Risky Bulletin

A brisk look at why cutting internet access in Iran may not stop foreign cyber operations. They compare shutdown capabilities across countries and how attackers adapt with contingency access. Cold War spying tech and Starlink contingencies get discussed. The segment weighs intelligence collection priorities versus disruptive effects during network outages.

Federal agencies ordered to crack down on scams, ransomware and sextortion. A new US cyber strategy prioritizes deregulation, federal modernization and offensive partnerships. Suspected state-backed actors breached an FBI wiretap network. A major Romanian meat exporter went insolvent after a ransomware hit. AI agents and new malware tactics are changing attacker behavior.

Marco Slaviero, CTO of Thinkst, leads technical research and product work. He discusses Thinkst Labs and how it fosters learning and researcher development. He describes Thinkscapes, AI and tooling projects, and how labs build POCs to shape product decisions. He previews new deception token types and approaches to scaling fake credentials for detection.

Iranian actors scanning security cameras and other IoT gear to help missile targeting. A reported Israeli strike on Iran’s cyber and electronic warfare facilities. Global takedowns of LeakBase and a phishing-as-a-service network that abused 2FA. Widespread malware shifts into malicious ads and rising ransomware activity. Debates over encrypted messaging policies on major social platforms.

Tom Uren, policy and intelligence editor known for sharp analysis of cyber operations, breaks down how fleeting cyber effects shaped the early US-Israeli strikes on Iran. He describes use of city surveillance and mobile manipulation for pattern-of-life targeting. He also explores AI speeding and scaling phishing and targeted campaigns, and how rapid cyber success can force defensive shutdowns.

Reports on US cyber strikes that targeted Iranian defenses before kinetic attacks. Discussion of Russia's push to split from the global internet by 2028. Coverage of a new iOS exploit kit called Karuna and active Android zero-day fixes. Notes on Chrome moving to a two-week release cycle and government use of ad-bidding location data for tracking.

A deep dive into how cyber operations in Ukraine have shifted from loud, destructive stunts to stealthy espionage. Discussion of cyber's role in mapping infrastructure and guiding missile strikes. Exploration of how cyber intelligence integrates with conventional forces and shapes strategic narratives. Talk about hacktivist access, media timing, and cyber’s maturation across tactical, operational, and strategic levels.

Researchers built language models that can link pseudonymous comments to real identities. A major French health data breach exposed 15 million patient records. Google dismantled a large ad-fraud botnet and removed hundreds of malicious apps. Tensions over US cyber leadership and policy moves for NATO-classified use of consumer devices are also discussed.

Harish Peri, SVP and GM for AI security at Okta, leads identity and access strategy for AI agents in enterprises. He discusses how agentic systems force firms to relearn identity basics. He highlights the need for distinct agent identities, fine-grained authorization, token theft risks, and challenges from ephemeral agent swarms and agent-to-agent calls.

A Russian man accused of extorting a major ransomware crew is discussed. Google dismantled a Chinese cyber-espionage infrastructure targeting telcos and governments. A longstanding Cisco zero-day used in the wild for years is revealed. Massive data thefts and spyware convictions in Europe also make the list.