In partnership with

⏱️ ≈ 7-minute read

Editor’s Note: Spyware is targeting encrypted messaging, emergency alerts are going dark, Palo Alto is spending like cybersecurity private equity, and California road signs are screaming profanity into the void.

📬 This Week’s Clickables

  • 📌 Big News: Spyware targeting encrypted messaging users • CodeRED outage exposes emergency-alert fragility

  • 🚨 Can’t Miss: SitusAMC lurking exposure • Anti–bulletproof hosting sanctions • Logitech breach • Delta Dental PHI incident • Palo Alto’s $3.35B observability land grab

  • 🤖 AI in Cyber: AI-run fraud ops • Buffett deepfakes • Sexual deepfake normalization • India’s “fight AI with AI” doctrine

  • 🧪 Strange Cyber Story: The road signs that learned new words your grandma wouldn’t approve of

🚨 Big Stories

📱 CISA Warns of Spyware Targeting Signal and WhatsApp Users

Intro:
Encrypted messaging apps weren’t breached — but their users were. CISA is sounding the alarm after multiple threat actors deployed commercial spyware to compromise devices running Signal, WhatsApp, and other secure apps. The encryption held up fine; the endpoints did not.

What Happened:
CISA’s new advisory outlines an active campaign using commercial spyware, malicious links, and mobile exploits to hijack devices outright. Once infected, attackers could read messages, capture keystrokes, activate microphones, and bypass every protection the apps themselves provide. Rather than attacking the crypto, threat actors simply took over the phones.

Why It’s Important:
Millions rely on encrypted messaging for privacy, safety, and sensitive business communication — but none of that matters when spyware owns the device. This advisory signals a rapidly expanding threat: well-resourced actors turning consumer phones into open windows.

The Other Side:
The apps weren’t compromised, and CISA stresses this is an endpoint security failure, not a flaw in Signal or WhatsApp. Still, for users who assumed encryption equals invincibility, this is a painful reminder: if the phone is compromised, the encryption is irrelevant.

👉 Takeaway:
End-to-end encryption protects your messages — but only if your device isn’t already in someone else’s hands.

TL;DR:
Attackers didn’t break Signal or WhatsApp; they broke you. And that’s enough.

Further Reading:

The average ransomware dwell time before detection is now 89 hours — attackers get a long weekend, defenders get the bill. (Source: Sophos)

🚨 Nationwide CodeRED Emergency Alert System Crippled by Ransomware

Intro:
When ransomware takes out your email server, it’s annoying. When ransomware takes out a national emergency alert system, that’s a different conversation. CodeRED’s outage shows how fragile the public-safety tech ecosystem really is.

What Happened:
INC Ransom hit OnSolve’s legacy CodeRED platform, forcing its complete permanent shutdown. Municipalities relying on the system for evacuation notices, weather alerts, and critical public warnings were suddenly left scrambling.

Why It’s Important:
This wasn’t a business-operations outage — it was a life-safety outage. The attack highlights that critical infrastructure doesn’t need to be energy or water to be catastrophic when attacked.

The Other Side:
OnSolve insists its newer platform remains safe, but many municipalities stuck on legacy infrastructure are now in “incident response but for an entire state” mode.

👉 Takeaway:
Ransomware just crossed another line: disrupting real-time emergency communication systems.

TL;DR:
Legacy infrastructure + ransomware = public-safety chaos.

Further Reading:

The Briefing Leaders Rely On.

In a landscape flooded with hype and surface-level reporting, The Daily Upside delivers what business leaders actually need: clear, concise, and actionable intelligence on markets, strategy, and business innovation.

Founded by former bankers and veteran business journalists, it's built for decision-makers — not spectators. From macroeconomic shifts to sector-specific trends, The Daily Upside helps executives stay ahead of what’s shaping their industries.

That’s why over 1 million readers, including C-suite executives and senior decision-makers, start their day with it.

No noise. No jargon. Just business insight that drives results.

Subscribe free today.

🔥 Can’t Miss

  • 🏦 Wall Street Quietly Scrambles After SitusAMC Vendor Breach
    The SitusAMC breach continues to ripple through financial giants, with sensitive documents tied to JPMorgan, Citi, and Morgan Stanley potentially exposed. The breach involved data exfiltration without ransomware encryption — meaning attackers quietly took what they wanted and walked.
    👉 Key takeaway: Vendor risk doesn’t trickle — it cascades through entire financial ecosystems.

