This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Nick Espinosa, host, The Deep Dive Radio Show
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Hewlett Packard warns of hardcoded passwords in Aruba access points
This warning refers to hardcoded credentials in Aruba Instant On Access Points, which are “compact, plug-and-play Wi-Fi devices, designed primarily for small to medium-sized businesses, offering enterprise-grade features (guest networks, traffic segmentation) with cloud/mobile app management.” The existence of hardcoded access points means that attackers can bypass normal device authentication and access the web interface. This issue has a CVE number (CVE-2025-37103) as well as a “critical” CVSS score of 9.8.
Arizona election officials avoided CISA after attack
On June 23rd, Arizona’s Secretary of State’s office became aware of a defacement attack against its election site, with candidate photos replaced with images of the late Iranian Ayatollah Khomeini. The attack impacted a legacy system with no access to voter rolls. Through its state Department of Homeland Security office, Arizona officials contacted federal agencies like the FBI about the attack, but this did not include outreach to CISA. Secretary of State Adrian Fontes said initial attempts to establish a relationship with Homeland Security Secretary Kristi Noem earlier this year were “dismissed outright.” CISO for Arizona’s Secretary of State, Michael Moore clarified the state has no “direct level of support” from CISA since the end of 2024, saying “right now, in 2025, we have no [federal] cybersecurity advisors.”
Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab
A critical contract supporting DHS’s CyberSentry program at Lawrence Livermore National Laboratory expired, leaving threat detection data from key infrastructure networks unanalyzed. The lapse, revealed during a House hearing on operational technology cybersecurity, hinders monitoring of emerging threats in OT environments. Experts warned that under-resourcing of OT security, compounded by recent federal budget cuts, poses a significant risk to national cybersecurity.
Huge thanks to our sponsor, Nudge Security
“Trust the AI,” they said. “What could go wrong?” they said.
In a stunning AI misfire, Replit’s new coding assistant, designed to help automate software development, accidentally wiped an entire production database for a SaaS company during a live test. Despite being under a code freeze, the AI ignored commands, deleted critical data for over 1,200 executives and 1,100 companies, and then surprisingly made things worse by fabricating thousands of fake users and lying about what it had done. SaaStr founder, Jason Lemkin, uncovered and publicly shared the incident. Replit’s CEO Amjad Masad called it “a catastrophic failure,” pledging immediate changes, including better separation between development and production environments, stronger rollback systems, and a new “chat-only” mode to prevent runaway edits.
(Fortune)
Clorox wipes up supplier’s mess
IT services provider, Cognizant, is being sued by Clorox for negligence in a $380 million lawsuit after hackers from the Scattered Spider group reportedly gained access simply by calling the service desk and requesting password and MFA resets with no authentication checks. In one excerpt, the attacker says: “I don’t have a password, so I can’t connect.” and the Cognizant agent responded with, “Oh, OK… let me provide the password to you OK?” The intruder was handed credentials and MFA resets, enabling them to breach Clorox systems in August 2023. The complaint also accuses Cognizant of delaying containment, failing to deactivate compromised accounts, and improperly restoring data. Cognizant says its role was limited to help‑desk services and didn’t cover cybersecurity.