- Exzec Cyber Newsletter
- Posts
- AI, Phishing, and a Dash of Chaos
AI, Phishing, and a Dash of Chaos
Your Cybersecurity Roundup this Thursday
🧠 CyberFact of the Week:
In 2025, only 4% of organizations worldwide have achieved a 'Mature' level of cybersecurity readiness, according to Cisco's Cybersecurity Readiness Index.
📬 This Week’s Clickables
🕵️♀️ AI and phishing scams on the rise
🧑💻 CrowdStrike strikes down it’s employee count
🔥 Blazing hot headlines you really shouldn’t have missed
👀 Under-the-radar cyber stories with surprising impact
🤯 Phishing scams impersonating law enforcement - license and proof you’re human please
🚨 Big Stories This Week
AI Adoption Leading to Increased Cyberattacks
Intro: As AI becomes more integrated into our daily lives, it's also opening new avenues for cyber threats.
What Happened: The UK's Cabinet Office Minister, Pat McFadden, announced that the country is expected to face more frequent and severe cyberattacks as AI adoption grows.
Why It's Important: The integration of AI into various sectors increases the attack surface for cybercriminals, making it imperative to strengthen cybersecurity measures.
The Other Side: While AI presents new challenges, it also offers tools for enhancing cybersecurity through improved threat detection and response.
Takeaway: Organizations must balance the benefits of AI with the associated risks, ensuring robust cybersecurity frameworks are in place.
TL;DR: AI's growth is a double-edged sword, offering advancements and new vulnerabilities.
Further Reading:
CrowdStrike Announces Layoffs Amid Scaling Plans
Intro: Even cybersecurity giants aren't immune to economic pressures.
What Happened: CrowdStrike announced a 5% reduction in its workforce, aiming to scale its business and meet a goal of $10 billion in annual recurring revenue.
Why It's Important: Layoffs in major cybersecurity firms can impact service delivery and innovation, potentially affecting clients relying on their solutions.
The Other Side: The company plans to continue hiring in strategic areas, suggesting a shift in focus rather than a complete downsizing.
Takeaway: Organizations must adapt to changing economic landscapes, balancing growth ambitions with operational efficiency.
TL;DR: CrowdStrike trims its workforce to align with growth targets, signaling strategic realignment.
Further Reading:
🔥 Can’t Miss This Week
NSO Group Fined $168M for Targeting WhatsApp Users: A federal jury orders NSO Group to pay $168 million for deploying Pegasus spyware on WhatsApp users.
Play Ransomware Exploited Windows Zero-Day: Play ransomware group exploited a Windows zero-day vulnerability before Microsoft patched it.
OttoKit WordPress Plugin Exploited: Attackers exploit a vulnerability in the OttoKit WordPress plugin, affecting over 100,000 sites.
Lampion Malware Targets Portuguese Organizations: Lampion malware resurfaces, targeting government and financial sectors in Portugal.
FBI Warns of Escalating Ransomware Threats: FBI highlights increasing ransomware threats during the RSA Cybersecurity Conference.
👀 Might Have Missed
NIST Loses Key Cyber Experts: Retirement offers lead to the departure of key cyber experts from NIST.
CISA Adds Two Known Exploited Vulnerabilities: CISA updates its catalog with two actively exploited vulnerabilities.
AI Voice Cloning Deepfake Leads to Jail Time: A former athletic director receives jail time for creating a fake recording using AI voice cloning technology.
Third Parties and Machine Credentials Behind Breaches: Verizon's report highlights third-party exposures and machine credential abuse as key breach factors.
UK Retailers Under Cyber Siege: Harrods joins M&S and Co-op as victims of coordinated cyberattacks.
🧟♂️ Strange Cyber Story of the Week
Phishing Scam Impersonates Law Enforcement
Intro: A new phishing scam takes impersonation to the next level by posing as law enforcement.
What Happened: Cybersecurity expert Nick Johnson warns of a sophisticated phishing scam targeting Gmail users. The scam sends fake subpoenas via legitimate-looking emails that mimic official Google communications, tricking users into entering their credentials on a counterfeit Google Support portal.
Why It's Important: The scam exploits vulnerabilities in outdated Google infrastructure, allowing malicious content to be hosted on a google.com subdomain, increasing its credibility.
The Other Side: Google is aware of these targeted attacks and is implementing countermeasures, encouraging users to use two-factor authentication and passkeys for enhanced security.
Takeaway: Always scrutinize suspicious emails, even if they appear to come from legitimate sources, and enable additional security measures on your accounts.
TL;DR: A phishing scam impersonates law enforcement via Google's own infrastructure; stay vigilant and secure your accounts.
Further Reading:
Thanks for reading this week’s edition. If you have feedback or advice, want to submit a dog, or just hate everything you see? Reply back to this email!