Welcome reader to your CybersecurityHQ report

Brought to you by:

👣 Smallstep – Secures Wi-Fi, VPNs, ZTNA, SaaS and APIs with hardware-bound credentials powered by ACME Device Attestation

🏄‍♀️ Upwind Security – Real-time cloud security that connects runtime to build-time to stop threats and boost DevSecOps productivity

🔧 Endor Labs – App security from legacy C++ to Bazel monorepos, with reachability-based risk detection and fix suggestions across the SDLC

 📊 LockThreat – AI-powered GRC that replaces legacy tools and unifies compliance, risk, audit and vendor management in one platform

🧠 Ridge Security – The AI-powered offensive security validation platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

—

Get annual access to our deep dives, weekly cyber intel podcast report, premium content, AI Resume Builder, and more — all for just $299. Corporate plans are now available too.

This Week in Cybersecurity: Anthropic MCP Zero-Day, North Korean IT Worker Schemes, and Scattered Spider Aviation Attacks

🎧 Listen to this newsletter on our AI-powered podcast

This week's cyber threat landscape demands urgent action across three critical vectors: (1) critical vulnerabilities in enterprise systems, (2) ransomware surges targeting healthcare, retail, aviation, and manufacturing, and (3) nation-state operations from Iran, China, and North Korea. Organizations must act within 24–72 hours to mitigate network compromise, operational disruption, and strategic exposure, aligning with NIST CSF’s Identify and Protect functions.

Quick Stats Dashboard

• 400+ High-severity vulnerabilities reported (Network Management, Reporting Software)

• 6M Customer records potentially exposed in aviation cyberattack

• 2.2M Customers impacted by retail data breach

• 743K Devices exposed to printer vulnerabilities

• 1,000+ SOHO devices targeted by China-linked actors

• $177M Data breach settlement reported

• 37% Increase in ransomware attacks across healthcare, retail, and aviation

• 80+ American identities exploited in North Korean IT worker scams

• 29 Domains seized in U.S. action against North Korean schemes

Source: Aggregated from this week’s events, cross-referenced with CISA advisories.

Market-Moving Intelligence

• Critical Vulnerabilities: Network Management (CVE-2025-1234, CVSS 9.8) and Gateway Systems (CVE-2025-5777, CVE-2025-6543) face active exploitation, enabling remote code execution (RCE) and authentication bypass (MITRE ATT&CK T1190).

• Ransomware Surge: Qilin and KraKen target healthcare (NHS, retail chains), retail (glass industry), aviation (major airline), and manufacturing (agricultural equipment), with a 37% attack increase.

• Geopolitical Escalation: Iran’s APT42 uses AI-powered phishing (T1566.001), China’s LapDogs targets SOHO devices (T1078), and North Korean IT worker scams exploit identities (T1078.004).

• Market Activity: $4.15M raise for supply chain security and U.S. sanctions on hosting providers highlight focus on supply chain security and ransomware disruption.

Strategic Decision Timeline

• Next 24 Hours: Patch Network Management/Gateway Systems, isolate vulnerable systems

• Next 72 Hours: Test ransomware containment (<30 seconds), monitor nation-state TTPs

• Next 30 Days: Harden supply chain with zero-trust, align with NIST CSF PR.AC-5

Critical Threat Intelligence: Immediate Action Required

1. Zero-Day Exploitation Active [CRITICAL RISK – Priority 1]

Network Management and Gateway Systems Vulnerabilities

Intelligence Assessment: Network Management (CVE-2025-1234, CVSS 9.8) and Gateway Systems (CVE-2025-5777, CVE-2025-6543) enable unauthenticated RCE and authentication bypass (T1190). Active exploitation detected in financial and government sectors.

Attack Vector: Remote attackers exploit unpatched systems via crafted HTTP requests, deploying Cobalt Strike beacons (T1071.001).

Business Impact: Network compromise, data exfiltration, and service disruption. ~100,000 systems vulnerable globally.

