The Gate 15 Company is a leader in helping organizations by providing threat-informed, risk-based approaches to analysis, preparedness and operations.
In this week's Security Sprint, Dave and Andy are joined by Anna Mentzer-Hernandez to talk about the following topics:Opening:• AI Governance: Aligning Corporate Structures with Emerging Tech - Gate 15 o CISA & G7 Partners Release Joint Guidance on the Minimum Elements of a Software Bill of Materials for Artificial Intelligence o Thinking carefully before adopting agentic AI - NCSC • Non-Human Identities (NHIs) Are Growing Faster Than Most Security Programs - RSAC Conference - 13 May 2026 Gate 15's Sadie-Anne Jones wrote that non-human identities are expanding rapidly across cloud, automation, AI, API, SaaS, and CI/CD environments, often outpacing the governance programs meant to control them.• PERSPECTIVE: Stabilizing the Cybersecurity and Infrastructure Security Agency Starts With These Critical Steps - HSToday - 13 May 2026 Scott Algeier, Executive Director of the Information Technology Information Sharing and Analysis Center and Executive Director of the Food and Agriculture Information Sharing and Analysis Center, argues that stabilizing CISA requires renewed public-private partnership, legal protections for information sharing, and practical reforms that strengthen trust with industry. Main Topics:Hurricane Season & (TLP:GREEN) GATE 15 TARGET Hurricane Preparedness, 18 May 2026San Diego shooting: 5 dead in mosque attack; anti-Islam writings found - Los Angeles Times - 18 May 2026 The Los Angeles Times reported live updates on the San Diego mosque attack, including that five people were dead and anti-Islam writings were found as investigators examined motive. The reporting described a large law enforcement response and continued investigation into whether the attack was driven by bias or extremist intent. The incident has elevated concern around religiously motivated targeted violence and the protection of schools or community spaces co-located with houses of worship. Target is faith-based organizations, Muslim communities, school administrators, and emergency managers with Dig highlighting the intersection of hate-driven violence, mass casualty response, and community security preparedness.Iranian hackers target gas stations and internet-connected systems amid regional tensions – CNN – 15 May 2026 Iranian-linked cyber actors are reportedly targeting internet-connected systems and fuel distribution infrastructure amid heightened geopolitical tensions involving Iran and Western governments. Analysts assess the activity as part of a broader pattern of retaliatory cyber signaling intended to demonstrate disruptive capability without crossing into full-scale destructive cyber conflict. The incidents reinforce ongoing concerns regarding the exposure of operational technology and public-facing infrastructure systems vulnerable to politically motivated cyber operations. Target is fuel distribution systems and internet-connected infrastructure environments with Dig highlighting how geopolitical escalation continues to increase cyber risk to civilian operational systems. • ISACs! ONE-ISAC, Tribal-ISAC, RH-ISAC• Iraqi National Arrested and Charged with Providing Material Support to Iranian-Backed Terrorist Organizations and Directing Attacks Targeting U.S. Citizens and Interests Quick Hits:• Fine of nearly £1m issued against South Staffordshire Plc and South Staffordshire Water Plc • UK water company allowed hackers to lurk undetected for nearly two years, regulator finds • W.H.O. Declares Ebola Outbreak a Global Health Emergency
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Allan Liska. Allan Liska, threat intelligence analyst at Recorded Future, has more than 15 years of experience in information security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye, and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of “The Practice of Network Security, Building an Intelligence-Led Security Program”, “Securing NTP: A Quickstart Guide” and the co-author of “DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.”, and "Ransomware: Understand. Prevent. Recover." Allan on LinkedInAllan on BlueskyAllan on Substack (Ransomware)Green Archer Comics Allan Liska's cybersecurity books on Amazon! The Gate 15 Interview EP 55. Allan Liska, Ransomware Sommelier. Threats, mental health, comic books and Diet Dr. Pepper. (18 Feb 2025)“I think we're in a rough time right now… we need to be more empathetic and more compassionate” – Allan LiskaIn the podcast, Allan and Andy discuss: Ransomware, Recorded Future, cybersecurity, and comics!Anti-Ransomware Day, 3rd party ransomware risk, and the expanding ransomware ecosystemIABs, scams, BEC, and other threatsThoughts on AI and LLMsThe value of networking!Green Archer Comics! and where you can meet Allan: Comic Logic (17 May), Big Lick Comic Con NOVA (30-31 May) Sleuthcon (05 Jun)We play Three Questions! and talk, Green Arrow, The White Desert, and some rapid-fire comic word associationAnd more!
In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Summary Playbook: AI Risk Management Checklist for Leaders - Gate 15 • Ripple teams up with Crypto ISAC to stop North Korean hackers • Designation: Restrict the Operation of Unmanned Aircraft in Close Proximity to a Fixed Site Facility ; An unpublished Proposed Rule by the Federal Aviation Administration on 05/06/2026 - FAA • Trump admin will push for ‘long-term' reauthorization of key cyber data-sharing law • FEMA Review Council Releases Final Report - DHS • Ranking Member Thompson Statement on FEMA Review Council Report - House Homeland Security Committee Democrats Main Topics:Ransomware! International Anti-Ransomware Day 2026: Kaspersky shares insights into ransomware trends and tactics - Kaspersky - 12 May 2026. • Weekly ransomware & data leak landscape - eCrime.ch • Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Research • Ransomware roundup: April 2026 - Comparitech • Arete's 2025 Annual Crimeware Report Operationalizes Cyber Intelligence and Incident Response Data • Global ransomware statistics 2026: the data behind the rising threat • Gentlemen ransomware reportedly hit by… ransomware CI Fortify: Strengthening Resilience Across Critical Infrastructure - CISA - 05 May 2026 This initiative outlines CISA efforts to strengthen resilience across critical infrastructure sectors through targeted guidance tools and collaborative programs. America's Most Critical Lifeline- Water! AI-Assisted ICS Attack on Water Utility - Dragos - 07 May 2026 Dragos reports that threat actors used artificial intelligence tools during an intrusion involving a water utility environment to support reconnaissance, scripting, and operational targeting activity. • WaterISAC H2OSecCon!! 02 June 2026• WaterISAC: TLP:GREEN Physical Security Case Study: Water Treatment Plant Insider Threat Incident • Polish intelligence warns hackers attacked water treatment facility United States Counterterrorism Strategy - The White House - 06 May 2026 The White House released its 2026 counterterrorism strategy, outlining priorities focused on homeland protection, cartel and transnational gang threats, jihadist organizations, violent secular political groups, state sponsors, and weapons of mass destruction risks. o Perspective: Selective Threats — A Counterterrorism Strategy Built on Politics - HSToday - 11 May 2026 - Analysis/Commentary. HSToday argues that political considerations are shaping counterterrorism priorities in ways that can distort threat assessment and operational focus. o Trump counterterrorism strategy targets ‘violent left-wing extremists' with ‘transgender ideology' o Trump Releases New 'Counterterrorism Strategy' With Fresh Focus on Cartels and Antifa o Trump's counterterrorism strategy puts focus on left-wing ‘violent secular groups' o Trump signs new counterterrorism strategy that focuses on hemispheric threats o US says migration has made Europe an ‘incubator' for terrorism in new counter-terrorism strategy o Ranking Member Thompson Statement on Trump Administration's Counterterrorism "Strategy" Quick Hits:• One in Eight Workers Has Sold Their Corporate Logins • El Niño to fuel Pacific hurricane season, increase risks for California, Hawaii, Mexico • ClickFix! Clipboard to Encryption: The Critical Role of ClickFix in Ransomware Campaigns • ClickFix! ClickFix distributing Vidar Stealer via WordPress targeting Australian infrastructure • ClickFix! ClickFix campaign uses fake macOS utilities lures to deliver infostealers • Between Intent and Capability: Assessing the Lack of Iranian Attacks on the U.S. Homeland • The Canvas Hack Is Disrupting Schools and Universities Across the Country • OT Cybersecurity Lessons Learned from the Frontlines • English Language Video Attributed to Al-Qaeda in the Arabian Peninsula Calls for Lone Wolf Attacks in the West
In this week's Security Sprint Dave and Andy covered the following topics:Opening• Homeland Security Funding Bill Passed, Includes Money for CISA • Browser Extensions and Shadow AI: Unmanaged Threats to Privacy — Gate 15• Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS's SRMA Role for the Communications and IT Sectors — House Committee on Homeland Security• New Cybersecurity Guide Targets Rising Threats to Food and Agriculture SMBs • Maine Law Requires Hospitals to Enact Cybersecurity PlansMain TopicsNew FTC Data Show People Have Lost Billions to Social Media Scams - Federal Trade Commission - 23 Apr 2026 The Federal Trade Commission reported that consumers have lost billions of dollars to scams originating on social media platforms, with fraudsters leveraging impersonation, investment schemes, and romance scams to exploit user trust. Take9! 9 Seconds For A Safer World. Cyber threats are everywhere. And getting sneakier. What can you do to protect yourself, your community and our nation? New 2026 ‘IOCTA' highlights sophisticated tactics and emerging challenges in the digital landscape – Europol unveils comprehensive analysis of evolving cybercrime threats - Europol - 28 Apr 2026 Europol released its 2026 Internet Organised Crime Threat Assessment, warning that encryption, proxies, artificial intelligence, dark web marketplaces, cryptocurrencies, fraud ecosystems, ransomware, and child sexual exploitation are expanding the cybercrime landscape. Global Encryption Coalition (GEC). The Global Encryption Coalition (GEC) was founded in 2020 by the Center for Democracy & Technology, Global Partners Digital and the Internet Society and now has over 350 members. Gate 15 is a proud member of the GEC. Ransomware! Weekly ransomware & data leak landscape; A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch. — eCrime.ch — 26 Apr 2026. The eCrime weekly report provides a seven-day analysis of ransomware claim activity, data leak site postings, actor concentration, and sector targeting trends. • NCC Group Monthly Threat Pulse - Review of March 2026 • Ransomware and Cyber Extortion in Q1 2026 - ReliaQuest Presidential Message on National Hurricane Preparedness Week - The White House - 03 May 2026 This message encourages Americans in hurricane-prone areas to prepare before the season by protecting property, building emergency plans, assembling supplies, and monitoring forecasts and evacuation routes. It emphasizes local and state frontline roles while describing federal support for response and recovery. • Hurricane Preparedness - NOAA • Summer forecast 2026: Heat, severe storms to shape the season as El Niño develops, strengthens - AccuWeather• 2026 Hurricane Awareness Webinars - NOAA Quick Hits• Email threat landscape: Q1 2026 trends and insights — Microsoft Security Blog • Tycoon2FA disruption impact• QR code phishing attacks• CAPTCHA tactics• Malicious payloads• Business email compromise• Defending against email threats• Microsoft Defender detections• Alert - AL26-008 - Vulnerability affecting cPanel and WebHost Manager (WHM) - CVE-2026-41940 - Canadian Centre for Cyber Security • Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks • To recover your files kindly send 0.1 BTC to… ransom note appears on websites • The cPanel Situation Is… - • cPanel authentication bypass vulnerability CVE-2026-41940 exploited • Over 40,000 Servers Compromised in Ongoing cPanel Exploitation • Cole Allen's journey from Caltech grad to accused gunman in D.C. attack • Footage shows White House correspondents' dinner suspect 'casing' hotel: US attorney • Washington Hilton says it was using Secret Service protocols on night of attack
