- Exzec Cyber Newsletter
- Posts
- National Guard vs. Hackers, $25B Cyber Deal, and a Creepy Broadcast Hijack
National Guard vs. Hackers, $25B Cyber Deal, and a Creepy Broadcast Hijack
Just another week in cyber – from nation-state exploits and hacktivist chaos to AI leaps and one haunted livestream.
⏱️ ≈ 6 minute read
"Phishing remains unsolvable—there’s no patch for human gullibility." – Mike Danseglio
📬 This Week’s Clickables
📌 Big News – ToolShell zero-day exploits SharePoint; St. Paul cyberattack triggers National Guard response
🚨 Can’t Miss – Hacktivist takedown of Aeroflot, Orange Telecom breached, Flo lawsuit settled, and more
🤖 AI in Cyber – Deepfake diplomacy, AI-fueled mega-mergers, and watermarking calls from the UN
🧪 Strange Cyber Story – Broadcast hijack brings a creepypasta horror to prime time
🚨 Big Stories
🐚 Chinese Hackers Exploit Critical SharePoint “ToolShell” Zero-Day
Intro: Several China-linked hacking groups launched a wave of breaches exploiting a new SharePoint zero-day chain dubbed “ToolShell,” compromising dozens of organizations worldwide.
What Happened: Microsoft revealed that multiple China-linked APTs exploited an authentication bypass and RCE chain in SharePoint Server, gaining access to over 50 orgs including U.S. agencies. The attack exploited cryptographic keys to maintain persistence.
Why It’s Important: Collaboration software like SharePoint is embedded in enterprise workflows—compromise here means stolen credentials, file access, and lateral movement. The flaw also gives attackers stealthy long-term access.
The Other Side: Microsoft issued emergency patches, published indicators of compromise, and warned that a PoC was already in the wild. CISA added the flaw to its KEV catalog.
The Takeaway: Patch immediately, rotate keys, and inspect for implanted web shells. Assume compromise if you were running unpatched SharePoint.
TL;DR: Nation-state hackers exploited a zero-day in SharePoint to breach 50+ orgs—patching now is critical.
Further Reading:
👀 National Guard Deployed as St. Paul Suffers Major City Cyberattack
Intro: A “deliberate, coordinated digital attack” crippled the City of St. Paul, leading the governor to activate the National Guard’s cyber unit.
What Happened: Hackers took down St. Paul’s government systems, forcing emergency shutdowns of libraries, public WiFi, and city services. The attack overwhelmed the city’s capacity, triggering the first-ever National Guard cyber deployment in Minnesota.
Why It’s Important: Local governments are soft targets—this attack shows how ransomware and disruption campaigns can escalate to state-level crises.
The Other Side: No ransom demand has been reported yet. City services stayed partially operational via manual processes.
The Takeaway: Municipalities need serious incident response plans—think fire drills for cyberattacks.
TL;DR: A cyberattack on St. Paul forced emergency system shutdowns and triggered National Guard intervention—a warning to every city.
Further Reading:
🔥 Can’t Miss
✈️ Pro-Ukraine Hacktivists Ground Over 50 Aeroflot Flights
Silent Crow and Cyber Partisans claim credit for disrupting Russia’s biggest airline, causing delays and data loss in a long-planned digital strike.🍊 Orange Telecom Discloses Major Cyber Breach
French telecom Orange isolated systems after a cyberattack hit business customers—no data theft confirmed, but investigators are still assessing damage.👀 Flo Health Settles Period-Tracking Privacy Suit
Flo resolved a high-profile lawsuit alleging it shared menstrual data with Meta. No admission of wrongdoing, but it’s a milestone in femtech privacy litigation.📆 Ingram Micro Faces Leak Threat from SafePay Ransomware
The gang claims it exfiltrated 3.5TB of data. Ingram restored systems, but the leak deadline is looming—and could ripple through supply chains.👮 BreachForums Hacker Indicted, 4 Others Nabbed
“IntelBroker,” a major BreachForums figure, was indicted in the U.S. and arrested in France. Four co-conspirators were taken down in coordinated action.
🤖 AI in Cyber
🧑💼 Deepfake Impersonators Are Targeting CEOs and Officials
Hackers are spoofing high-profile figures with deepfake audio/video, from White House officials to corporate execs—prompting urgent defense recommendations.🌊 UN Calls for AI Deepfake Watermarking Standards
The UN’s ITU urges governments and platforms to label and verify AI-generated content to counter election disinfo and deepfake abuse.🤑 Palo Alto to Acquire CyberArk for $25B Amid AI Security Push
A megamerger built on AI-driven identity and access protection. It signals a broader move toward integrated, AI-powered defense platforms.
🧟♂️ Strange Cyber
📺️ The Creepypasta That Crashed the Broadcast
Intro: A Brazilian news channel’s YouTube livestream was hijacked with an infamous horror meme—complete with distorted faces and cryptic messages.
What Happened: On July 29, Record News viewers were stunned when its 7PM newscast cut to a 3-minute hijacked feed showing “The Wyoming Incident”—a viral video known for its unsettling imagery and subliminal phrases like “YOU WILL SEE SUCH PRETTY THINGS.” The feed returned to normal, but the damage (and confusion) was done.
Why It’s Important: This wasn’t just a prank. The intrusion shows how vulnerable even trusted live news feeds are to tampering—raising concerns about future disinfo campaigns or panic-inducing hijacks.
The Other Side: Only the livestream (not TV) was affected. The channel blamed a technical error and is investigating. No one has claimed responsibility, but cyber pranksters are the likely suspects.
The Takeaway: Secure your streaming credentials—because the next hijack might not be so harmless.
TL;DR: A Brazilian news livestream was hijacked with a creepy 2000s-era video meme. Weird? Yes. But also a real red flag for broadcast cybersecurity.
Further Reading:
Thanks for reading this week’s edition. Like what you see? Forward it!Hate everything you see or have other feedback? Reply back to this email!