Welcome reader to your CybersecurityHQ report

Brought to you by:

Cypago - Cyber Governance, Risk Management, and Continuous Control Monitoring in a Single Platform

Ridge Security - Continuous Threat Exposure Management. AI-Agent for Automated Security Validation.

—

#OpenToWork? Try our AI Resume Builder to boost your chances of getting hired!

—

Weekly Headlines

🎧 Listen to this newsletter on our AI-powered podcast

President Pardons Silk Road Founder

Ross Ulbright, founder of the Silk Road, was pardoned by President Trump on Tuesday morning.

Writing on Truth Social, the President said, “I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full and unconditional pardon of her son, Ross.”

Ulbricht, who was serving two life sentences for charges including narcotics distribution, money laundering, and hacking, was a polarizing figure in both legal and cryptocurrency circles. The Silk Road, operational until its 2013 shutdown, used Bitcoin for transactions and netted Ulbricht a forfeiture of over $183 million.

Prominent industry figures, including Paolo Ardoino of Tether and David Bailey of BTC Inc., hailed the pardon as a landmark victory. Some, like Bitcoin historian Pete Rizzo, even suggested marking January 21 as “Ross Ulbricht Freedom Day.” However, critics like former U.S. Attorney Preet Bharara described Ulbricht as a dangerous criminal whose actions contributed to serious harm.

FTC Warns of ‘Surveillance Pricing’

The FTC has released a report exposing the rise of "surveillance pricing," where companies use personal data to adjust prices for goods and services. Retailers are partnering with intermediary firms that leverage algorithms and consumer data—such as location, browsing history, and even mouse movements—to tailor prices. This practice enables companies to charge different prices for the same products based on individual profiles and behaviors.

For example, new parents may see higher prices for baby products, or cosmetics companies might adjust promotions based on skin type. The FTC examined at least 250 businesses using these methods, including grocery stores and apparel retailers, and noted that such practices could disrupt consumer purchasing habits and market competition.

The report follows the FTC’s investigation of eight firms, including Mastercard and McKinsey, to understand how algorithms and personal data influence pricing. Outgoing FTC Chair Lina Khan emphasized the importance of transparency, urging continued scrutiny to ensure Americans understand how their data is used.

While individualized pricing isn’t new—some travelers use VPNs to secure cheaper flight deals—the FTC warns that widespread adoption could lead to unfair pricing when large companies dominate data collection. Public comments on the issue are open until April 17, as the FTC seeks input from both consumers and businesses.

UAE Faces 200K Daily Cyberattacks

In a report released Monday, the UAE Cyber Security Council claims the country faces over 200,000 daily cyberattacks targeting critical sectors, mostly focused on government institutions. These attacks, originating from cyberterrorist groups in 14 countries, have been traced and countered, according to state news agency WAM.

Government sectors accounted for 30% of attacks, followed by financial, banking, and education sectors at 7% each, and aviation, healthcare, and technology sectors at 4% each. Information technology and infrastructure breaches made up 40% of incidents, while file-sharing attacks constituted 9%. The "Blackcat" ransomware group was responsible for 51% of ransomware attempts.

Key vulnerabilities included misconfiguration, leading to 27% of successful breaches, malware at 22%, and scanning and unauthorized access at 15% each. Officials warned that cyberattacks will likely grow more sophisticated in 2025, especially with the adoption of AI by attackers.

The council called on both public and private sectors to bolster defenses and adhere to national cybersecurity standards to combat evolving threats.

Harry's Monumental Victory: NGN Apologizes

On Wednesday, Prince Harry achieved a "monumental" victory in his lawsuit against Rupert Murdoch's UK newspaper group, News Group Newspapers (NGN), which admitted to illegal activities for the first time. NGN settled the case with substantial damages reportedly in the eight-figure range, acknowledging unlawful information gathering by its Sun tabloid between 1996 and 2011, including intrusions into Harry's private life and that of his late mother, Princess Diana.