In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• AI in Cybersecurity Defense: Best Practices and Limitations — Gate 15 • FS-ISAC releases advisory on hardening cybersecurity from AI • Sector Risk Advisory: AI-Enabled Vulnerability Detection & Remediation Perspectives on Third Parties • Sector Risk Advisory: Preparing the Enterprise for AI-Enabled Vulnerability Discovery • Executive Overview: Implications of AI-Enabled Vulnerability Detection & Exploitation • Europe must prevent misuse of Anthropic's Mythos, Bundesbank chief warns • FB-ISAO Newsletter V8 Issue 4 Main Topics:WHCD Attack• White House Dinner Shooting Suspect's Family Alerted Police To Threats Minutes Before Attack • Read White House Correspondents' Dinner gunman Cole Allen's full anti-Trump manifesto • WHCD shooting suspect Cole Allen mocked lack of security on every leg of cross-country journey in manifesto: ‘Actually insane' • Who Are The Wide Awakes? What We Know About Group Tied to Cole Allen • White House Correspondents' Dinner gunman 'assembled long weapon in unsecured room' before firing near ballroom, volunteer reveals • Correspondents' dinner shooting suspect called himself ‘friendly federal assassin' • White House correspondents' dinner was not given top security status • White House correspondents' dinner shooting suspect reached ballroom staircase • Trump shooting at correspondents dinner raises security concerns • Staged conspiracy theories are everywhere following White House Correspondents' Dinner shooting Cyber Resilience• Cyber Centre warns of sophisticated smishing activity targeting Canadians & Smishing: Protect yourself from SMS attacks - Canadian Centre for Cyber Security • NCSC: Leave passwords in the past - passkeys are the future – UK National Cyber Security Centre • Cyber security considerations for passkeys (ITSAP.30.033) — Canadian Centre for Cyber Security • How NOT to Be Your Adversary's Best Friend | FIRST CTI 2026 Day 2 - FIRST CTI 2026 • Could your choice of metrics be harming your SOC? – UK National Cyber Security Centre • NCSC CEO keynote speech, CYBERUK 2026 — UK National Cyber Security Centre • Vendor diversification (ITSAP.10.006) - Canadian Centre for Cyber Security FBI: Open Letter to Parents, Guardians, and Caregivers Quick Hits:• AI tools are helping mediocre North Korean hackers steal millions - WIRED • Inside Lazarus: How North Korea Uses AI to Industrialize Attacks on Developers - Expel • Distinguished ex-cop arrested for ‘mass shooting' plot to gun down black people at New Orleans festival• UK warns of Chinese hackers using botnets of hijacked consumer devices to evade detection • FIRESTARTER Backdoor - CISA • Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS's SRMA Role for the Communications and IT Sectors - House Committee on Homeland Security. Witnesses include Sam Visner, Chair of the Board of Directors at Space Information Sharing and Analysis Center; and Scott Algeier, Executive Director of the Information Technology-Information Sharing and Analysis Center. • CISA director pick Sean Plankey withdraws his nomination - CyberScoop • Treaty Adjacent: Why Tribal Data Sovereignty Matters - LinkedIn
In the latest episode of Nerd Out, Dave and Alec go deep into the various threats from Iran and the ways they can still inspire and influence attacks before diving into the fire as a weapon / arson threats. And as always they wrap up talking about some of their favorite shows including Daredevil and Maul! Plus, are we in the midst of a revival or peak for fandom!Iran Security Threatshttps://www.visionofhumanity.org/wp-content/uploads/2026/03/The-Iran-War-and-The-Global-Terrorism-Threat.pdfhttps://www.longwarjournal.org/archives/2026/04/iran-linked-group-ashab-al-yamin-surges-attacks-in-european-cities-claims-15-since-march.phphttps://www.theguardian.com/uk-news/2026/apr/23/iran-low-level-hybrid-warfare-arson-attacks-uk-europeIran Supply Chain:https://www.cnbc.com/2026/04/21/oil-price-iran-war-middle-east.htmlhttps://splash247.com/war-turns-sulphur-market-toxic-in-acid-supply-shock/Workplace Violence – Employee Reportedly Intentionally Sets Fire at Massive Warehouse, Possibly Motivated by Ideological Grievances:https://www.asisonline.org/security-management-magazine/articles/2026/04/distribution-center-arson-attack/
On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• TribalHub Regional Tribal Technology Forums• WaterISAC H2OSecCon 2026. Virtual Event: 02 Jun, 11am-5pm ET Overview, Registration, Agenda, Speakers• Offensive AI: What Red Teams and Attackers are Doing Now - Gate 15Main Topics:Vercel April 2026 security incident Vercel 20 Apr 2026. Vercel said it identified unauthorized access to certain internal systems and initially found a limited subset of customers whose credentials were compromised. The company said the incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee, which then enabled takeover of that employee's Google Workspace account and access to some Vercel environments and non-sensitive-marked environment variables. Vercel said services remain operational, law enforcement has been notified, and customers who were not contacted are not currently believed to have had credentials or personal data compromised. Vercel is a cloud platform used for frontend hosting, serverless functions, and deploying websites, particularly those built with React or Next.js. It enables developers to easily build high-performance, edge-optimized applications. Key features include automatic Git integrations (CI/CD) for instant deployments, preview environments, and edge storage. • Vercel confirms breach as hackers claim to be selling stolen data • Breaking: Vercel Breach Linked to Infostealer Infection at Context.ai • Vercel's security breach started with malware disguised as Roblox cheatsWiz: 80% of cloud breaches are caused by basic mistakes - IT Pro - 13 Apr 2026 IT Pro reports that Wiz Threat Research found most cloud breaches in 2025 were driven by familiar security mistakes rather than entirely new vulnerability classes, with AI expanding the places where known risks can appear. The article frames the problem around scale, shared trust, and increasingly complex cloud and AI environments rather than exotic attack novelty. Target is cloud security teams, platform engineers, and enterprise risk leaders with Dig highlighting that basic exposure management, identity control, and configuration discipline remain the decisive factors in many modern cloud compromises. Fire As An Act Of Sabotage Guidance UK National Protective Security Authority 25 Sep 2024. The NPSA guidance outlines how to mitigate the risk of deliberate fire-setting used as sabotage against premises and infrastructure that may be attractive targets. Although not new, it remains operationally useful because it provides protective security and risk management guidance for owners and operators responsible for physical sites and critical functions. The relevance is heightened in an environment where sabotage, arson, and hybrid disruption are increasingly discussed alongside state and extremist threat models. From tabletop reality 10 gaps executive cyber exercises consistently reveal - SANS Institute - 2026 This analysis identifies recurring gaps observed during executive cyber exercises, including communication breakdowns and decision-making delays. It highlights the importance of realistic training scenarios to improve organizational readiness. The findings provide actionable insights for strengthening incident response at the leadership level. • Critical infrastructure resilience escalated threat navigation initiative - Canadian Centre for Cyber Security • Preparing for severe cyber threat why leaders must act now - NCSC UK • CISO Survey 2026: The State of Incident Response Readiness Quick Hits:• The State of Ransomware in Q1 2026 - Emsisoft • Safeguarding Our Data, Intellectual Property, and Technology from Non-traditional Collectors
In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Gate 15: Leveraging AI for Proactive Physical Threat Detection and Emergency Response• Cloud Security Alliance: The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program • Cyber.gov.au: Frontier models and their impact on cyber security• Canadian Centre for Cyber Security: Frontier artificial intelligence - • Anthropic: Glasswing• A.I. Is on Its Way to Upending Cybersecurity • U.S. Department of the Treasury: Treasury Launches Cybersecurity Information Sharing Initiative for the Digital Asset Industry• Strengthening American Leadership in Digital Financial Technology Digital Assets Report EO14178 • Treasury debuts effort to share cyber threat intel with crypto firms • Crypto Firms Can Now Access Treasury's Cybersecurity Info to Bolster Defense Against Attacks Main Topics:FBI Releases the 2025 Internet Crime Report: “Cryptocurrency and AI Scams Bilk Americans of Billions” — 07 Apr 2026. The FBI says IC3 received about 453,000 cyber enabled fraud complaints with losses exceeding $17.7 billion, and that investment fraud accounted for nearly half of all scam related losses. The bureau says complaints involving cryptocurrency produced the highest losses with 181,565 complaints totaling more than $11 billion, while the 2025 IC3 report also says cryptocurrency investment fraud alone reached $7.2 billion and that AI related cybercrime complaints totaled 22,364 with losses nearing $893 million. Threat Landscape Report 2025: A Year in Review — 08 Apr 2026. CERT-EU said it tracked at least 174 distinct threat actors affecting Union entities or their ecosystem in 2025, up from 110 in 2024, and said cyberespionage and prepositioning remained the dominant motives while cybercrime also rose. The report says exploitation of vulnerabilities in internet-facing software remained the highest-impact initial access vector for the second consecutive year and that edge devices from vendors including Fortinet, Ivanti, Cisco, and Palo Alto accounted for much of the observed attack activity. Quick Hits:• CSU Forecast for 2026 Hurricane Activity & CSU researchers predicting somewhat below-average Atlantic hurricane season for 2026, PDF. • The first predictions for hurricane season are in and El Niño's fingerprints are all over it • Super Typhoon Sinlaku Slams Northern Mariana Islands and Guam with Devastating Winds and Catastrophic Flooding, A Travel Nightmare Unfolds• 2026 Cyber Claims Report & 86% of businesses refused to pay cyber ransoms in 2025: Coalition insurance • DHS Shutdown Day 58: Secretary Mullin Orders All Staff Back to Work Despite No Congressional Deal
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Hank Teran. Hank is the CEO of Open Measures, an open source social intelligence platform built to help researchers identify online threats like disinformation and extremism to mitigate offline harms. Open Measures covers a wide range of social media platforms from mainstream to fringe, with a unique focus on emerging - or alternative - platforms. In the past Open Measures has been used in investigations on a range of topics including Russian information operations in the Sahel, AI deepfakes targeting celebrities and athletes, and the proliferation of stolen logs sales across channel-based messaging apps. Before building Open Measures, Hank led business development and operations teams across industries including M&A, rideshare, and software security & management. Throughout his career he's been driven by a desire to create meaningful ownership opportunities for workers, both on the cap table and in the workplace. Hank and his team at Open Measures are based in NYC. When he's not busy helping teams identify online threats, he can be found working on the Sunday crossword or researching the best nearby diner options.Hank on LinkedInHank in Politico, “The limits of making social media political,” 29 Jan 2026 Open MeasuresOpen Measures NewsletterIn the podcast the team and Andy discuss:Hank, Open Measures and info ops.Threats, extremism and the impacts of AI.The importance of having a “human in the lead framework.”Why organizations need to prioritize visibility.Emerging challenges and the normalization of AI-generated content.We play 3 Questions! and discuss New York City, food, culture, Tom's Diner by Suzanne Vega and is this the same Tom's Diner Hank is telling us about?!Hank closes us out noting, “This work is a marathon, not a sprint” and discussing the importance of mental health.And more!Open Measure links that may be of interest:Michigan-specific election conspiracy theoriesSmear campaign directed at CAIRNGOs targeted as "Antifa" Cracker Barrel CEO targeted amidst rebrandAE Good Jeans Ad sparks inauthentic backlashNeo-Nazi Active Clubs youth recruitmentAnti-abortion activism that puts clinics and practitioners at risk
