U.S. agencies issue urgent warning over Iran threat
A new warning from U.S. cyber agencies urges critical infrastructure organizations to stay on high alert for possible cyberattacks from Iranian state-backed hackers —especially defense contractors with ties to Israel. While there’s no evidence of a coordinated campaign yet, the advisory from CISA, the FBI, NSA, and DoD Cyber Crime Center points to heightened risk amid growing tensions in the Middle East. Officials say near-term cyber operations from Iranian actors are possible, especially targeting sectors like defense, water, and aviation.
Canada bans Chinese surveillance company
Canada has ordered Chinese surveillance giant Hikvision—known for manufacturing CCTV systems for civilian and military use—to shut down all operations in the country, citing national security concerns. The move follows a multi-step review by Canadian intelligence agencies, which concluded that the company’s continued presence could be harmful to national security. Hikvision is now also banned from selling products to Canadian Government departments, agencies, and crown operations. The surveillance company denies the allegations and calls the decision politically motivated.
(Bleeping Computer), (Security Week)
CISA names new executive director
Casie Antalis has been named the new executive director of CISA, following the retirement of Bridget Bean, who also served briefly as acting director after Jen Easterly’s departure. Antalis brings over a decade of federal leadership experience, including roles at DHS, CBP, and the White House. She’s stepping in at a tricky time, as the agency remains in flux and faces a potential $135 million budget cut and workforce losses under the Trump administration.
U.S. cracks down on fake IT workers
U.S. authorities have unsealed indictments, seized financial accounts, and arrested Zhenxing “Danny” Wang in a coordinated crackdown on North Korean remote IT workers who infiltrated over 100 American companies using stolen identities, causing millions in damages. The operation targeted “laptop farms” across 16 states and resulted in the seizure of 29 financial accounts and 21 fraudulent websites tied to laundering and theft, including $900,000 in stolen virtual currency.
Huge thanks to our sponsor, Palo Alto Networks
Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attacks with real-time cloud security that includes AI-powered protection, detection and automated response capabilities.
Threats are stopped in minutes instead of days, and teams can finally protect cloud environments at the speed and scale of modern attacks. To learn more about how Cortex Cloud stops cloud attacks before they become breaches, visit: paloaltonetworks.com/cortex/cloud-detection-and-response
Swiss government data exposed in ransomware attack
A ransomware attack on Swiss nonprofit Radix has exposed sensitive data tied to several federal offices, prompting a government-led investigation into the extent of the breach. After failed extortion efforts, the Sarcoma ransomware group leaked 1.3TB of data, including contracts, financials, and communications. Radix, which provides public health services and counseling platforms, says some systems were encrypted, but core platforms like SafeZone and StopSmoking were not affected. This marks the second major Swiss third-party breach in under two years.
(The Record), (Bleeping Computer)
Five arrested in crypto scam takedown
Europol announced the takedown of a massive cryptocurrency investment fraud ring that laundered $540 million from over 5,000 victims, leading to five arrests in Spain. The syndicate used romance-baiting tactics and routed stolen funds through a global web of crypto transfers and shell accounts tied to Asia, with authorities calling the operation highly sophisticated and AI-enhanced.
(Bleeping Computer), (The Hacker News)
Employee sentenced in retaliation attack
Revenge backfired for a disgruntled British IT worker. Mohammed Umar Taj was sentenced to seven months in jail for launching a cyberattack against his former employer. The attack caused at least £200,000 in damages and disrupted operations in the UK, Germany, and Bahrain. Reports show Taj altered login credentials and multi-factor authentication settings just hours after being suspended in July 2022. Investigators later recovered audio recordings of him discussing the attack, which helped secure the conviction.
Microsoft Defender adds email bombing protection
Microsoft is rolling out a new feature in Defender for Office 365 that automatically detects and blocks email bombing attacks. These attacks flood inboxes with thousands of emails to obscure real threats, often used by ransomware groups like BlackBasta as part of broader social engineering schemes. The new detection, enabled by default, started rolling out in late June and will be available to all customers by the end of July.