Journalists Hacked, Airlines Grounded & Knockin' out the lights

Hardware backdoors, AI deceptions, and a supply-chain scare — your mid-week cyber intel delivered.

June 17, 2025 

💡 Cyber Quote of the Week:
“Identity is the new perimeter—and once lost, you're pierced.” — Alex Stamos, former Facebook CSO (Irony from Facebook and all)

📬 This Week’s Clickables

  • 📌 Big News — When the press and MSPs get hit, the rest of us should be paying attention

  • 🚨 Can’t Miss — Airline outages, IRS deepfakes, food supply hacks & botnet busts

  • 🤖 AI in Cyber — Governance, defense, and AI getting weaponized

  • 🧪 Strange Cyber Story — How a phony Office patch turned Ukraine’s grid lights out

🚨 Big Stories This Week

📰 Journalists’ Emails Compromised in Washington Post Cyberattack

Intro:
Breach at a newsroom with global reach—Washington Post journalists have had their Microsoft email accounts hacked, likely by a nation-state actor.

What Happened:
On June 12, the breach was detected targeting journalists covering national security and economic policy—those with high-interest sources. Executive Editor Matt Murray forced a password reset across all staff amid an ongoing investigation

Why It’s Important:
Journalists are gateways to sensitive intel. When they’re targeted, it's not just theft—it’s a threat to press freedom and trust in the media’s ability to operate securely.

The Other Side:
The Post maintains core systems weren’t affected and used encrypted tools for sensitive lines of communication. Still, this serves as a stark reminder that journalists are prime espionage targets.

The Takeaway:
Media outlets must adopt high-assurance security like segmented accounts, MFA escalation, and secure comms, especially for those covering geopolitics.

TL;DR:
Nation-state hackers breached WaPo journalist emails—reinforces press vulnerability and the need for hardened cybersecurity in newsrooms.

🛠️ ConnectWise Hacked via ScreenConnect Vulnerability

Intro:
A supply-chain attack landed at ConnectWise, exposing thousands of MSP-managed endpoints to a nation-state-level exploit.

What Happened:
Attackers exploited a high-severity flaw in ScreenConnect (CVE-2025-3935), stealing machine keys and injecting backdoors into cloud-hosted systems—targeting only a subset of clients. Patches issued promptly, but concerns remain about potential lateral movement.

Why It’s Important:
This is a chilling reminder: your vendor may be the weakest link. MSPs represent a critical leverage point for attackers to move downstream into clients’ networks.

The Other Side:
ConnectWise pivoted fast—rotating certs, involving Mandiant, and notifying impacted parties. Apparently, no critical or operational systems were hijacked.

The Takeaway:
Patch early, audit vendor relationships, rotate keys, and monitor telemetry from all third-party access.

TL;DR:
ConnectWise’s RMM tool was breached by a sophisticated adversary—patch now, and treat MSPs like perimeter assets.

 🔥 Can’t Miss This Week

  • ✈️ WestJet App & Systems Breach Disrupts Customer Experience
    The Canadian airline shut down its mobile app and internal systems after unauthorized access was detected. Passengers remained safe, but PII may have been exposed—time to enforce app-layer segmentation and access controls.

  • 🛡️ FBI & CISA Warn of Play Ransomware Surge

    Play ransomware compromises critical infrastructure using remote support tool misconfig. Get a hold of the remote access tools in your enviornment and restrict the rest.

  • 😷 UNFI Food Distributor Hit by Ransomware
    Systems shut down by an attack disrupted distribution to grocery chains. IT resilience plans should now be measured against supply chain impact and multi-site redundancy.

  • ⚖️ Qakbot Botnet Kingpin Indicted, $24M Crypto Seized
    The DOJ captured a top-tier bot-herder and recovered millions in ransomware funds. Reminder: law enforcement can and will extract consequences when threats cross the line.

🤖 AI in Cyber

  • 🧭 Experts Call for Urgent AI Governance in Cyber
    At a Boston roundtable, security leaders warned that without clear AI governance frameworks, rapid AI adoption in cyber defense—and offense—raises serious risk. Takeaway: Establish roles and accountability for AI security use now before policy lags.

  • 💷 UK Survey Warns Financial Firms Aren’t Guarding AI Tools
    90% of financial firms use AI, yet only 18% have formal policies—opening up large-scale data breach risks, according to compliance reports. Takeaway: Internal AI governance isn’t optional—it’s critical to prevent misuse and data leaks.

  • 🇺🇸 OpenAI Awarded $200M US Defense Cyber Contract
    OpenAI will develop AI tools for proactive cyber defense under a DoD contract through mid-2026. Takeaway: Defense-grade AI is real—and commercial cyber teams may need to align with emerging standards.

  • 🛡️ Cybercrime Apps Use Deepfake “Repeaters” to Test Defenses
    Cybercriminals are using AI-powered “repeaters” (deepfaked identities) to probe security systems and identify detection gaps. Takeaway: Think beyond first-layer defense—regularly test AI-based detection with adversarial deepfake simulations.

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

  • Get daily AI news, tools, and tutorials

  • Learn new AI skills you can use at work in 3 mins a day

  • Become 10X more productive

🧟‍♂️ Strange Cyber Story of the Week

🌐 Ukrainian Power-Grid Hack via Fake Microsoft Office Update

Intro:
In 2015, a cyber-attack used a counterfeit Microsoft Office update to disrupt Ukraine’s power grid, creating familiar risk vectors in modern-day OT environments.

What Happened:
Hackers disguised as patch authors pushed malware into Ukrainian grid control systems, causing a blackout that affected over 200,000 citizens.

Why It’s Important:
It demonstrates how attackers weaponize trust—the very update mechanisms we rely on—to break into highly sensitive operational networks.

The Other Side:
Defenders learned fast—utility providers now require cryptographic signing, but attackers are engineering more sophisticated supply chain exploits.

The Takeaway:
If your OT gear trusts software updates automatically—disconnect update channels until you vet authentically signed code. Zero trust isn’t just IT—it’s utility systems too.

TL;DR:
A fake Office update knocked out Ukrainian power—update safety is critical where lives and infrastructure depend on it.

Thanks for reading this week’s edition. Like what you see? Forward it!

Hate everything you see or have other feedback? Reply back to this email!