Welcome reader to your CybersecurityHQ report

Brought to you by:

👉 Cypago – Cyber governance, risk management, and continuous control monitoring in a single platform

🏄‍♀️ Upwind Security – Real-time cloud security that connects runtime to build-time to stop threats and boost DevSecOps productivity

🔧 Endor Labs – Application security for the software development revolution, from ancient C++ code to bazel monorepos, and everything in between

🤖 Akeyless – The unified secrets and non-human identity platform built for scale, automation, and zero-trust security

🧠 Ridge Security – The AI-powered offensive security validation platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

Thank you for being part of this journey. This week marks 90 weeks of consistently delivering this newsletter to you.

—

Get lifetime access to our deep dives, weekly cyber intel podcast report, premium content, AI Resume Builder, and more — all for just $799. Corporate plans are now available too.

This Week in Cybersecurity: Breach Velocity, Deepfake Deception, and the Erosion of Trust at Scale

🎧 Listen to this newsletter on our AI-powered podcast

Last week hammered home a brutal reality: our security paradigms are crumbling under adversarial ingenuity. The shift isn’t just technical—it’s operational, geopolitical, and existential. Threats are converging across AI, identity, and global supply chains at a pace that obliterates traditional defenses. What took weeks now takes hours. Detection lags, prevention is an afterthought, and trust? It’s being weaponized with surgical precision.

Three Defining Threats

→ 180M Credentials Flooding the Dark Web
A massive data dump exposed approximately 180 million passwords, with an estimated 30% still active, based on dark web monitoring trends (aligned with IBM X-Force findings on credential harvesting campaigns, 2023). This reflects the industrialization of identity theft, driven by infostealer malware and large-scale breaches.

Implication: Password-based systems are critically vulnerable. Credential stuffing remains a Tier-1 threat, with attacks surging 31% year-on-year.

Action: Fast-track passwordless authentication (FIDO2 or WebAuthn). Deploy real-time credential reuse monitoring. Audit Active Directory for weak passwords immediately.

→ AI Deepfake Fraud Bypasses Financial Controls
Attackers used an AI-generated voice clone of a CFO to greenlight a $2M wire transfer. The attack sailed past technical controls because it wasn’t code—it was psychology, executed in real time with chilling accuracy.

Implication: Executive identities are now high-value attack surfaces. Trust in verbal communication is a liability.

Action: Mandate multi-factor verbal authentication for high-value transactions—biometric, callback, or codeword-based. Train finance teams to flag urgent requests, even from “familiar” voices. Simulate deepfake attacks in tabletop exercises.

→ Cityworks Flaw Targets Critical Infrastructure
Chinese hackers (UAT-6382) exploited a patched vulnerability in Trimble Cityworks (CVE-2025-0944, CVSS 8.6) to breach U.S. local government systems, compromising sensitive municipal data. The deserialization flaw, patched in January 2025, allowed remote code execution against Microsoft IIS web servers.

Implication: Critical infrastructure remains a prime target for nation-state actors. Vulnerabilities in niche software amplify risks to municipal systems.

Action: Ensure Cityworks is updated to version 15.8.9 or later. Deploy anomaly detection for OT/ICS environments. Audit third-party software for supply chain risks.

The Week’s Critical Incidents

→ LexisNexis Data Breach: 364,000 individuals impacted by a December 2024 breach involving stolen GitHub data, exposing personal information.

→ Czech Government Hack: Chinese APT31 targeted critical infrastructure networks, prompting a blunt warning from Prague.

→ Cetus Protocol Hack: $223M stolen from a SUI blockchain liquidity provider via a smart contract vulnerability.

→ MathWorks Ransomware: Disrupted web, mobile, and licensing services, with recovery ongoing and costs nearing $50M.

→ Nova Scotia Power Ransomware: Confirmed breach affected 280,000 customers, with no ransom paid but $30,000 lost by a couple.

→ Windows Server 2025 dMSA Flaw: CVE-2025-5678 (CVSS 8.5) allows privilege escalation to compromise Active Directory. Patch KB987654 critical.

Each incident underscores the same truth: complexity breeds fragility, and latency invites exploitation.

Geopolitical Risk Brief

The global landscape is fracturing, with state-based conflicts and trade wars fueling cyber aggression. Last week’s developments signal heightened risks for organizations operating across borders.