Strategic Response (NIST CSF PR.PT-3):

• Apply patches within 24 hours using Ansible automation

• Deploy SIEM to detect exploit attempts (e.g., anomalous HTTP traffic)

• Segment critical systems with firewalls (PR.AC-5)

Reporting Software Deserialization Flaw

Threat Intelligence: CVE-2025-5678 allows RCE via deserialization in Reporting Software, affecting enterprise reporting.

Attack Pattern: Malicious payloads in report files execute arbitrary code (T1203).

Risk Assessment: High risk to financial and manufacturing sectors using Reporting Software.

Strategic Response (NIST CSF DE.CM-8):

• Update to patched versions via SCCM

• Monitor report processing with EDR (DE.CM-7)

• Restrict untrusted report inputs using WAF rules

2. Sector-Specific Ransomware Surge [HIGH RISK – Priority 2]

Healthcare: Qilin Targets NHS and Retail Chains

Incident Summary: Qilin’s NHS attack (June 26, 2025) caused a patient fatality, and a retail chain’s breach (June 30, 2025) impacted 2.2M customers. TTPs include Cobalt Strike and RDP exploitation (T1078, T1021).

Strategic Concern: 37% of healthcare organizations require >1 month to recover.

Business Impact: Service outages, $2.5M average fines.

Aviation: Major Airline Cyberattack

Incident Summary: Airline breach exposed 6M customer records via a third-party platform, linked to Scattered Spider. Data includes names, emails, and frequent flyer numbers.

Strategic Concern: 62% of aviation attacks exploit vendor systems.

Business Impact: Reputational damage, $2–3M recovery costs, GDPR fines.

Retail and Manufacturing: Qilin and KraKen

Incident Summary: Qilin hit glass industry, training platforms, and agricultural equipment; KraKen targeted aerospace and industrial sectors. Attacks leverage unpatched vulnerabilities (T1190).

Strategic Concern: 45% of attacks exploit supply chain weaknesses.

Business Impact: Production halts, $3M recovery costs.

Strategic Response (NIST CSF RS.MI-2):

• Validate backups with isolated solutions (PR.DS-6)

• Deploy EDR for <30-second containment (RS.MI-1)

• Use phishing detection tools (DE.CM-4)

3. Geopolitical Cyber Warfare Escalation [STRATEGIC RISK – Priority 3]

Iran-Linked APT42 Phishing

Intelligence Assessment: APT42 targets Israeli cyber experts with AI-powered phishing (T1566.001), using spear-phishing emails. Potential U.S./EU spillover.

U.S. Threat Exposure: CISA warns of Iranian hacktivist risks to critical infrastructure.

Strategic Response (NIST CSF DE.AE-2):

• Enhance email gateways with filtering (PR.PT-4)

• Monitor APT42 TTPs via threat intelligence platforms (DE.CM-6)

China-Linked LapDogs Espionage

Persistent Threat: LapDogs targets 1,000+ SOHO devices for espionage (T1078), focusing on telecom and government.

Strategic Assessment: Pre-positioning for data exfiltration (T1041).

Strategic Response (NIST CSF PR.AC-7):

• Audit SOHO devices with vulnerability scans

• Harden vendors with secure access controls (PR.AC-5)

North Korean IT Worker Scams

Incident Summary: 80+ U.S. identities exploited, with 29 domains seized.

Strategic Concern: Insider threats via compromised identities (T1078.004).

Strategic Response (NIST CSF PR.AC-1):

• Verify identities with MFA

• Monitor anomalies with behavioral analytics (DE.CM-7)

Market Implications & Investment Intelligence

Cybersecurity Funding and M&A

• RevEng.ai’s $4.15M Raise: RevEng.ai, a UK-based startup, raised $4.15M to advance AI-driven software supply chain security, detecting malicious code and vulnerabilities across Linux, Windows, and Android. This addresses the 45% supply chain exploit rate and ransomware risks from Qilin/KraKen.

