Risky Bulletin

Fletcher Heisler, founder and CEO of open source identity provider Authentik, explains Extended Identity Access Management (XIAM) and why identity must cover humans, agents, and devices. He discusses stateless, multi‑cloud deployments, risks of proprietary cloud IDPs, and how agentic AI needs identity guardrails. He also touches on consolidation, resiliency, and Authentik’s cautious approach to AI features.

A newly discovered iOS hacking framework being used across multiple countries is revealed. Belgium launches a secure government messaging app to replace foreign services. Japan legalises pre-emptive cyber operations with cabinet approval. AWS clamps down on S3 bucketsquatting to stop hijacks. Breathalyser devices and several crypto platforms suffer disruptive cyberattacks.

Tom Uren, policy and intelligence editor focused on cyber and platform safety. He explains how a successful war could push Iran to pivot heavily into cyber power. They discuss how Iran might rapidly scale cyber capabilities. They also cover Meta reversing E2EE on Instagram DMs and when encryption helps or harms safety.

New EU cyber penalties against Iranian and Chinese hacking networks are unpacked. A high-ranking Iranian cyber official's killing and Canada's proposed online tracking law get coverage. A UK company registry bug, massive data theft in the Netherlands, and hijacked Denver crosswalks make the list. Stories of athlete phishing, banking fraud on Android, and a large IoT botnet round out the roundup.

A wide-ranging chat about how bombing Iran could push its hacker groups to expand and adapt. They dig into Stryker ransomware, Handala's impact, and the resilience of decentralized, low-tech networks. The conversation contrasts destructive commodity attacks with bespoke espionage and compares Iran’s cyber trajectory to North Korea’s.

Meta used AI to suspend thousands of cartel-linked accounts tied to trafficking and extortion. A major leak exposed e‑government source code and sold citizen data. Signal spearphishing tricked officials into revealing PINs. An AppsFlyer supply‑chain compromise injected a clipboard crypto stealer. Multiple AppArmor flaws enable root escalation and container escapes.

Alex Orleans, Head of Threat Intelligence at Sublime Security, breaks down email attacks abusing Zoom and other video-conferencing tools. He outlines live-meeting lures, fake updaters that steal credentials, and renamed installers that deliver malware. The conversation covers RMM tool misuse, calendar-trust exploitation, personalized social engineering, and how AI both powers attacks and aids detection.

Law enforcement takedowns of a large residential proxy network and arrests tied to organized scam operations make waves. Reports cover destructive Iranian hacks hitting a medical device maker and threats to US tech firms. Apple issued patches for old iOS against a leaked exploit kit, while CISA seeks Cisco SD-WAN logs after a critical zero-day. New AI and privacy concerns surface with misconfigured agents and undisclosed router telemetry.

Tom Uren, cybersecurity analyst and newsletter author, critiques the new Trump cyber strategy and government actions. He discusses offensive cyber demonstrations, the tension between strategy and cuts in priorities, and a buried plan to push private sector disruption of adversary networks. He also covers the Corona exploit kit leak and the risks of rushed implementation.

Senate confirmation of Gen. Joshua Rudd to lead US cyber operations. Announcement of a new interagency offensive cyber unit. UK launching an Online Crime Centre with funding and leadership plans. Reports linking an iOS exploit kit to a major contractor. Widespread breaches traced to weak controls and delayed reporting across governments.