The settlement followed last-minute talks, avoiding a trial that was set to begin Tuesday. NGN issued a full apology, admitting private investigators working for The Sun had engaged in illegal practices but denied wrongdoing by its journalists. Harry and co-claimant Tom Watson described the case as exposing "lies" and "cover-ups" and emphasized that no one is above the law.

The publisher also admitted to targeting Watson during his time as a junior minister. While NGN has paid over £1 billion in settlements for similar cases, it previously denied any unlawful activity at The Sun or involvement by senior figures, including former editor Rebekah Brooks.

Harry criticized NGN's leadership and called for further investigations into alleged cover-ups. London police stated there are no active investigations but will review new information if provided.

Upgrade your subscription for exclusive access to member-only insights and services

Upgrade to paid

FBI, PowerSchool Breaches Prompt Alarm

The FBI has issued a warning after hackers breached AT&T’s system, stealing call and text log data from FBI agents using the carrier’s public safety service. The breach, affecting records from 2022, exposed agents’ phone numbers and the numbers they contacted, potentially compromising confidential informants’ identities. While the content of communications was not accessed, the stolen data could link investigators to secret sources, Bloomberg reported.

The incident, part of a larger hack affecting 109 million AT&T customer accounts, has prompted an urgent push to protect informants. AT&T stated it collaborated with law enforcement to mitigate the breach’s impact. The FBI emphasized its duty to safeguard informants, whose information often involves significant personal risk.

This breach highlights ongoing concerns about cyber-espionage targeting U.S. telecom networks—all related to the unfolding Salt Typhoon saga. Both AT&T and Verizon have faced similar attacks but assert their systems are now secure following cooperation with federal authorities.Edtech Giant PowerSchool Faces Backlash Over Major Data Breach

PowerSchool, a California-based edtech company serving over 15,000 customers globally, is under scrutiny following a significant cybersecurity breach exposing student and staff data across multiple school boards. The December 22 incident, traced to a Ukrainian hosting company, involved PowerSchool making an undisclosed payment to prevent data release.

The exposed information includes names, birthdates, addresses, and phone numbers, with Rocky View Schools confirming potential compromise of sensitive data including medical records and custody arrangements. Records dating back to 2011 may be affected.

University of Calgary cybersecurity expert Dr. Thomas Keenan criticized PowerSchool's vague communication and called for financial compensation to affected families, citing long-term identity theft risks. While PowerSchool has offered credit monitoring and identity protection services, questions persist about the breach's full scope and the company's data protection practices.

Rostelecom Investigates Contractor Data Breach

The US is not the only country dealing with major telecom hacks. Rostelecom, a leading Russian telecommunications provider, is investigating a data breach involving one of its contractors. On Tuesday, the hacker group Silent Crow published a data dump containing 154,000 email addresses and 101,000 phone numbers allegedly stolen on September 20, 2024. The leaked data reportedly includes customer information but no "particularly sensitive" personal data, according to Rostelecom.

The breach targeted a contractor responsible for Rostelecom's corporate website and procurement portal. The company acknowledged prior "information security incidents" and stated it is analyzing the leaked database to confirm the scope and relevance of the compromised data. Rostelecom has advised users to reset passwords and enable two-factor authentication.

Silent Crow, known for publishing leaks without demanding ransom, has also claimed responsibility for breaches at other Russian entities, including Rosreestr and Alfa-Bank. Despite measures to address cybersecurity threats, Rostelecom CEO Mikhail Oseevsky previously remarked that personal data of all Russian citizens is already widely available on the darknet.

The Russian Ministry of Digital Development confirmed that the breach did not affect the state services portal or expose sensitive subscriber data. Roskomnadzor recorded 135 database leaks in 2024, involving over 710 million records of Russian citizens.

Interesting Read

In a fascinating paper, Natalia Vuori, Barbara Burkhard, and Leena Pitkäranta examine the delicate relationship between trust and the adoption of AI technology in organizations. The results reveal the psychology involved with tech, security, and innovation.