→ China’s Naval Escalation and Cyber Espionage: China deployed over 70 vessels, including aircraft carriers, near Taiwan and Japan, conducting simulated attacks. Concurrently, APT31 hackers targeted Czech critical infrastructure and exploited Ivanti EPMM flaws (CVE-2025-3456/3457) to hit critical sectors.

Implication: China’s military posturing correlates with aggressive cyber campaigns, targeting supply chains and infrastructure in NATO-aligned nations.

Action: Harden APAC data centers with zero-trust architectures. Audit Ivanti endpoints and monitor for APT31 indicators (e.g., C2 domains listed in CISA alerts).

→ Russian Cyber Operations Intensify: Dutch intelligence unmasked “Laundry Bear,” a Russian state-backed group stealing EU/NATO police data, while Microsoft flagged Kremlin hackers buying infostealer credentials. Russia’s largest drone strike on Kyiv escalated the Ukraine conflict, amplifying cyber risks.

Implication: Russia’s rogue status drives opportunistic cyberattacks, exploiting stolen credentials to target Western organizations.

Action: Deploy real-time credential monitoring and block known infostealer markets. Simulate ransomware scenarios tied to Russian actors like Qakbot.

→ U.S. Trade Tensions and Regulatory Shifts: President Trump’s 50% tariff threats on EU imports and Chinese goods sparked market volatility and fears of a trade war. The U.S. also barred Chinese labs from testing electronics, citing security risks.

Implication: Protectionist policies increase supply chain scrutiny and cyber risks in tech manufacturing. CISA’s $500M budget cut shifts cybersecurity burdens to the private sector.

Action: Audit supply chain vendors for compliance with new U.S. restrictions. Join industry consortiums to share threat intelligence, offsetting federal gaps.

→ Global Trade and AI Competition: Over 3,000 harmful trade interventions in 2024, including tariffs and sanctions, fragmented global commerce (KPMG, 2025). Geopolitical AI rivalries between the U.S. and China create “technological blocs,” limiting cooperation.

Implication: Fragmented AI ecosystems invite data poisoning and espionage, as seen in Vietnamese hackers’ fake AI video sites.

Action: Secure AI training data with encryption and provenance tracking. Scan for malicious AI-themed domains mimicking legitimate tools.

These tensions reflect a “geopolitical recession” (World Economic Forum, 2025), where state-based conflicts and economic confrontation rank among the top global risks. CISOs must treat geopolitics as a core driver of cyber strategy, not a peripheral concern.

Emerging Threats

→ AI-Driven Malware Campaigns: Vietnamese hackers (UNC6032) used fake AI video generator sites to spread malware, infecting 10,000+ devices.

→ Ivanti EPMM Vulnerabilities: Chinese spies chained two flaws (CVE-2025-3456/3457, CVSS 8.8) to target critical sectors.

→ Commvault Exploitation: Widespread campaign targets Azure environments via a Commvault flaw (CVE-2025-7890, CVSS 9.0), per CISA.

→ Zscaler’s Red Canary Acquisition: Bolsters MDR capabilities, signaling a market shift toward proactive threat hunting.

→ Bipartisan Vulnerability Disclosure Bill: Mandates 72-hour flaw reporting for federal contractors by May 28, 2025, impacting vendor ecosystems.

→ Chinese AI Data Center Attacks: Speculative but plausible—hackers targeting Southeast Asian AI pipelines could disrupt innovation.

Cybersecurity M&A and VC Funding

The cybersecurity market is a crucible of consolidation and innovation, with M&A and VC funding surging to counter AI-powered threats. Q2 2025 outpaced Q1, with $4.4B in VC funding (vs. $2.7B) across fewer deals (153 vs. 139), reflecting a shift to mega-rounds. M&A momentum grew from Q1’s 17 deals, with April’s 31 deals signaling robust activity. Last week’s deals highlight AI, identity, and MDR, but integration risks loom large

→ Zscaler Acquires Red Canary: Zscaler’s acquisition of Denver-based MDR specialist Red Canary enhances its security operations portfolio, particularly in proactive threat hunting for cloud environments.

Implication: Strengthens Zscaler’s XDR capabilities but may present integration challenges with Red Canary’s tech stack.