In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Senate confirms Markwayne Mullin to lead Homeland Security as TSA standoff deepens • Auto-ISAC 2025 Annual Report — Auto-ISAC • ISACs confront AI's promise and peril for threat intelligence-sharing — Cybersecurity Dive Podcast: What healthcare leaders face after a cyberattack — Health-ISAC• New Jersey Sign-Ups for MS-ISAC Remain Low Amid Attacks Main Topics:Cybersecurity Reports, Ransomware & Resilience• M-Trends 2026 — Google Cloud Mandiant — 24 Mar 2026. The PDF version of M-Trends 2026 shows that high tech was the most targeted industry in 2025 at 17 percent of investigations, followed by financial services at 14.6 percent, business and professional services at 13.3 percent, and healthcare at 11.9 percent. It also shows voice phishing at 11 percent of initial intrusion vectors and says ransomware appeared in 13 percent of incidents that Mandiant investigated in 2025. • M-Trends 2026 Report — Google Cloud • M-Trends 2026 reveals threat landscape shaped by faster, coordinated, and industrialized cyberattacks • High-Tech Sector Overtakes Finance as Top Target of Cyber-Attacks in 2025 • The phone call is the new phishing email • M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds • Top 50 Cybersecurity Threats — Splunk • If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident. • Iran-Linked Pay2Key Ransomware Group Re-Emerges • Waterfall Threat Report 2026 finds ransomware slowdown masks deeper shift toward nation-state attacks on critical infrastructure Atlantic hurricane season forecast 2026: 11-16 named storms predicted by AccuWeather — AccuWeather — 25 Mar 2026. AccuWeather forecasts a near-average Atlantic hurricane season with 11 to 16 named storms and several potential hurricanes. Target is coastal communities, emergency planners, and critical infrastructure operators preparing for seasonal storm impacts. Dig is that even an average season can produce high-impact storms that stress preparedness and response capabilities. The outlook is significant for planning purposes as organizations begin to align resources and contingency plans ahead of peak hurricane activity.• Ready.govQuick Hits:• Treasury asks whether terrorism risk insurance program should bolster cyber coverage — CyberScoop | 25 Mar 2026. Treasury is seeking public comment for a report to Congress on the effectiveness of the Terrorism Risk Insurance Program and specifically asked whether changes should better address cyber related losses arising from acts of terrorism. The notice highlights a persistent gap because even catastrophic cyber incidents may fall outside the program unless Treasury certifies them as terrorism under current law. Target: insurers, critical infrastructure operators, large enterprises, and policymakers evaluating how to manage systemic cyber loss from high consequence attacks. Dig: this is an important resilience and policy signal because it could shape future federal backstop discussions for cyber insurance ahead of the law's scheduled 2027 expiration. (CyberScoop)
In the latest Nerd Out, Dave and Alec welcome back some old friends - Bridget Johnson and Joe Levy - to talk about Iran, including the threat tactics and capabilities, how individuals and organizations can be prepared and what could come next. The group then talked about some pop culture items and what they are currently watching and looking forward to.Some items reference in the discussion include:Iran and Terrorism: What the U.S. Strikes Could Mean for Homeland Security - https://www.cfr.org/articles/iran-and-terrorism-what-the-u-s-strikes-could-mean-for-homeland-securityWill Iran Turn to Terrorism? - https://www.foreignaffairs.com/iran/will-iran-turn-terrorismHybrid Threat Signals: Assessing Possible Iranian Involvement in Recent Attacks in Europe - https://icct.nl/publication/hybrid-threat-signals-assessing-possible-iranian-involvement-recent-attacks-europeGroup claiming Europe antisemitic attacks tells CBS News it will target "U.S. and Israeli interests worldwide" - https://www.cbsnews.com/news/europe-antisemitism-attacks-group-threatens-us-israel-interests-worldwide/Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict - https://cyberscoop.com/stryker-cyberattack-iranian-hackers-handala/Competing Narratives: Understanding All Sides' Approach to the War in Iran - https://thesoufancenter.org/intelbrief-2026-march-24/
On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• President Donald J. Trump Unveils National AI Legislative Framework - The White House • Emerging Attack Vectors: AI Agents & Prompt Injection Gate 15 | 16 Mar 2026• The AI Landscape in Cybersecurity • An AI cyberattack could trigger a satellite apocalypse in the next 2 years. Are we prepared? • WaterISAC & EPA National Security Information Sharing Bulletin – Q1 2026 WaterISAC • Food and Ag-ISAC finds 72 active threat actors behind persistent, sophisticated cyber attacks targeting food supply chains • The E-ISAC's 2025 Report: Real Progress, Remaining Constraints Main Topics:Severe Weather• Spring outlook: Drought forecasted to expand in U.S. West, parts of Plains — NOAA | 21 Mar 2026• Get Ready for a Year of Chaotic Weather in the US — Wired, 19 Mar 20262026 Annual Threat Assessment of the U.S. Intelligence Community — Office of the Director of National Intelligence, 18 Mar 2026. The ODNI released its 2026 Annual Threat Assessment outlining key threats including China's cyber and military expansion, Russia's hybrid operations, Iran's regional aggression, and persistent cyber threats from nation-state and criminal actors. The report underscores increasing convergence between cyber operations, information operations, and physical-world impacts across critical infrastructure sectors.Islamic State group activity in the US in 2025 Institute for Strategic Dialogue | 11 Mar 2026. ISD assesses that Islamic State inspired activity in the United States remained persistent in 2025, with two successful attacks, five disrupted plots, and six material support arrests, and says most cases involved teenagers. The dispatch highlights continued use of firearms, explosive devices, vehicle attacks, and newer surveillance tools such as Meta glasses and drones during pre attack planning. It also notes that targets varied widely, including public celebrations, military interests, nightlife venues, law enforcement, schools, and religious institutions, which complicates protective prioritization. Quick Hits:• Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets — FBI IC3• CISA Urges Endpoint Management System Hardening After Cyberattack Against U.S. Organization • CISA and FBI Release Public Service Announcement About Russian Intelligence Services Targeting Commercial Messaging Apps• Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape — Google Cloud Blog• Ransomware Spotlight: Agenda • Amazon Threat Intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls• Hastalamuerte and Gentlemen RaaS: Analyzing TTPs of a Growing Ransomware Threat • Beast ransomware server toolkit analysis • Beast ransomware's toolkit revealed by exposed directory • Marquis ransomware gang stole data of 672,000 people in 2025 cyberattack • ESET Research: A Deep Dive into EDR Killers - a Cornerstone of Modern Ransomware Operations • Ransomware Affiliate ‘Gentlemen' Emerges as Key Player • LeakNet Ransomware: What You Need to Know
In this special Joint episode Andy Jabbour and Toni Pepper connect at the 6th Annual Cybersecurity Summit in Jacksonville, Florida to talk Tribal-ISAC, key insights and takeaways, and other fun conversations along the way.
In this week's Security Sprint, Dave is solo and covered the following topics:Opening:• Business Continuity & Resilience: AI's Double-Edged Impact — Gate 15 — 10 Mar 2026 — The article examines how artificial intelligence is reshaping business continuity and resilience planning across organizations. • Joint Advisory: Middle East Conflict and Critical Infrastructure — Gate 15 — 11 Mar 2026. On 11 March 2026, ten Information Sharing and Analysis Centers (ISACs) joined together to release a joint advisory on the Middle East conflict and the ongoing security implications to critical infrastructure. • U.S.: Why now: Cyber policy veterans weigh in on pivotal moment in evolution of security strategy — Inside Cybersecurity — 12 Mar 2026 Cyber policy veterans told Inside Cybersecurity that the United States has reached a pivotal moment in reshaping national cyber strategy as the Trump administration promotes a more aggressive model built around offensive and defensive capabilities, emerging technology, and reduced regulation. Main Topics:Operation Epic Fury & Related: • Iran's threat on U.S. soil: sleeper cells, lone wolves and cyberattacks — Los Angeles Times — 10 Mar 2026 U.S. security officials warn that Iran could attempt retaliation through sleeper cells, lone wolf actors, or cyber operations targeting American interests if regional conflict escalates. • DOGE government spending cuts complicate US response to Iran cyber threats — CNN — 10 Mar 2026 —— Reporting describes how federal government restructuring and spending cuts tied to the Department of Government Efficiency have disrupted cyber coordination during heightened tensions with Iran. • How ‘Handala' Became the Face of Iran's Hacker Counterattacks — WIRED — 12 Mar 2026 WIRED reports that Handala has become the most visible face of Iran's retaliatory cyber campaign after the destructive breach of medical technology firm Stryker. • Iranian Hacktivists Strike Medical Device Maker Stryker in Severe Attack That Wiped Systems — Zetter Zero Day — 11 Mar 2026 Iranian hacktivist group Handala claimed responsibility for a destructive cyberattack that wiped systems belonging to medical device manufacturer Stryker. Michigan Synagogue Attack: • Michigan synagogue attack: FBI investigating as ‘targeted act of violence' Bridge Michigan | 12 Mar 2026. Target: Temple Israel in West Bloomfield and the broader Jewish community in the Detroit area. ODU Attack: • FBI releases more details in deadly Virginia shooting — Post and Courier — 14 Mar 2026. Federal investigators released additional information about a deadly shooting in Virginia that left multiple people dead and triggered a large law enforcement response. Cyber Threats:• INTERPOL report warns of increasingly sophisticated global financial fraud threat — INTERPOL — 16 Mar 2026. INTERPOL released a report warning that global financial fraud schemes are becoming more complex and technologically enabled. • Public Service Announcement: Criminals Use Stolen Personal Information to Target Victims Through Government Impersonation Schemes — FBI Internet Crime Complaint Center — 09 Mar 2026 Ransomware:• Industrial Ransomware Analysis: Q4 2025 — Dragos — 11 Mar 2026 — Dragos reported that ransomware groups continue to target industrial organizations and operational technology environments, with manufacturing and industrial sectors representing a significant portion of victims. • France's ANSSI warns ransomware gangs shifting tactics amid surge in attacks — Infosecurity Magazine — 11 Mar 2026 France's national cybersecurity agency ANSSI warned that ransomware groups are adapting their tactics as attacks continue to increase across multiple sectors.
