMMC‑style contract requirements and implications for small vendors.

OpenClaw is using VirusTotal hashing to scan uploaded skills. CISA orders federal agencies to purge end-of-life network and IoT devices within a year. Ransomware cripples BridgePay and forces merchants offline. Microsoft Office exploits target transport and diplomatic sectors. Researchers reveal router-hijacking D-Knife malware and AI-assisted AWS intrusions.

A data exposure at a major newsletter platform is discussed alongside attacks tied to the Winter Olympics that targeted infrastructure. A cloud development feature is shown to allow remote code execution and token theft. Reports of large-scale cyber espionage campaigns and ransomware disruptions to critical services are also highlighted.

Coverage of Ukraine limiting Starlink terminal mobility and whitelisting to curb UAV misuse. A patched VMware ESXi sandbox escape is now being exploited in the wild. A critical SolarWinds Web Help Desk deserialization bug is under active attack. Reports of U.S. cyber operations affecting Iranian air defenses and leaks exposing sensitive victim data are also discussed.