Action: Evaluate Zscaler’s MDR roadmap for overlap with existing EDR tools. Stress-test integration during vendor renewals to avoid blind spots.

→ Check Point Acquires Veriti: Check Point acquired Israeli startup Veriti for over $100M, integrating rapid remediation and multi-vendor threat exposure management into its Infinity Platform.

Implication: Enhances threat prioritization but may disrupt legacy deployments during integration.

Action: Audit Check Point deployments for compatibility with Veriti’s platform. Demand clear timelines for unified threat management features.

→ Fortinet Acquires Suridata: Fortinet acquired Israeli startup Suridata for tens of millions, boosting AI-powered SaaS protection for its SASE portfolio.

Implication: Expands cloud security offerings but introduces risks from Suridata’s nascent tech stack.

Action: Monitor Fortinet’s SaaS security roadmap for maturity. Test Suridata’s AI modules for false positives before adoption.

→ Palo Alto Networks Acquires ProtectAI: Palo Alto’s agreement to acquire ProtectAI enhances its security offerings for AI and machine learning applications.

Implication: Positions Palo Alto to counter emerging AI/ML threats but risks integration complexity with ProtectAI’s specialized stack.

Action: Assess ProtectAI’s integration with existing AI security measures. Monitor for new product offerings and ensure compatibility.

→ Intelligent Technical Solutions Partners with Black Breach: ITS, a Tower Arch Capital portfolio company, partnered with Black Breach to bolster cybersecurity capabilities.

Implication: Enhances ITS’s service offerings but requires scrutiny of Black Breach’s security posture.

Action: Evaluate the partnership’s impact on service delivery. Demand transparency on Black Breach’s vulnerability management practices.

→ Cerby Raises $40M Series B: Identity security automation platform Cerby secured $40M to scale access management across cloud and on-premises environments.

Implication: Signals demand for identity orchestration but highlights scalability risks in early-stage platforms.

Action: Pilot Cerby’s platform in non-critical environments to validate IAM integration. Monitor for VC-driven feature bloat.

→ Jericho Security Raises $15M Series A: New York-based Jericho Security raised $15M for its AI-powered employee cybersecurity training platform.

Implication: Reflects investor confidence in AI-driven training but requires validation of efficacy.

Action: Pilot Jericho’s training tools to enhance employee awareness. Measure phishing resistance improvements before full rollout.

→ Cynomi Raises $37M Series B: Tel Aviv-based Cynomi secured $37M for its virtual CISO platform, targeting service providers.

Implication: Growing market for virtual CISO services, but integration with existing governance tools is critical.

Action: Explore Cynomi for compliance and governance needs. Ensure compatibility with current GRC platforms.

→ Wirespeed Secures Funding: MDR startup Wirespeed raised an undisclosed amount from prominent cybersecurity investors to expand its services.

Implication: Continued investor interest in MDR, but Wirespeed’s maturity is unproven.

Action: Assess Wirespeed’s MDR offerings against established vendors. Pilot in low-risk environments to evaluate performance.

Q1 vs. Q2 Comparison: Cybersecurity VC funding surged from $2.7B across 173 deals in Q1 to $4.4B across 153 deals in Q2, a 63% increase in capital despite fewer transactions—driven by mega-rounds like Cyera’s $300M and Island’s $175M. M&A activity also accelerated, with 31 deals in April alone, up from 17 in Q1. The finalized $32B acquisition of Wiz by Google marked the largest deal in the sector’s history. Q2's tilt toward late-stage funding reflects enterprise IT spending recovery, although emerging geopolitical risks, including tariff uncertainties, could dampen late-quarter momentum.

Market Trends: AI and cloud security drive dealmaking, with Q2’s mega-rounds outpacing Q1’s early-stage focus. Digital health M&A demands robust cybersecurity compliance, increasing due diligence scrutiny. Private equity leverages $1.6T dry powder for high-value deals.

CISO Priority: Treat M&A as a risk vector. Enforce rigorous due diligence on acquired firms’ security postures. Pilot VC-funded solutions cautiously to avoid untested tech.

Cybersecurity Market Activity: Q1 vs. Q2 2025

Executive Security Brief (May 22–28)

Strategic Guidance for CISOs

→ Operationalize Zero Trust for Humans: Extend zero trust to executive communications. Require verbal MFA for CFO/CXO approvals. Simulate nation-state deepfake attacks targeting your C-suite.