In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Insider Threat: AI-equipped Employees - Gate 15 - 04 Mar 2026 • Communication and Collaboration Key Themes in GridEx VIII Lessons Learned Report • Health-ISAC Annual Report 2025 Shows Surge in Threat Intel and Tabletop Drills, Putting Resilience in Focus • The Gate 15 Special Edition: Iran, ISACs, & insomnia: What's happening, and not happening, in information sharing — Gate 15 | 06 Mar 2026• White House Unveils President Trump's Cyber Strategy for America — The White House | 06 Mar 2026o Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House o Ranking Member Thompson Statement on Trump's 3-Page Cyber Strategy — Democrats on the House Homeland Security Committee, 06 Mar 2026 • Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House | 06 Mar 2026Main Topics:Operation Epic Fury & Related: • White House blocks intelligence report warning of rising US homeland terror threat linked to Iran war • Iran may be activating sleeper cells in the United States, officials warn • Cyber threat bulletin: Iranian cyber threat response to US–Israel strikes February 2026, Canadian Centre for Cyber Security, 03 Mar 2026• Alert: NCSC advises UK organisations to take action following conflict in the Middle East, NCSC, 02 Mar 2026• U.S. threat intelligence units identify hacktivists as prime cyber vector in Iran conflict • Iran-linked hacktivists could target US state and local targets, experts warn • Trump Says ‘I Guess' Americans Should Worry About Iran Attacks Cyber Reports• NCC Group Annual Threat Monitor Review of 2025 NCC Group, 05 Mar 2026• Patch, track, repeat: The 2025 CVE retrospective — Cisco Talos, 05 Mar 2026• Look What You Made Us Patch: 2025 Zero-Days in Review Google Cloud Blog, 05 Mar 2026• Coalition report finds sharp rise in ransomware demands as most businesses refuse to pay — Reinsurance News | 07 Mar 2026• INC Ransom Affiliate Model Enabling Targeting of Critical Networks Australian Cyber Security Centre, 05 Mar 2026Quick Hits:• Top 10 artificial intelligence security actions: A primer Canadian Centre for Cyber Security, 05 Mar 2026• Artificial Intelligence and Machine Learning Supply Chain Risks and Mitigations Australian Signals Directorate, 04 Mar 2026• How AI Assistants Are Moving the Security Goalposts — Krebs on Security | 07 Mar 2026• Preparation hardening destructive attacks — Google Cloud Threat Intelligence | 08 Mar 2026• Tornadoes kill 6 people in Michigan and Oklahoma as powerful storms hit nation's midsection
In this special episode of The Gate 15 Interview, Andy Jabbour speaks with experts from the Information Sharing and Analysis Center (ISAC) community on the ongoing war with Iran, implications for critical infrastructure and how the community is responding, and related conversation. Leaders and experts include:Denise Anderson, President and CEO, Health-ISAC and Chairwoman of the National Council of ISACs (NCI)Michael Ball, CEO, E-ISAC, and SVP NERCJonathan Braley, Director of Threat Intelligence, IT-ISACChuck Egli, Director of Security and Resilience Operations, WaterISACAnna Mentzer-Hernández, Cyber Threat Intelligence Senior Analyst, ONE-ISACIn the discussion the panel covers:What has been happening in information sharing, security and resilience since Operation Epic Fury beganCritical infrastructure resilienceWhat the ISACs have been doing, with members, cross-sectorally, and with government and other partnersWhat we're seeing, not seeing, and would like to see from the U.S. Government and CISA at this timePlaying guitar, baking bread and staying sane and not burning out during crisis and incident responseAnd more, including some encouraging closing thoughtsSelected links:National Council of ISACsE-ISACHealth-ISACIT-ISACONE-ISACWaterISAC
In this week's Security Sprint, Dave and Andy covered the following topics:Open:• Ransomware Reinvented: AI-Powered and Autonomous Attacks — Gate 15 — 26 Feb 2026o Across party lines and industry, the verdict is the same: CISA is in trouble “We're asking states to do a job they're not resourced to do, while weakening the one federal agency designed to help them,” said Errol Weiss, chief security officer at the Health-ISAC, adding that “this is precisely where you do need a strong, centralized federal security function” and that “we already have a national shortage of cybersecurity experts, and you can't just replicate that expertise 50 times over.” Overall, Weiss said industry partners have felt the lack of outreach from the agency and are experiencing “fewer touchpoints, fewer briefings, fewer problem-solving calls,” which contributes to “a growing perception that CISA is being hollowed out where it matters most to industry: stakeholder engagement, collaborative forums, and operational support during incidents.” o Gottumukkala out, Andersen in as acting CISA director o States feel the squeeze of CISA shutdown Main Topics:Operation Epic Fury & Related: • Department of Homeland Security warns of potential attacks amid Iran operation • Peace Through Strength: President Trump Launches Operation Epic Fury to Crush Iranian Regime, End Nuclear Threat The White House• U.S. Forces Launch Operation Epic Fury U.S. Central Command• Israel performs largest cyberattack in history against Iran • X Is Drowning in Disinformation Following US and Israeli Attack on Iran • Potential Iran Nexus: Texas gunman wore "Property of Allah" hoodie during attack, had photos of Iranian leaders at home, sources say Cyber Threat Reports• CrowdStrike 2026 Global Threat Report: The Evasive Adversary Wields AI• Speed Wins When Identity Fails: 2026 Annual Threat Report • Total Ransomware Payments Stagnate for Second Consecutive Year, While Attacks Escalate • Quarterly Threat Report: Fourth Quarter, 2025 • IBM X-Force reports 44% surge in exploitation of public-facing applications as supply chain and identity attacks intensify 2026 Cost of Insider Risks Global Report — DTEX Systems and Ponemon Institute —The 2026 Cost of Insider Risks Global Report from Ponemon Institute and DTEX estimates that insider security incidents now cost organizations an average of 19.5 million United States dollars per year, driven mostly by negligent employees in complex digital environments. The study finds that companies with mature insider risk management programs avoid seven incidents and save about 8.2 million dollars annually, while cutting average time to contain from 86 days in 2023 to 67 days as budgets for insider programs nearly double. Researchers highlight the impact of shadow artificial intelligence, reporting that negligent insiders now account for 10.3 million dollars in average costs and that more than nine out of ten respondents say generative artificial intelligence has changed how staff access and share information, even though only a small share have formally integrated artificial intelligence into business strategies. Quick Hits:• AccuWeather's 2026 Severe Weather Forecast: What Business Leaders Need to Know About Severe Weather Risk
In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Tribal-ISAC and WaterISAC events!• Check out our newest webpage and our new blog post, kicking off this new Gate 15 blog series!• AI Threat Landscape: Fact vs. Fiction As We Start 2026• AI Threats Resilience, a new Gate 15 service page outlines a suite of AI threat informed workshops and tabletop exercises designed to help organizations understand AI driven risks, clarify ownership of AI exposure and rehearse response to AI enabled incidents. • TLP: CLEAR – WaterISAC Top Actions to Enhance Your Utility's Cybersecurity • (TLP:CLEAR) WaterISAC – TOP ACTIONS to Enhance Your Utility's Physical Security • Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) – Cybersecurity and Infrastructure Security Agency – 18 Feb 2026: CISA posted an update stating that due to a lapse in DHS appropriations it may be unable to hold scheduled CIRCIA Town Halls and will not conduct meetings during any lapse in appropriations. Main Topics:Cyber Resilience: An Incident Doesn't Have to Be a Crisis Binary Defense, 19 Feb 2026. This blog reframes security operations around limiting business impact instead of chasing security perfection, noting that incidents are inevitable in complex enterprises and that the true differentiator is whether they escalate into crises. • The ENISA Cybersecurity Exercise Methodology ENISA | 16 Feb 2026 & ENISA publishes Cybersecurity Exercise Methodology to guide and standardize EU cybersecurity exercises) • Information Sharing – U.S. Legal and Regulatory Guidance – Health ISAC – 18 Feb 2026• Businesses urged to ‘lock the door' on cyber criminals as new government campaign launches – UK Government, 19 Feb 2026Violence & Extremism • Man Targets DHS Building With Stolen Ambulance In Attempted Arson Attack Source: The Daily Wire, 19 Feb 2026 • Armed man shot and killed after "unauthorized entry" into Mar-a-Lago perimeter, Secret Service says — CBS News, 22 Feb 2026• Mar-a-Lago Gunman Was Reportedly ‘Fixated' on Epstein Files and Believed There Was a Trump Government Cover-Up • USCP Officers Stop & Arrest Man with Loaded Shotgun Outside the U.S. Capitol — United States Capitol Police — 17 Feb 2026• FBI Albany, in Coordination with Nevada and New York Law Enforcement Partners, Investigating Vehicle Ramming at Electrical Substation in Nevada — FBI, 20 Feb 2026Quick Hits:• Launched: 9th Annual Dragos OT Cybersecurity Year in Review Dragos — 17 Feb 2026 • Significant Rise in Ransomware Attacks Targeting Industrial Organizations)• 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos • CISA: Recently patched RoundCube flaws now exploited in attacks — BleepingComputer, 23 Feb 2026• CISA Adds Two Known Exploited Vulnerabilities to Catalog (RoundCube)• Government of Canada Alerts & Advisories: Roundcube security advisory (AV25-309) - Update 1 • CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — Bleeping Computer, 20 Feb 2026 • 90% of Ransomware Incidents Exploit Firewalls • Ransomware Groups Shift Targets Mid-Sized Businesses Enterprise Defenses Harden, Research Shows • Searchlight Cyber Report: Ransomware Groups Claimed Record Number of Victims in 2025 with 30% Annual Increase — Searchlight Cyber — 17 Feb 2026• Securin 2025 Ransomware Report Finds AI Accelerating, Not Replacing, Human-Led Attacks • Record Number of Ransomware Victims and Groups in 2025 • Arctic Wolf Threat Report Highlights 11x Growth in Data Extortion Incidents and Continued Dominance of Ransomware Arctic Wolf | 17 Feb 2026 • 2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster Palo Alto Networks | 17 Feb 2026 • Blizzard slams Northeast with heavy snow and powerful winds • East Coast Blizzard Halts Travel, Cancels 8,000 Flights • El Nino is brewing: Here's what it means for U.S. weather in 2026