  • 🛑 US, UK and Australia Sanction Russian ‘Bulletproof’ Hosting Network
    Media Land, long accused of providing bulletproof hosting for ransomware gangs and infostealer operations, now faces coordinated sanctions. Infrastructure-as-a-service for criminals is finally getting the geopolitical spotlight.
    👉 Key takeaway: Sanctions won’t kill bulletproof hosting — but they make the business model sweat.

  • 🖥️ Logitech Confirms 1.8 TB Data Breach Tied to Third-Party Zero-Day
    After Cl0p listed Logitech on its leak site, the company confirmed attackers accessed roughly 1.8 TB of internal data via a compromised third-party Oracle platform. No operational impact, but questions remain about what was exfiltrated.
    👉 Key takeaway: When your vendor is exposed, your data is exposed — scale included.

  • 🦷 Delta Dental of Virginia Breach Exposes Data of ~146,000 Individuals
    A compromised employee mailbox exposed PHI, insurance details, and personal data for more than 146k individuals. It’s the latest reminder that healthcare’s soft underbelly is email, not EHR systems.
    👉 Key takeaway: PHI continues to fall to simple compromises with outsized impact.

  • 💼 Palo Alto Networks to Acquire Chronosphere for $3.35B
    Palo Alto is adding yet another brick to its AI SecOps empire, acquiring observability platform Chronosphere in a $3.35B deal. The move strengthens PANW’s push toward integrated detection, analysis, and automated response — but also amps up the complexity of its rapidly expanding portfolio.
    👉 Key takeaway: Palo Alto isn’t just buying capabilities — it’s buying the entire AI-powered security stack before anyone else can.

The free newsletter making HR less lonely

The best HR advice comes from those in the trenches. That’s what this is: real-world HR insights delivered in a newsletter from Hebba Youssef, a Chief People Officer who’s been there. Practical, real strategies with a dash of humor. Because HR shouldn’t be thankless—and you shouldn’t be alone in it.

Sign Up Free

🤖 AI in Cyber

  • 🤖 Startup ‘Factory’ Fends Off AI-Agent–Powered Fraud Campaign
    Attackers deployed AI coding agents to maintain and evolve malicious infrastructure in real time. Factory managed to stop the campaign, but the operation shows how autonomous AI is shifting from hype to reality in cybercrime.
    👉 Key takeaway: AI isn’t assisting attackers — it’s doing the job for them.

  • 💸 Warren Buffett Deepfakes Swarm TikTok to Push Crypto Scams
    AI-generated Buffett clips are tricking viewers into investment schemes the real Buffett would light on fire. The deepfakes are polished enough to fool retail investors scrolling too quickly.
    👉 Key takeaway: Deepfake fraud is entering the “grandpa trusts TikTok” phase — and that’s bad.

  • ⚠️ UK Police: One in Four People Don’t See a Problem with Sexual Deepfakes
    A new national survey shows alarming normalization of non-consensual deepfake porn. Police say the behavior is illegal and harmful — but social acceptance is rising anyway.
    👉 Key takeaway: Public attitudes toward synthetic exploitation are becoming a security problem.

  • 🛡️ “Use AI to Fight AI”: Indian Cybercrime Chief Pushes Defensive AI Against Deepfakes
    India’s cybercrime leadership is pushing for police forces to adopt AI tools for deepfake detection, digital forensics, and voice clone analysis. The message is clear: AI-driven threats require AI-powered defense.
    👉 Key takeaway: Defensive AI is transitioning from optional to operational doctrine.

🧟‍♂️ Strange Cyber

🚧 Hacked Road Signs in California Start Swearing at Drivers

Intro:
Road signs are supposed to warn you about lane closures — not roast you. But in Encinitas, multiple digital signs were hacked to display profanity-laced messages, giving commuters an education they didn’t ask for.

What Happened:
Vandals physically broke into the portable signs, bypassed locks, and reprogrammed them with obscene content. This is the fourth time in three months, suggesting either impressive determination or someone with way too much free time.

Why It’s Important:
While hilarious, it highlights how poorly secured IoT-adjacent public hardware often is. Physical access + unsecured control panels = chaos.

The Other Side:
City officials say no backend systems were compromised — only the signs themselves. Still, a little authentication wouldn’t hurt.

👉 Takeaway:
Even roadside infrastructure needs cybersecurity. Because apparently, your commute wasn’t stressful enough.

TL;DR:
California’s road signs have entered the “unfiltered teenager” era.

Further Reading:

Thanks for reading this week’s edition. Like what you see? Forward it!

Hate everything you see or have other feedback? Reply back to this email!

Keep Reading

No posts found

© 2025 Exzec Cyber's Newsletter..

Privacy policy

Terms of use

Powered by beehiiv