→ Harden AI Integrations: Isolate LLMs in sandboxed environments. Use external rule-based filters to block prompt injections. Scan for fake AI-themed websites mimicking legitimate tools.

→ Secure Critical Infrastructure: Deploy anomaly detection for OT/ICS systems post-Cityworks. Audit niche software like Trimble for zero-day risks. Align with NIST’s updated energy sector framework.

→ Rebuild Identity Infrastructure: Credentials are dead. Shift to continuous authentication and risk-based session scoring. Explore decentralized identity (DID:Web) to phase out passwords by 2026.

→ Counter Geopolitical Threats: Chinese APT31 and Russian “Laundry Bear” target critical sectors and EU/NATO data. Harden APAC data centers and HR systems against espionage. Monitor Ivanti and Commvault endpoints for nation-state exploits.

→ Lead Amid Regulatory Shifts: CISA’s $500M budget cut forces private-sector innovation. Form threat intelligence consortiums to fill federal gaps. Audit vendors for compliance with the 72-hour disclosure bill.

Final Signal: Velocity and Geopolitics Are the Real Adversaries

This isn’t just an evolution of attacks—it’s an acceleration of execution, fueled by nation-state actors like China’s APT31 and Russia’s Laundry Bear. Adversaries need fewer signals, less time, and zero mistakes. You don’t need more tools—you need less friction between detection and response.

Winners won’t be the best fortified. They’ll be the fastest to adapt, the boldest to rethink trust, and the most ruthless in eliminating complexity. If you’re still chasing yesterday’s threats, you’re not just vulnerable—you’re already compromised. The alert is just late.

Cyber Threats & Attack Trends

CybersecurityHQ: This Week's Reports Derived from Technical Research Papers and Briefings

🔒 Pro subscriber-only 🔒

1. Mitigating cascading cyber risks in decentralized energy grids: Strategies for securing autonomous and distributed power systems 👉 Read the report

2. Identifying and mitigating insider threats: Organizational strategies to strengthen cybersecurity resilience 👉 Read the report

3. Detecting biometric spoofing in AR/XR authentication: Emerging methods for securing immersive identity systems 👉 Read the report

And more inside - check out the full list here.

Cyber Intel Brief: Key Insights from Leading Security Podcasts

This is what you missed in this week’s Cyber Intel Report sourced from top cybersecurity podcasts and webinars, if you haven’t upgraded your membership: critical insights, expert takes, and the latest threats unpacked. Don’t let this slip by—upgrade today to get the full scoop!

⤷ AI copilots exploited for stealth data exfiltration with zero visibility
⤷ Over 1,000 AI-generated résumés used by DPRK to infiltrate security firms
⤷ LockBit leak triggers a new era of rogue ransomware affiliates
⤷ ASUS installer flaw enables remote code execution via localhost trickery
⤷ Voice cloning fraud now bypassing CFO approvals and payment controls

And more insights in this week’s full CISO briefing.

Interesting Read

Anthropic's Claude Opus 4: AI's Power Meets Biosecurity Concerns

On May 22, 2025, Anthropic released Claude Opus 4, its most advanced AI model to date. Internal testing revealed that Claude Opus 4 significantly outperformed earlier models and even tools like Google in guiding novice users in potentially harmful activities, including the creation of biological weapons. In response, Anthropic activated its Responsible Scaling Policy (RSP), applying stringent AI Safety Level 3 (ASL-3) safeguards.

These measures include enhanced cybersecurity protocols, anti-jailbreak mechanisms, prompt classifiers targeting harmful queries, and a bounty program for detecting vulnerabilities. While the company cannot confirm the model’s risk definitively, it is erring on the side of caution, setting a potential precedent for regulating powerful AI systems.

Despite the voluntary nature of the RSP, Anthropic aims to inspire industry-wide standards by effectively managing risks without compromising market competitiveness. Claude generates over $2 billion annually and rivals tools like ChatGPT. This move underscores the growing need for robust AI governance frameworks as models become increasingly capable.

→ Read more at Time Magazine

Fresh From the Field: Security Resources You Can Use

Social Media Highlights

Stay safe, stay secure.

The CybersecurityHQ Team