In the latest episode of Nerd Out, Dave and Alec talked about the weekend violence in Mexico after the death of a drug lord, and looked at the ramifications. Then they looked at Iran, the other potential hot spot and the similarities. They discussed travel considerations and being aware of potential cyber and physical risk. This led to a further discussion of extremist activity, the growth of Al Qaeda and domestic extremist activity around critical infrastructure. They wrapped up the pod talking about Knights of the Seven Kingdoms and the latest trailers for House of the Dragon and the Mandalorian and Grogu.References discussed in the pod include:Mexico Violencehttps://www.cbsnews.com/news/violence-mexico-jalisco-new-generation-cartel-killed-military-puerto-vallarta/https://www.cnn.com/world/live-news/mexico-el-mencho-killed-travel-chaos-02-23-26-intl-hnkhttps://thesoufancenter.org/research/war-against-the-cartels-prospects-and-perils-for-the-trump-administrations-military-led-campaign/Iran Tensionshttps://www.nytimes.com/2026/02/22/us/politics/iran-terrorist-attacks-proxies-trump.htmlhttps://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-22-2025Substation Attack in Nevadahttps://www.cnn.com/2026/02/20/us/nevada-counterterrorism-incident-investigation-fbihttps://www.ktnv.com/news/authorities-investigate-possible-terrorism-threat-after-a-car-ran-into-facility-in-boulder-city-sources-sayNor'easter Snowstormhttps://www.usatoday.com/live-story/news/nation/2026/02/23/storm-snow-wind-northeast-live-updates/88814627007/https://sundayguardianlive.com/science/the-science-behind-nycs-severe-snow-storm-arctic-air-atlantic-winds-and-a-historic-noreaster-171924/
On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida• IT-ISAC, Food & Ag ISAC Ransomware Reports!• Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings • What to Know About the Homeland Security Shutdown New York Times 15 Feb 2026Main Topics:South Korea blames Coupang data breach on management failure, not sophisticated attack – Reuters – 10 Feb 2026. “'It's more of a management problem than an advanced attack,' Choi Woo-hyuk, deputy minister for cyber security and network policy, told a press conference, citing lax oversight of authentication systems.” South Korean authorities released findings on a massive Coupang data leak, concluding that a former engineer exploited known authentication weaknesses and a retained signing key to access customer accounts for months, exposing personal data on about 33.7 million users. AI Threats & Mitigation• GTIG AI Threat Tracker: Distillation, Experimentation, and Continued Integration of AI for Adversarial Use — Google Cloud Blog — 12 Feb 2026. Google Threat Intelligence Group describes observed adversary use of AI across multiple phases of the attack lifecycle and highlights rising model extraction and distillation activity. • What CISOs need to know about ClawDBot, I mean MoltBot, I mean OpenClaw CSO Online — 16 Feb 2026. The article outlines enterprise risk considerations around OpenClaw and similar autonomous agent tooling that can execute actions on behalf of users with broad system access. It includes the warning that “The problem with running this is that these tools can do basically anything that a user can do,” says Rich Mogull, chief analyst at Cloud Security Alliance. Awareness of Preoperational Surveillance Tactics Associated With Terrorism Offers Opportunities — Joint Counterterrorism Assessment Team First Responder's Toolbox, ODNI — 13 Feb 2026. CISA's 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure. Notable highlights include: • Strengthened Collective Defense: Published more than 1,600 products and triaged 30,000+ incidents through CISA's 24/7 Operations Center – keeping critical systems secure. • Blocked Malicious Activity at Scale: Stopped 2.62 billion malicious connections on federal civilian networks and 371 million within critical infrastructure. • Enhanced Preparedness Nationwide: Led 148 cyber and physical security exercises with 10,000+ participants, helping partners refine emergency plans and boost local and national resilience. • Following Executive Order 14305, “Restoring American Airspace Sovereignty,” CISA published the Be Air Aware™ suite of security guides in November to help organization detect, respond to, and safely manage Unmanned Aircraft System Threats. Quick Hits:• Improving your response to vulnerability management — NCSC, 10 Feb 2026• Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 – CISA – 03 Feb 2026• CISA Helps Johnny Secure Operational Technology: New Guidance Addresses Cyber Risks from Legacy Protocols. CISA released the guidance Barriers to Secure OT Communication: Why Johnny Can't Authenticate. • Poland energy sector cyber incident highlights OT and ICS security gaps • CISA Updates BRICKSTORM Backdoor Malware Analysis Report• Blended Threats: Axios Future of Cybersecurity – Axios – 10 Feb 2026• A Defector Explains the Remote-Work Scam Helping North Korea Pay for Nukes Wall Street Journal 16 Feb 2026• Hacktivism today: what three years of research reveal about its transformation • Pakistan mosque attack highlights worsening militant threat
In this episode of The Gate 15 Interview, Andy Jabbour speaks with four Gate 15 analysts as Sadie-Anne Jones, Chase Snow, Mackenzie Gryder and Preston Wright share about their experiences, their work at Gate 15 and across critical infrastructure and faith-based organizations and more, including a rapid-fire round of Three Questions!Sadie-Anne on LinkedIn.Chase on LinkedIn.Mackenzie on LinkedIn.Preston on LinkedIn.In the podcast the team and Andy discuss:Backgrounds and paths to Gate 15.Surprising things the team has learned so far, and their ideas on threats, resilience, and what leaders may want to be thinking about today.The next hurdle they want to jump.We play 3 Questions! and talk late night snacks, secret skills, and where we love to chill and play.And more!
In this week's episode of the Security Sprint, Dave and Andy covered the following topics:Open:• TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida• Congress reauthorizes private-public cybersecurity framework & Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026• AMWA testifies at Senate EPW Committee hearing on cybersecurity Main Topics:Terrorism & Extremismo Killers without a cause: The rise in nihilistic violent extremism — The Washington Post, 08 Feb 2026 o Terrorists' Use of Emerging Technologies Poses Evolving Threat to International Peace, Stability, Acting UN Counter-Terrorism Chief Warns Security Council United Nations / Security Council, 04 Feb 2026 OpenClaw: The Helpful AI That Could Quietly Become Your Biggest Insider Threat – Jamf Threat Labs, 09 Feb 2026. Jamf profiles OpenClaw as an autonomous agent framework that can run on macOS and other platforms, chain actions across tools, maintain long term memory and act on high level goals by reading and writing files, calling APIs and interacting with messaging and email systems. The research warns that over privileged agents like this effectively become new insider layers once attackers capture tokens, gain access to control interfaces or introduce malicious skills, enabling data exfiltration, lateral movement and command execution that look like legitimate automation. The rise of Moltbook suggests viral AI prompts may be the next big security threat; We don't need self-replicating AI models to have problems, just self-replicating prompts.• From magic to malware: How OpenClaw's agent skills become an attack surface • Exposed Moltbook database reveals millions of API keys • The rise of Moltbook suggests viral AI prompts may be the next big security threat • OpenClaw & Moltbook: AI agents meet real-world attack campaigns • Malicious MoltBot skills used to push password-stealing malware • Moltbook reveals AI security readiness • Moltbook exposes user data via API • OpenClaw: Handing AI the keys to your digital life Quick Hits:• Active Tornado Season Expected in the US • CISA Directs Federal Agencies to Update Edge Devices – GovInfoSecurity, 05 Feb 2026 & read more from CISA: Binding Operational Directive 26-02: Mitigating Risk From End-of-Support Edge Devices – CISA, 05 Feb 2026. • A Technical and Ethical Post-Mortem of the Feb 2026 Harvard University ShinyHunters Data Breach • Hackers publish personal information stolen during Harvard, UPenn data breaches • Two Ivy League universities had donor information breaches. Will donors be notified?• Harassment & scare tactics: why victims should never pay ShinyHunters • Please Don't Feed the Scattered Lapsus$ & ShinyHunters • Mass data exfiltration campaigns lose their edge in Q4 2025 • Executive Targeting Reaches Record Levels as Threats Expand Beyond CEOs • Notepad++ supply-chain attack: what we know • Summary of SmarterTools Breach and SmarterMail CVEs • Infostealers without borders: macOS, Python stealers, and platform abuse
In this week's episode of the Security Sprint, Dave and Andy covered the following topics:Opening:Check out the new SUN format and Subscribe to GRIP! Gate 15's Resilience and Intelligence PortalBig News! The Tribal-ISAC Appoints First Executive Director to Advance Cybersecurity for Tribal Governments and Enterprises – Tribal-ISAC | 27 Jan 2026: Keys & Locks – The Overlooked Security Risk – Fact Sheet — WaterISAC | 28 Jan 2026 Main Topics:Insider Threats: Assembling A Multi-Disciplinary Insider Threat Management Team — CISA | 27 Jan 2026 (Analysis/Commentary) CISA's new infographic guides organizations in forming insider threat teams that bring together HR, legal, IT, security, and leadership under a “Plan, Organize, Execute, Maintain” framework. Savannah Best Buy employee says hacker group blackmailed him into theft ring scheme Study: Future workers would sell patient data Former Google Engineer Found Guilty of Economic Espionage and Theft of Confidential AI Technology Former TD Bank Employee Pleads Guilty to Accepting Bribes and Laundering $55 Million From Colombia Two Recent Guilty Pleas Highlight Financial Crime Risks Posed by Bank Insiders The Evolution of Insider Threat Ransomware Threat Outlook 2025-2027 — Canadian Centre for Cyber Security | 28 Jan 2026 The Cyber Centre assesses that ransomware against Canadian organizations is increasing and rapidly evolving, with actors almost certainly opportunistic and financially motivated, and essentially all organizations and individuals at risk of being targeted at some point. Ransomware: How to Prevent and Recover (ITSAP.00.099) — Canadian Centre for Cyber Security Ransomware Playbook (ITSM.00.099) — Canadian Centre for Cyber Security Threat Spotlight: Ransomware and Cyber Extortion in Q4 2025 NCC Group Monthly Threat Pulse – Review of December 2025 The Convergence of Infostealers and Ransomware: From Credential Harvesting to Rapid Extortion ChainsFBI Operation Winter SHIELD: 10 Cybersecurity Actions for Critical Infrastructure & FBI Launches ‘Winter SHIELD' Cyber Campaign — FBI & Infosecurity Magazine, 29 Jan 2026. NSA Releases Phase One and Phase Two of the Zero Trust Implementation Guidelines How to prepare and plan your organisation's response to a severe cyber threat: a guide for CNI Cyber security considerations for drone use (ITSAP.00.143) Cyber security advisory AV26-058: OpenSSL Security Advisory Cyber Incident Reporting Guidelines: Key Information & Sharing Requirements — Canadian Centre for Cyber Security, 2026DOD: JIATF 401 Publishes New Guidance for Physical Protection of Critical Infrastructure (U.S. Department of Defense, Jan 2026) Spotting malicious email messages (ITSAP.00.100) — Canadian Centre for Cyber Security | Jan 2026 Quick Hits:2025 Threat Report: Exploitation Grows Across IT, IoT, and OT — Forescout Vedere Labs | 29 Jan 2026 Man arrested after spraying substance on Rep. Ilhan Omar Ilhan Omar Attack: Suspect Identified as Anthony Kazmierczak Amid Rising Political Violence Calls to Impeach DHS Secretary Noem Grow After Minneapolis Shootings and Omar Attack ‘No Kings' march event in Twin Cities & ‘No Kings' protest march set for March 28 USCP Threat Assessment Cases for 2025 – Source: U.S. Capitol Police, 27 Jan 2026.