The authors identified four types of trust: full trust, full distrust, uncomfortable trust, and blind trust. Each drives unique responses, like detailing, manipulating, confining, or even withdrawing digital footprints. These behaviors set off a "vicious cycle," where skewed and incomplete data undermines AI performance, further shaking trust and stalling adoption.

In fact, employees with only a small level of distrust were found to feed the AI outright wrong data to ruin their reputation.

The study, which you can read for free here, highlights how deeply human the story of AI continues to be.

Weekly Arora-Inspired Opinion & Analysis

This weekly column has been created based on a deep analysis of how Nikesh Arora, CEO of Palo Alto Networks, strategizes in the cybersecurity space, drawing inspiration from his leadership style, forward-thinking approach, and innovative insights. While not an exact representation, the column embodies key elements of his strategic mindset and vision for the future of cybersecurity.

-

This week’s news highlights how technology, governance, and risk are evolving faster than ever—and not always in predictable ways. As CEOs and CISOs, we are navigating an era where every decision reverberates through interconnected systems, reshaping the rules of competition, ethics, and security. The stories dominating headlines this week remind us of the delicate balance between innovation and responsibility.

Forgiving Silk Road founder Ross Ulbricht sends a mixed message about securing digital spaces. Some people see Ulbricht's story as a way to promote victory for libertarian ideals. But you can also read it as a story of how innovation, when not overseen, can harm society—a society increasingly living in digital shadow spaces. The Silk Road wasn't just about using a web browser to find drugs. It became a shadow economy, with cryptocurrency payments fueling all sorts of illicit transactions. And while cryptocurrency is part of a larger technological revolution, this story also shows that good leading can make a societal difference—especially when bad leading can lead to such an inauspicious end as the Silk Road shutdown.

Equally disturbing is what the FTC has to say about "surveillance pricing." This emerging practice of using our personal data to set prices for us is right on the edge of being an ethical use of personal data, and it is certainly branded in a way that makes it sound pretty scary. Surveillance pricing—using our data to price for us—isn't really like what the moniker makes it sound, of course. And even the report seems to hedge on just how bad it really is, given that the campaign against it is more of a longstanding push from consumer advocates who are skeptical of personalized pricing practices. And those advocates are certainly right to be concerned; personalized pricing practices have the potential to be unfair. Still, the practice isn't illegal, and even some of the commission's Republican members were apparently wary of painting too negative a picture here.

This week's disclosures on cybersecurity have brought to light a familiar theme. The costs and consequences of being wrong are going up—fast. According to recent reports, the United Arab Emirates keeps itself safe from over 200,000 daily cyberattacks. Most of these are aimed at critical parts of the government and the nation's vital infrastructure. At the same time, though, big breaches at places like AT&T, PowerSchool, and Rostelecom show just how even the most well-defended organizations can still get taken. Measuring the effect of successful cyberattacks on a target's bottom line is new in this space. So are the possibilities that AI and "generative" modeling afford bad guys.

For CISOs, the path forward is clear but challenging: double down on fundamentals like patch management and employee training while preparing for AI-enhanced attacks that demand faster and more adaptive responses. For CEOs, cybersecurity is no longer a back-office issue—it’s a business continuity priority. Investments in zero-trust architectures, robust incident response plans, and cross-sector collaboration are no longer optional.

The PowerSchool breach is only the most recent example of how lives can be disrupted for a long time because of poor data protection policies. Those whose data was protected by PowerSchool seem to have been as secure as possible; nonetheless, sensitive information from more than 30,000 records was unprotected and exposed to "anyone on the internet" for a period by a troubled school that had contracted with PowerSchool.

In these turbulent times, the question isn’t whether disruption will come—it’s how prepared we are to meet it. The leaders who thrive will be those who embrace innovation but anchor it in ethics, transparency, and resilience. The pace of change may be accelerating, but the principles of trust and responsibility remain timeless.

Until next week,

Arora Avatar

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team