August 2025
FTC Urges U.S. Tech Giants to Resist Weakening Encryption
The U.S. Federal Trade Commission (FTC) has called on major tech companies—such as Apple, Google, Meta, and Microsoft—to resist complying with foreign laws that could compromise encryption and online privacy. FTC Chair Andrew Ferguson warned that yielding to UK and EU demands under laws like the Online Safety Act and Digital Services Act may violate U.S. consumer protection laws. He stressed that weakening privacy features for international compliance could mislead American users. The agency emphasized that companies have a responsibility to uphold U.S. privacy and free speech standards. The intervention follows a recent U.S. effort to prevent the UK from mandating encryption backdoors.
Source : www.techradar.com
FEMA Leadership Ousted Due to Cybersecurity Failures
Homeland Security Secretary Kristi Noem has terminated around two dozen FEMA employees, including the Chief Information Officer and Chief Information Security Officer, due to what she called “massive cybersecurity failures.” A breach allowed a threat actor to access FEMA systems, and shockingly, their credentials were reinstated even after deactivation. The review exposed poor practices like a lack of multi-factor authentication and misrepresentation of security postures. Despite hundreds of millions spent on cybersecurity, FEMA failed to meet basic standards. Noem underscored that neglect and deception would no longer be tolerated in federal IT operations.
Source : www.nypost.com
Google Prepares for “Hack-Back” as U.S. Moves Toward Offensive Cyber Defense
Google is reportedly setting up a special “disruption unit” to proactively target and dismantle cybercriminal networks, marking a shift toward offensive cyber tactics. This comes alongside a broader U.S. policy shift signaled by the proposed “Scam Farms” bill, which may allow presidentially authorized cyber retaliation. The legislation revives the concept of letters of marque—historically used in naval warfare—for modern digital threats. While it’s unclear how far companies like Google can legally go, the intent to hack back is evident. These moves reflect growing urgency as cyber threats escalate in scale and sophistication.
Source : www.tomshardware.com
Chinese Hackers Infiltrate UK Critical Infrastructure
A state-sponsored Chinese cyber-espionage group known as Salt Typhoon has been exposed for infiltrating critical infrastructure in the UK and more than 80 other countries. Using known router vulnerabilities, the group gained persistent access to systems in telecom, military, government, and transportation sectors. Western intelligence agencies have linked Chinese firms to these activities, raising fears of long-term surveillance and data manipulation. The attacks are believed to enable real-time monitoring of sensitive communications and physical movements. Cybersecurity agencies have urged immediate patching of network devices to prevent further compromise.
Source : www.securityweek.comJuly 2025
Microsoft SharePoint Hack Hits US Nuclear Agency
A significant cybersecurity breach has affected the U.S. nuclear weapons agency, reportedly linked to a vulnerability in Microsoft SharePoint. According to Bloomberg, unauthorized actors exploited the flaw to gain access to sensitive systems. The incident has sparked national security concerns, especially given the critical nature of the agency’s operations. While the extent of the data exposure remains unclear, federal investigators are actively working to determine the scope and source of the attack. This breach highlights ongoing risks in government cybersecurity infrastructure and third-party software dependencies.
Source : www.reuters.com
Marks & Spencer Discloses Cyberattack by Criminal Gangs
Retail giant Marks & Spencer (M&S) revealed that a severe cyberattack disrupting its operations for six weeks was carried out by hacker groups "Scattered Spider" and Asia-based ransomware operator "DragonForce." The breach began on April 19, 2025, significantly impacting automated warehouse operations and leading to a 5% drop in share prices. M&S is now enhancing its cybersecurity measures to prevent future breaches.
Source : www.thescottishsun.co.uk
Qantas Investigates Data Breach Affecting Millions
Qantas Airways confirmed a data breach impacting up to six million customers, stemming from unauthorized access to a third-party system linked to a Qantas contact center. The breach involved the theft of personal customer data, including names and contact information. Australia's privacy watchdog has noted a rise in social engineering attacks, particularly "vishing," where cybercriminals impersonate employees to deceive IT help desks and bypass security protocols.
Source : www.theguardian.com
AI-Driven Impersonation Targets U.S. Officials
The U.S. State Department issued a warning about attempts to impersonate Secretary of State Marco Rubio and other officials using AI technology. An AI-driven impostor posing as Rubio attempted to contact foreign ministers, a U.S. senator, and a governor through various communication channels. While the messages were ultimately unsuccessful, the incidents raise growing concerns about the use of artificial intelligence in compromising information security.
Source : www.apnews.comJune 2025
Iranian Cyber Threats Escalate
In June 2025, U.S. national security agencies, including the NSA, CISA, FBI, and DC3, issued urgent advisories about an anticipated wave of cyberattacks by Iran-linked hacking groups targeting American critical infrastructure. These attackers are especially focused on organizations with ties to Israeli defense and research sectors. The campaign has employed phishing emails, credential harvesting, and the exploitation of unpatched systems to gain unauthorized access. Authorities have called on companies in sectors like energy, healthcare, and technology to tighten security controls and prepare for potentially coordinated and disruptive attacks.
Source : www.nsa.gov
Scattered Spider Targets Aviation
The cybercriminal group “Scattered Spider,” known for their high-profile breaches of MGM Resorts and Caesars Entertainment in 2023, has re-emerged with a new focus on the airline industry. Using advanced social engineering techniques, including deepfake audio impersonations of internal IT staff, the group has succeeded in breaching airline IT systems. Investigators warn that the attackers trick help desks and technical teams into resetting credentials or granting unauthorized access. In response, the FBI issued a broad advisory recommending stricter access controls, employee verification protocols, and enhanced internal cybersecurity awareness training.
Source : www.csoonline.com
LapDogs Espionage Campaign
A newly exposed cyber espionage campaign, dubbed “LapDogs,” has been attributed to China-aligned threat actors and has affected over 1,000 devices across strategic regions including the U.S., Japan, South Korea, Taiwan, and Hong Kong. The operation utilized malicious browser extensions and USB drop techniques to infiltrate targets in the telecom, semiconductor, and government sectors. Security analysts believe the attackers aimed to collect sensitive trade secrets and state intelligence. The scale and precision of the campaign have heightened concerns about state-sponsored cyber surveillance across Asia-Pacific and allied nations.
Source : www.securityscorecard.com
Healthcare Data Breach
A major U.S. healthcare system disclosed a devastating data breach in June 2025 that exposed the personal records of approximately 5.4 million patients. The breach originated from a vulnerability in outdated PACS (Picture Archiving and Communication System) imaging software, which had not been patched in time. Exposed data included patients’ medical histories, insurance details, and Social Security numbers. Legal experts predict a wave of class-action lawsuits, and the breach has triggered investigations from HIPAA enforcement agencies. The incident underscores the urgent need for improved software lifecycle management in healthcare IT infrastructure.
Source : www.healthcaredive.comn