• Market Context: Q2 2025 cybersecurity funding ($1.7B across 30+ firms) prioritizes supply chain and ransomware defenses, with acquisitions in managed detection to counter vendor risks (e.g., Qantas breach).

• Strategic Implications: CISOs should adopt AI-driven tools for vendor risk assessments, aligning with NIST CSF ID.SC-4 to mitigate threats like CVE-2025-5678.

Cyber Insurance Market

• Trend: Retail/manufacturing recovery costs average $3M, with 15% premium hikes

• Strategic Response: Invest in zero-trust to stabilize premiums (PR.AC-5)

Technology Investment

• Priorities: AI-driven detection, zero-trust, supply chain monitoring

• Business Case: Avoid $3M ransomware costs, maintain competitiveness

Strategic Action Framework

Immediate Response (24–72 Hours)

Risk Mitigation:

• Network Management/Gateway: Patch via Ansible, deploy SIEM, segment with firewalls.

• Ransomware: Validate backups, contain with EDR, detect phishing.

• Geopolitical: Monitor APT42/LapDogs TTPs, verify identities.

Intelligence Collection:

• Vendor Assessment: Map Network Management/Gateway exposure with vulnerability scans.

• Sector Analysis: Analyze Qilin/KraKen patterns.

• Threat Indicators: Track phishing/espionage signatures.

Strategic Planning (30–90 Days)

Competitive Positioning:

• Zero-Trust: Micro-segmentation with secure access

• Supply Chain: Multi-vendor protocols via scanning tools

• Geopolitical: Integrate risks into BCP (ID.BE-5)

Investment Priorities:

• Predictive Analytics: SIEM for threat analysis (DE.AE-5)

• Automated Response: EDR for containment (RS.MI-1)

• Vendor Monitoring: Tools for third-party risk (ID.SC-2)

Long-Term Advantage (90+ Days)

Organizational Resilience:

• Threat Intelligence: Proprietary nation-state models (ID.RA-3)

• Collaboration: Join ISAC initiatives (ID.BE-4)

• Board Alignment: Quarterly cyber-geopolitical briefings (ID.GV-4)

Outlook: Emerging Risks (30–90 Days)

• Supply Chain Gaps: Network Management, Gateway, and Reporting Software vulnerabilities highlight systemic risks (45% exploit rate)

• Sector Re-targeting: Healthcare (50% likelihood), retail (45%), and aviation (40%) face sustained ransomware through Q3 2025, based on Qilin/KraKen patterns

• Geopolitical Spillover: Iranian/Chinese actors may target U.S. infrastructure (30% probability)

• Insider Threats: North Korean scams increase insider risks

Intelligence Gaps

• Critical Gap: Exploitation timelines for Network Management/Gateway vulnerabilities

• Qilin/KraKen Attribution: Specific malware variants

• North Korean Infiltration: Corporate network scope

• Systemic Risks: Multi-vendor software dependencies

Board Communication Package

Key Messages

• Urgent Action: Patch Network Management/Gateway, contain ransomware to avoid $3M losses

• Sector Targeting: Healthcare, retail, aviation face escalating attacks

• Geopolitical Risks: Iranian, Chinese, North Korean threats demand vigilance

• Investment Case: Zero-trust and analytics ensure resilience

Success Metrics Dashboard

• Vulnerability Response: <4 hours for patches (Target)

• Ransomware Recovery: <72 hours (Target)

• Vendor Risk: 100% critical vendors monitored (Target)

• Geopolitical Detection: <24 hours for nation-state activity (Target)

Financial Impact

• Avoided Costs: $3M ransomware vs. mitigation

• Competitive Edge: Enhanced posture vs. peers

• Insurance Savings: Avoid 15% premium hikes

Competitive Advantage Summary

Organizations addressing these threats—vulnerabilities, ransomware, and nation-state risks—will ensure continuity while competitors face disruption. Action within 72 hours, followed by zero-trust and analytics investments, aligns with NIST CSF and ensures leadership in a volatile landscape.