In this week's Security Sprint, Dave and Andy talked about the following topics:Opening:• WaterISAC to host H2OEx regional exercise to strengthen sector preparedness & WaterISAC merch!• The Gate 15 Interview EP 66: Chris Camacho: Cyber Risk, Building Communities, Nirvana, and Peruvian Chicken• Nerd Out EP 66. Terrorism trends and hacktivism in the current geopolitical environment, plus Nerd Movie reviewMain Topics:Rules of Engagement: safety, security and resilience considerations after Minneapolis and the murder of Alex PrettiSevere Weather Planning & Resilience: • Winter storm kills 11, leaves more than 800,000 without power as cold tightens grip • The massive storm has passed, but deep cold remains a danger • Storm-related power outages (U.S.) • PowerOutage.us AI-Powered Disinformation Swarms Are Coming for Democracy (Wired, 23 Jan 2026; Analysis/Commentary) – Wired examines how coordinated “disinformation swarms” powered by generative AI are shifting influence operations from single narratives to adaptive, multi-persona campaigns that probe, learn, and re-target in real time. Rather than pushing one false claim, these swarms test thousands of micro-messages across platforms, identify which narratives gain traction with which audiences, and dynamically reinforce them using synthetic text, images, and increasingly video. Researchers warn this model overwhelms traditional fact-checking and moderation, exploits algorithmic amplification, and blurs the line between foreign and domestic influence, particularly when paired with real grievances. Quick Hits:• CISA budget bill would require agency to maintain ‘sufficient' staffing levels and Congressional appropriators move to extend information-sharing law, fund CISA • Acting CISA chief defends workforce cuts, declares agency ‘back on mission' • What to do when your organization has been compromised by a cyber attack (ITSAP00009)
In the latest Episode of Nerd Out, Dave and Alec talked about the following topics:Trends in Terrorism: What's on the Horizon in 2026?https://thesoufancenter.org/intelbrief-2026-january-8/Critical Infrastructure Attacks Became Routine for Hacktivists in 2025https://cyble.com/blog/hacktivists-critical-infrastructure-attacks-2025/Severe Winter Weather Forecast to Impact Large Portions of the U.S.https://www.wpc.ncep.noaa.gov/#page=ovwhttps://www.ready.gov/winter-weatherhttps://www.cbsnews.com/news/maps-winter-storm-snow-cold-weekend/Talking Nerd Movies and our excitement level, plus a review of A Knight in the Seven Kingdoms.
In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Cyber Insights 2026: Information Sharing (SecurityWeek, 16 Jan 2026)• ICYMI: Homeland Republicans underscore importance of strong public-private sector partnerships to deter cyber threats — House Homeland Security Committee (Majority) | Jan 17, 2026 Main Topics:Pro-Russia hacktivist activity continues to target UK organisations & NCSC warns of hacktivist groups disrupting UK online services (UK National Cyber Security Centre, Jan 2026). The NCSC reports sustained, low-sophistication but high-volume hacktivist campaigns—primarily DDoS and website defacements—linked to pro-Russia narratives and opportunistic targeting of UK public- and private-sector organizations. While technically unsophisticated, the activity is persistent, media-aware, and designed to generate disruption, reputational harm, and psychological impact rather than deep network compromise. The NCSC emphasizes preparedness measures including DDoS resilience, clear incident communications, and executive awareness that “noise” activity can still impose real operational cost. • Russia-linked APT28 targets energy and defense groups tied to NATO • UAT-8837 targets critical infrastructure sectors in North America • A Day Without ICS: The real impact of ICS/OT security threats Ransomware• Worldwide ransomware roundup: 2025 end-of-year report • Global ransomware attacks rose 32% in 2025, as manufacturers emerged as top target• 2025 Shattered Records: Key takeaways from the GRIT 2026 Ransomware & Cyber Threat Report• DeadLock Ransomware: Smart Contracts for Malicious Purposes Domestic Operations: Joint Interagency Task Force-Counter Cartel (JIATF-CC) established & US Northern Command establishes JTF-GOLD Quick Hits:• (TLP:CLEAR) Assessing Terrorism Trends on the Horizon in 2026 — WaterISAC — Jan 15, 2026 • UK NCSC: Designing safer links: secure connectivity for operational technology• NCSC UK: Secure connectivity principles for OT (collection) • FBI: Secure Connectivity Principles for Operational Technology (OT) (PDF)• ACSC (Australia): New publication for small businesses managing cyber risks from AI • Artificial intelligence for small business: Managing cyber security risks• Developing your IT recovery plan (Canadian Centre for Cyber Security, Jan 2026)• Improving cyber security resilience through emergency preparedness planning (Canadian Centre for Cyber Security, Jan 2026)• Developing your incident response plan (Canadian Centre for Cyber Security, Jan 2026)• Developing your business continuity plan (Canadian Centre for Cyber Security, Jan 2026)
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Chris Camacho. Chris is Abstract Security's Co-Founder and Chief Operating Officer (COO). In this role, Chris is responsible for the go-to-market strategy, company vision, growth, collaboration, and client engagement. He is a leader, innovator and community builder. Before co-founding Abstract Security, Chris served as both Chief Strategy Officer and Chief Revenue Officer at Flashpoint and was responsible for helping grow the company to an acquisition by Audax PE and supporting three acquisitions to Flashpoint's portfolio, which helped the company be an industry market leader in the information security market. Before his time at vendors like Abstract Security and Flashpoint, Chris was the Senior Vice President of Information Security at Bank of America, where he oversaw the Threat Management Program. An entrepreneur, Chris also served as CEO for NinjaJobs, a career-matching community for elite cybersecurity talent. As he continues to build trust and relationships throughout the cybersecurity community, he's now building C2 Corner, a space for security leaders to share stories, connect through experience, and build what's next together. Chris on LinkedIn.In the podcast Chris and Andy discuss:Chris's background and the road from financial services to becoming a vendor.Chris shares some threat perspective from deepfakes to the complexities of geopolitics and polarization.Chris talks about managing ever-increasing amounts of data and how Abstract Security is helping organizations to reduce risk.We discuss the idea of AI SOCs helping to enhance security operations.The importance of community building: from trust groups and ISACs to C2 Corner to in-person meet-ups!Chris shares some career advice, andWe play 3 Questions! and talk Chris's favorite meats, reading books (and writing books?), and the glory of the 90s.Selected links:Abstract Security. “Security teams should stop adversaries—not manage security data. Abstract's streaming-first platform simplifies the entire security data pipeline, from ingestion to detection to storage. By eliminating noise and delays, we help your team move faster, stay focused, and outpace attackers in real time.”Introducing C2 Corner: By Practitioners, For the IndustryApplied Security Data Strategy: A Leader's Guide: a practical toolkit designed to help organizations of all sizes
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalHub Cybersecurity Summit! 17-20 Feb, Jacksonville, Florida• Crypto ISAC & Crypto Crime Reaches Record High in 2025 as Nation-State Sanctions Evasion Moves On-Chain at Scale (and so many breach and incident reports)• MFA follow up and the alleged Instagram breach: Instagram user data leak: scraped records from 2022 resurface Main Topics:Complex realities for the workplace:• Venezuela, geopolitics and domestic considerations• Immigration and ICE-related incidents and protests• Considerations for leaders in the workplaceInsider Threats: • Malicious employees for hire: How dark web criminals recruit insiders • Hiding in plain sight: What the death of Aldrich Ames teaches us about insider threats The State of Ransomware in the U.S.: Report and Statistics 2025. “Since 2023, the number of globally claimed victims has increased from approximately 5400 annually to over 8000 in 2025… the number of victims has grown, so has the number of ransomware groups… ransomware has become more decentralized, more competitive, and more resilient. As long as affiliates remain plentiful and social engineering remains effective, victim counts are likely to continue rising.”Quick Hits:• FBI FLASH: North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities • How China and Russia are using Maduro's capture to sway U.S. discourse • U-Haul truck drives into crowd at Westwood rally against Iranian government • The Government Cyber Action Plan: strengthening resilience across the UK • CISA - Secure Your Business; Protect your business, employees and customers with smart cybersecurity practices
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes• Protests in US cities over Trump's military intervention in Venezuela• Trump Ramps Up Incendiary Threats After Venezuela Strike• White House: RUBIO: This Is Our Hemisphere — and President Trump Will Not Allow Our Security to be Threatened• PMs of Greenland, Denmark tell Trump to stop U.S. takeover threatsMain Topics:Leftwing militants claim responsibility for arson attack on Berlin power grid. Protest over climate crisis and AI has cut power to tens of thousands of homes which may take days to fully restore. The Vulkangruppe (Volcano Group) said it had deliberately targeted some of the city's wealthiest districts.Ransomware:• Recorded Future: New ransomware tactics to watch out for in 2026• Semperis: What CISOs Need to Know About Fighting Ransomware in 2026 • Top 10 Ransomware Groups of 2025MFA: Dozens of Global Companies Hacked via Cloud Credentials from Infostealer Infections & More at Risk. This report provides a granular reconstruction of the compromised assets. Furthermore, we demonstrate that these catastrophic security failures were not the result of zero-day exploits in the platform architecture, but rather the downstream effect of malware infections on employee devices combined with a critical failure to enforce Multi-Factor Authentication (MFA).• One criminal, 50 hacked organizations, and all because MFA wasn't turned on. "Because the organizations listed below did not enforce MFA, the attacker walks right in through the front door," the cybersecurity shop said in a Monday report. "No exploits, no cookies – just a password."• Cloud file-sharing sites targeted for corporate data theft attacksAI Deepfakes Are Impersonating Pastors to Try to Scam Their Congregations; Religious communities around the US are getting hit with AI depictions of their leaders sharing incendiary sermons and asking for donations. Quick Hits:• Bleeping Computer: The biggest cybersecurity and cyberattack stories of 2025 • Infosecurity's Top 10 Cybersecurity Stories of 2025• Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025.• Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware• CISA Known Exploited Vulnerabilities Surged 20% in 2025; CISA's Known Exploited Vulnerabilities (KEV) Catalog Grew By 20% In 2025, Including 24 Vulnerabilities Exploited By Ransomware Groups
On the latest episode of Nerd Out, Dave and Alec dig into the Bondi Beach attack and what lessons can be learned before looking at the NYE attack that was disrupted. Then the looked at some of the security predictions made earlier in the year to see if they hit the mark. They wrapped up with a prediction of their own for 2026. Then they turned to the other nerd news and talked about some of the latest trailers before talking about their favorite show of the year!
