This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures. Check out Bil’s page, KillSwitchAdvisory.
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Qilin ransomware adds “Call Lawyer” feature to pressure for larger ransoms
In the face of increasing resistance and non-cooperation from ransomware victims generally, the Qilin ransomware-as-a-service (RaaS) group is now offering legal counsel for its affiliates to “help them put more pressure on victims to pay up.” According to Israeli cybersecurity company Cybereason, this new feature “takes the form of a ‘Call Lawyer’ button on the affiliate panel. This feature allows an affiliate ransomware group to bring a lawyer into the negotiations with its victims, taking advantage of the fact that many companies wish to avoid legal proceedings, and will therefore comply more readily.
Iranian-backed spearphishing campaign seeks out cybersecurity experts
A new spearphishing campaign has been targeting Israel-based journalists, cybersecurity experts and computer science academic in Israel. Using a technique that has been seen many times before, the group is sending emails and WhatsApp messages from people posing as assistants to technology executives or researchers, seeking to “to coax the victim into joining a meeting, claiming they needed their immediate assistance on an AI-based threat detection system to counter a surge in cyberattacks targeting Israel since June 12. The messages point to faked Gmail login pages or Google Meet invitations.” The messages appear to be crafted through Generative AI due to their structured layout and the absence of any grammatical errors. Security company CheckPoint attributes tis action to groups affiliated to APT35.
NHS confirms patient death linked to ransomware attack
The June 2024 cyberattacks on London hospitals caused more than just a data breach—Britain’s National Health Service (NHS) now says a patient’s death was directly linked to the incident. NHS explains the attack impacted the amount of time it took hospitals to perform critical blood tests, the resulting delays were identified as one of the contributing factors in the patient’s death. The hackers also compromised data belonging to over 900,000 patients, including sensitive medical details that still haven’t been fully disclosed. A year later, the NHS is still dealing with the fallout, including dangerously low blood supplies that continue to impact care.
Huge thanks to our sponsor, ThreatLocker
layer. Only approved apps, scripts, and executables run. Period. Known-good is enforced. Everything else? Denied by default. Ringfencing and storage control keep even trusted tools in their lane—so PowerShell
doesn’t become a weapon. And yes—it works at scale. Granular policies. Fast rollout. Built for modern
infrastructure. You don’t need more alerts. You need fewer chances for malware to make a move.
ThreatLocker helps you flip the model—from detect-and-respond… to deny-and-verify. Go to ThreatLocker.com/CISO to schedule your free demo and close the last gap in
your Zero Trust strategy before it’s exploited.trial, visit ThreatLocker.com/CISO.
Microsoft 365 Direct Send abused to send phishing as internal users
Direct Send is a little-known Microsoft 365 feature that “allows on premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It’s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company.” It also does not require any authentication. Researchers at Varonis have announced that a phishing campaign that exploits this feature is targeting more than 70 organizations across all industries, with 95% of the victims based in the United States. It is run through a PowerShell command. To mitigate this threat, Varonis recommends enabling the “Reject Direct Send” setting in the Exchange Admin Center, which Microsoft introduced in April 2025.
(BleepingComputer)
Judge warns of constant attacks on PACER system
The Public Access to Court Electronic Records (PACER) platform allows judges and lawyers to file court documents electronically, however modernization is desperately needed to fend off constant attacks from increasingly sophisticated hackers. Federal Judge Michael Scudder told members of the House Judiciary Committee that “about 200 million harmful cyber “events” were prevented from penetrating court local area networks in fiscal 2024.” Documents at risk include sealed indictments, names of cooperating witnesses and arrest and search warrants. He added that “external experts and members of his committee have concluded that PACER is unsustainable due to cyber risks and must be replaced with a more modern system in the coming years due to its increasing vulnerability to hacks.”
Denmark proposes personal copyright to combat deepfake exploitation
The Danish government is planning on going to battle against the unauthorized use of AI-generated deepfakes by “changing copyright law to ensure that everybody has the right to their own body, facial features and voice.” This is believed to be the first law of its kind in Europe. The Danish culture minister, Jakob Engel-Schmidt, said he hoped the bill before parliament would send an “unequivocal message” that everybody had the right to the way they looked and sounded.