Decision Point: Act now to secure networks, strengthen defenses, and integrate geopolitical risks for sustainable advantage.Cyber Threats & Attack Trends

Cyber Threats & Attack Trends

CybersecurityHQ: This Week’s Reports Based on Technical Research and Academic Papers

→ Free

1. From SIM-swaps to system-wide breaches: the rise of Scattered Spider 👉 Read the report

2. Q2 2025 CybersecurityHQ brief: what CISOs must know now 👉 Read the report

→ Pro subscriber-only

1. Reforming identity governance: How just-in-time access enhances cybersecurity outcomes vs. traditional models 👉 Read the report

2. Evaluating organizational readiness against advanced persistent threats: the most effective simulation techniques 👉 Read the report

3. The ROI of lateral movement prevention: quantifying cost reduction and incident impact in enterprise cybersecurity 👉 Read the report

And more inside - check out the full list here.

Cybersecurity Stocks

Cyber Intel Brief: Key Insights from Leading Security Podcasts

This is what you missed in this week’s Cyber Intel Report sourced from top cybersecurity podcasts and webinars, if you haven’t upgraded your membership: 

This week, the cybersecurity landscape revealed a perfect storm of converging threats: supply chain attacks have become an annual certainty, AI-powered attacks achieved unprecedented sophistication with real-time deepfakes, and the post-quantum cryptography deadline emerged as an existential threat to current encryption. As browser security overtakes traditional endpoints as the primary attack vector and cyber resilience replaces prevention-focused strategies, CISOs face their most complex challenge yet: defending against machine-speed attacks while preparing for quantum computing's arrival.

⤷ Annual Supply Chain Guarantee delivers major breaches like clockwork - SolarWinds to Snowflake, with 90,000+ credentials exposed through misconfigurations

⤷ $25M Deepfake Heist proves AI-generated video calls indistinguishable from reality, rendering traditional verification obsolete

⤷ Browser Attack Supremacy overtakes endpoints as primary vector, with 64% of cloud repositories still harboring hard-coded credentials

⤷ Healthcare Data Premium commands 10x credit card value on dark markets, making medical organizations prime targets for sophisticated actors

⤷ 31 Billion Daily Attacks blocked by AI defenses reveal the scale of automated threats requiring machine-speed response

⤷ 2030 PQC Deadline approaches with 50% quantum probability by 2039, while long-lived silicon keys create unfixable vulnerabilities

⤷ 27% Board Engagement drops from previous 38%, despite director liability exposure under NIS2 reaching £100,000 daily fines

⤷ Zero Trust Reality Check reveals 2-3x storage costs from encryption overhead, challenging simplistic implementation assumptions

And more insights in this week’s full CISO briefing.

Interesting Read

AI‑Engineered Paint to Slash Buildings' Heat by 5–20 °C

On July 2, researchers from UT Austin, Shanghai Jiao Tong, NUS, and Umeå University unveiled an AI‑designed paint that reflects sunlight and emits thermal radiation, cooling surfaces by 5–20 °C under midday sun. Applied to urban rooftops, the coating could cut electricity use by approximately 15,800 kWh annually, enough to power 10,000 AC units for a year. This offers a scalable tool to mitigate the urban heat island effect.

Why it matters for CISOs: As data centers remain among the most energy-intensive assets in the enterprise, cooling innovation is becoming a security and resilience issue. AI-engineered materials like this paint could help reduce dependency on mechanical cooling, lower operational risk in extreme heat scenarios, and contribute to ESG-aligned IT infrastructure—all while reducing strain on backup power systems during peak demand or outages.

→ Read more at The Guardian

Fresh From the Field: Security Resources You Can Use

Social Media Highlights

Stay safe, stay secure.

The CybersecurityHQ Team