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Cyware!• New! The Gate 15 Interview EP 65: Yearend ISAC Extravaganza! • 2025 CWE Top 25 Most Dangerous Software Weaknesses• CISA Unveils Enhanced Cross-Sector Cybersecurity Performance GoalsMain Topics:Bondi Beach Hanukkah Attack:• NYT Live Updates: Sydney Gunmen Were Motivated by ISIS, Australia's Leader Says• Gunmen kill at least 15 people in attack on Hanukkah celebration on Sydney's Bondi Beach • Join FB-ISAO. If you're involved with a place of worship or charity, please make sure they're plugged in!• Gate 15's Hostile Events Attack Cycle white paper• Germany foils suspected Islamist car ramming plot targeting Christmas market • 'F*** the Jews': Gunman fires 20 bullets into Jewish family's hanukkah-decorated home in California• Virginia mosque attacked, Muslim advocates call for hate crime chargesWhat we know about the Brown University shooting that killed 2 and injured 9 Cybersecurity Updates: • ASD: Annual Cyber Threat Report 2024-2025 • 5 lessons we learned from our ransomware attack• Dragos Industrial Ransomware Analysis: Q3 2025 • Alleged Coupang data leaker had only worked at company for two years, say police• Users report chaos as Legal Aid Agency stumbles back online after cyberattack• Canadian Centre for Cyber Security: RansomwareQuick Hits:• Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure• CISA warns China has penetrated U.S. infrastructure, threatens 2027 turning point• New Product! Active Shooter Response – Poster
In this episode of The Gate 15 Interview, Andy Jabbour speaks with leaders from the Information Sharing and Analysis Center (ISAC) community on the Cybersecurity Information Sharing Act, the government shutdown, the role and future of ISACs and what to look forward to in 2026. Experts include:Errol Weiss, CSO, Health-ISACAdam Gruszcynski, IT Director at Potawatomi Casino Hotel & Tribal-ISAC Steering Committee MemberKimberly Denbow, Vice President, Security and Operations, AGA & Executive Director, DNG-ISACChris Anderson, Principal Advisor, National Security and Emergency Preparedness at LumenIn the discussion the panel covers:The Cybersecurity Information Sharing Act of 2015 (CISA 2015), it's recent and potential lapse and how it impacted cyber threat information sharing and collaboration.The recent and potentially upcoming federal government shutdown and how the ISACs operated and were impacted.From the TribalNet Cybersecurity Summit to the Natural Gas Exercise 2026 (NGX-2026), operationalizing AI, and growing critical global partnerships – the group discusses some of the many things that they're excited about heading into 2026.Plus! The team plays one question! Warren G: Regulators! And more!Selected links:Health-ISACTribal-ISACDNG-ISACCongress extends CISA 2015, but path to long-term reauthorization remains murky
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalHub Magazine, Winter 2025: A Publication For Technology Minded Professionals In Tribal Government Tribal Health, Tribal-Gaming And Non-Gaming Tribal Enterprises. Includes Tribal-ISAC happenings!• React2Shell: Risky Bulletin: APTs go after the React2Shell vulnerability within hours & Critical Security Vulnerability in React Server Components • We discussed our daily SUN and Weekly Ransomware & Data Breach Digest available via Gate 15's GRIP: Join the GRIP! Gate 15's Resilience and Intelligence Portal (GRIP) utilizes the robust capabilities available in Cyware's Collaborate platform to provide the community with technology-enhanced, human-driven analysis products. Further, our team supports the implementation and use of Cyware Collaborate at the Enterprise level. Main Topics:FinCEN Issues Financial Trend Analysis on Ransomware. The U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) is issuing a Financial Trend Analysis on ransomware incidents in Bank Secrecy Act (BSA) data between 2022 and 2024, which totaled more than $2.1 billion in ransomware payments… Previous FinCEN Financial Trend Analyses have focused on reported ransomware payments and incidents by the date the activity was filed with FinCEN. Today's report shifts the focus to the incident date of each ransomware attack and offers greater visibility into the activities conducted by ransomware actors.• Reported Ransomware Incidents and Payments Reach All-Time High in 2023• FinCEN Data Shows Ransomware Payments Top $2.1B in Just Three Years• Financial Services, Manufacturing, and Healthcare were the Most Impacted Industries• The Onion Router (TOR) was the Most Common Communication Method Reported• ALPHV/BlackCat was the Most Prevalent Ransomware Variant Between 2022 and 2024• FinCEN analysis shows scope of ransomware problemFive-page draft Trump administration cyber strategy targeted for January release; The six-pillar document covers a lot of ground in a short space, and could be followed by an executive order implementing it, according to sources familiar with the draft. America 250: Presidential Message on the Anniversary of the Monroe Doctrine• Here's what the new National Security Strategy says about threats to critical infrastructure• New US National Security Strategy reveals Trump administration's latest stance on TaiwanFBI PSA: Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams. The Federal Bureau of Investigation (FBI) warns the public about criminals altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams. The criminal actors pose as kidnappers and provide seemingly real photos or videos of victims along with demands for ransom payments… Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one if the ransom is not paid immediately. The criminal actor will then send what appears to be a genuine photo or video of the victim's loved one, which upon close inspection often reveals inaccuracies when compared to confirmed photos of the loved one. Examples of these inaccuracies include missing tattoos or scars and inaccurate body proportions. Criminal actors will sometimes purposefully send these photos using timed message features to limit the amount of time victims have to analyze the images.Quick Hits:• US leader of global neo-Nazi terrorist group signals retribution for arrests• ASD: Information stealers are on the rise, are you at risk? • UK NCSC: Prompt injection is not SQL injection (it may be worse)
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• WaterISAC – EPA: National Security Information Sharing Bulletin – Q4 2025 & Access the PDF• Canadian Centre for Cyber Security: The cyber threat to Canada's water systems: Assessment and mitigation• Canadian Centre for Cyber Security: Don't take the bait: Recognize and avoid phishing attacks - ITSAP.00.101• How cannabis businesses can go digital while thwarting hackers Main Topics:• Semperis Warns That Holiday & Weekend Gaps Leave Critical Infrastructure Open to Ransomware Attacks• FBI San Diego Warns Shoppers to Be Aware of Scams During the 2025 Holiday Season• FBI PSA: Account Takeover Fraud via Impersonation of Financial Institution Support• Take9: Cyber threats are everywhere. And getting sneakier. What can you do to protect yourself, your community and our nation? Take a 9-second pause and think before you click, download, share. A short pause goes a long way.• JCAT First Responder's Toolbox: Tech Sector Outreach: Identifying Violent Extremist Indicators and Reporting Mechanisms for Online Service Providers Quick Hits:• OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide• CISA: Mobile Communications Best Practice Guidance • CISA: Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
On this week's Security Sprint, Dave and Andy get ready for hte holidays with a full menu of topics that include:Warm Open:· Happy23rd birthday to DHS!· WaterISAC's Quarterly Water SectorIncident Summary, April to June 2025 – Executive Summary· GridEx VIII – Surge in ParticipationReflects Importance of Exercising Emergency Preparedness· Cloudflare outage on November 18, 2025 Main Topics: Insider Threats: Former contractor admits to hackingemployer in retaliation for termination· CrowdStrike catches insider feeding information to hackers· Rising cost of trust as insider behavior becomes a weak link in critical infrastructure cyber defense Blended Threats, you say? AWS: New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare & Amazon details Iranian “cyber-enabled kinetic targeting” operations Quick Hits:· House AI terrorism bill spotlights extremist use of generative AI for propaganda and training · Obscura Ransomware: A Case Study in Ransomware Data Loss· Overconfidence is the new zero-day as teams stumble through cyber simulations· The SANS 2025 State of ICS Security Report: Progress, Pressure, and the Path to Resilience· CISA Releases New Guides to Safeguard Critical Infrastructure from Unmanned Aircraft SystemsThreats· Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers· United States, Australia, and United Kingdom Sanction Russian Cybercrime Infrastructure Supporting Ransomware
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Happy Birthday to CISA! The Cybersecurity and Infrastructure Security Agency turned seven on Sunday. • Government funding bill temporarily revives cybersecurity information-sharing law• The Gate 15 Interview EP 64: Cody Barrow, CEO, EclecticlQ. “Nothing in cyber happens without a reason.”• Faith-Based (U.S.): FB-ISAO Newsletter, v7, Issue 10Main Topics:Cybersecurity!• OWASP Top Ten. Welcome to the 8th installment of the OWASP Top Ten! • ASD: Annual Cyber Threat Report 2024-2025• Checkout.com: Protecting Our Merchants: Standing Up to Extortion: “We will not be extorted by criminals. We will not pay this ransom.” Holidays & Hostile Events!• Europol: 10 years on: remembering the victims of the 13 November terrorist attack in Paris• DOJ: New Jersey Man Charged with Cyberstalking in Connection with Violent Network ‘764'• Indiana Republican called out by Trump on redistricting is swatted• Marjorie Taylor Greene Says She Received Pipe Bomb Threat: What We Know• Terror plot arrests reveal ‘more dangerous' online pathway to ISIS radicalization in America• Suspects charged in alleged Michigan Halloween terror plot eyed attack on Chicago Pride Parade: Docs • Racists are now openly targeting Indian Americans• Is left-wing terrorism returning? Quick Hits:• Blended Threats! Risky Biz News - German TV station hacked: A cyberattack has disrupted the broadcast of German radio station Radio Nordseewelle. Hardware components were damaged in the attack and had to be replaced. The broadcaster said it had to rebuild large parts of its IT network. The hack took place days after a similar incident crippled the transmission of Dutch radio and TV station RTV Noord. [Tarnkappe]
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Cody Barrrow, CEO, EclecticlQ. Cody is a cybersecurity industry leader with over 20 years of public and private sector experience in the US and EU, holding leadership positions within the Pentagon, National Security Agency/US Cyber Command, Fortune 25, and commercial vendors as well as a number of other positions with the US Government and across the cybersecurity community. Since 2019, he has been with EclecticIQ, the Amsterdam-based European leader in cybersecurity technologies servicing central governments and large enterprises, where he took over as Chief Executive Officer in 2024. Cody has a Bachelor of Science in Political Science from the University of Maryland. Learn more about Cody on LinkedIn.In the discussion Cody and Andy cover:Cody's background.EclecticIQ, “The Threat Intelligence Platform that understands your business”“I'm not really big on hype.” Cody's perspective on threats, resilience, AI and more.Single points-of-failure, reducing dependencies, and “being anti-fragile”The importance of being adaptableCoffee and whisky, all day longBeing an ex-patRanch dressingAnd more!Selected links:EclecticIQ
In the latest episode of Nerd Out, Dave and Alec are joined by Joe Levy who talks about his role and the day to day of managing a venue. Then the group talks about outdoor venue security and other preparedness activities incorporating drone threat and building lasting partnerships. The gang then talked about winter weather preparedness before wrapping up their security talk with a look back to the recent elections and a look ahead to 2026.Finally, they continued their holiday kick-off with a run through their favorite holiday food and drinks.
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:Critical infrastructure sectors on the most concerning threats – and needed solutions. “With critical infrastructure constantly under myriad threats, sector-focused information sharing and analysis centers and organizations collect, analyze and disseminate actionable cyber and physical threat information to stakeholders and provide them with tools to mitigate risks and enhance resiliency. To mark Cybersecurity Awareness Month, Threat Beat asked: 1) What is the most pressing short-term security concern in your sector? 2) What is one thing the public and/or industry/government can do now to address this?” Responses include DNG-ISAC, E-ISAC, FB-ISAO, Food and Ag-ISAC, Health-ISAC, MS-ISAC, ONE-ISAC, Space ISAC, and WaterISAC. Main Topics:Canadian Centre for Cyber Security: Alert - AL25-016 Internet-accessible industrial control systems (ICS) abused by hacktivists. In recent weeks, the Cyber Centre and the Royal Canadian Mounted Police have received multiple reports of incidents involving internet-accessible ICS. One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community. Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms. A third one involved a grain drying silo on a Canadian farm, where temperature and humidity levels were manipulated, resulting in potentially unsafe conditions if not caught on time. Hackers are attacking Britain's drinking water suppliers(TLP:CLEAR) Threat Analysis for the Water and Wastewater Sector, October 2025 – Executive SummaryThreat Snapshot: Cyber Threats Remain Heightened Amid Lapse In Information Sharing Authorities, Government Shutdown. As Cybersecurity Awareness Month comes to a close and Critical Infrastructure Security and Resilience Month nears, today, the House Committee on Homeland Security released an updated “Cyber Threat Snapshot,” outlining the heightened threats posed by malign nation-states and criminals to U.S. networks and critical infrastructure since 2024. Read the previous “Cyber Threat Snapshot,” which outlined threats from 2021 through 2024, here. 2 shot dead at Tennessee plastics plant by gunman who was ex-employee. Two employees of a plastics maker were fatally shot Monday morning in Cleveland, Tennessee, by an employee in the process of termination, authorities said. The two men killed at Barku Plastics were Tobias Gleinig and Ivan Aldergot, police said. Both were supervisors at the plant and citizens of Germany, Cleveland Police Capt. Evie West said at a news conference Monday night. Barku is a subsidiary of Barku Kunststofftechnik, a plastics producer established in Germany in 1977, which confirmed the "violent deaths" of Gleinig and Aldergot in a statement.Quick Hits:• Hurricane Melissa makes historic landfall in Jamaica as Category 5 storm• 'Total devastation': Hurricane Melissa leaves trail of destruction, flooding in Jamaica• ‘Tremendous unprecedented devastation' in Jamaica from Hurricane Melissa, UN coordinator says• Hurricane Melissa death toll nears 50 as Jamaica relief efforts intensify and storm heads north• Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says
On the latest episode of Nerd Out, Dave and Alec welcome back Hunter Headapohl to deep dive into Cybersecurity Awareness Month and cyber threats.CSAM Key points and why this is important for organizations as well as tips to follow.Cyber threats they are keeping an eye out for.Top of mind concerns and tips.References from the discussion include:After the security nerd discussions, the trio turned to other nerd news with a little Halloween theme.Favorite candiesFavorite Halloween-themed movies or showsThe 3rd season of Star Wars VisionsNew movies they would recommend
On this week's Security Sprint, Dave and Andy covered the following topics:Warm Open• H2OSecCon 2026 Call for Presentations• Critical infrastructure sectors on the most concerning threats – and needed solutions. “With critical infrastructure constantly under myriad threats, sector-focused information sharing and analysis centers and organizations collect, analyze and disseminate actionable cyber and physical threat information to stakeholders and provide them with tools to mitigate risks and enhance resiliency. To mark Cybersecurity Awareness Month, Threat Beat asked: 1) What is the most pressing short-term security concern in your sector? 2) What is one thing the public and/or industry/government can do now to address this?” Responses include DNG-ISAC, E-ISAC, FB-ISAO, Food and Ag-ISAC, Health-ISAC, MS-ISAC, ONE-ISAC, Space ISAC, and WaterISAC.• CISA's international, industry and academic partnerships slashed. The cuts “create a dangerous void,” said Errol Weiss, chief security officer for the Health Information Sharing and Analysis Center. “The health sector is one of the most targeted and vulnerable, and this is exactly the wrong time to be pulling back federal support.• Kristi Noem pledged to boost the nation's cybersecurity. She gutted it instead• Trump Administration Cuts Cyberdefense Even as Threats Grow• U.S. Cyberspace Solarium Commission Annual Assessment: America's Cyber Resiliency in 2025: Lessons from the Fifth CSC 2.0 Annual Assessment & US ‘slipping' on cybersecurity, annual Cyberspace Solarium Commission report concludes Main Topics:Ransomware recovery perils: 40% of paying victims still lose their data. Paying the ransom is no guarantee of a smooth or even successful recovery of data. But that isn't even the only issue security leaders will face under fire. Preparation is key.• UK Government: Supply chain resilience against ransomware • JLR hack is costliest cyber attack in UK history, say analystsMelissa becomes third Category 5 hurricane of the extraordinary 2025 season• NHC issuing advisories for the Atlantic on Hurricane Melissa• Key messages regarding Hurricane Melissa (en Español: Mensajes Claves)• Melissa leaps from tropical storm to Category 4 hurricane in 18 hours• Category 5 Hurricane Melissa's eye is nearing Jamaica and conditions are worseningQuick Hits:• Palo Alto Networks: Why Threat Actors Succeed• LA Metro digital signs taken over by hackers• Chatbots Are Pushing Sanctioned Russian Propaganda
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• The White House fired 176 CISA employees on Friday, with more layoffs fearedLayoffs, reassignments further deplete CISA• Top cyber lawmaker wants answers on CISA workforce reductions• Tech industry unites behind bipartisan effort to urgently reauthorize US cyber threat information sharing law• What They Are Saying: Technology Stakeholders Urge Passage Of Peters & Rounds Bipartisan Bill To Restore Critical Cybersecurity Protections (CISA 2015)Main Topics:F5, AWS, Third Party Risk & Resilience:• AWS: Operational issue - Multiple services (N. Virginia). • AWS: Operational issue - Multiple services (N. Virginia). [RESOLVED] Increased Error Rates and Latencies• What the Huge AWS Outage Reveals About the Internet• AWS outage exposes Achilles heel: central control plane• F5: K000154696: F5 Security Incident• F5, Inc. Form 8K • ED 26-01: Mitigate Vulnerabilities in F5 DevicesRansomware & Data Breaches: • IT-ISAC: Quarterly IT Sector Ransomware Analysis Q3 2025, July -September. PDF.• BlackFog's 2025 Q3 Ransomware ReportArctic Wolf 2025 Human Risk Report Reveals Escalating Breaches, Overconfidence in Phishing Defenses, and Risky AI Behavior. Key findings from the 2025 Human Risk Behavior Snapshot include:Quick Hits:• AG Platkin Sets Standards for Active-Shooter Readiness • Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data• NCSC Warns Data Centres Face Rising Cybersecurity Threats• Microsoft Dominates Phishing Impersonations in Q3 2025 • UK NCSC - UK experiencing four 'nationally significant' cyber attacks every week• UK NPSA: Protecting our Democratic Institutions: Countering Espionage and Foreign Interference • DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Russia, China and North Korea are using ChatGPT to influence you — here's how. A new report from OpenAI found foreign adversaries are increasingly using artificial intelligence to power hacking and influencing operations. The report found they were using OpenAI's popular tool ChatGPT. The report showed those adversaries include Russia, China and North Korea. “AI-enabled attacks are becoming more capable and harder to detect,” Daryl Lim, affiliate at the Center for Socially Responsible Artificial Intelligence at Penn State University, told Straight Arrow News. “Adversaries can personalize attacks, evade filters and iterate faster than before.”• The Case for AI Loss of Control Response Planning and an Outline to Get Started• Can Humans Devise Practical Safeguards That Are Reliable Against an Artificial Superintelligent Agent?The true cost of cyber attacks - and the business weak spots that allow them to happen. What makes companies like Jaguar Land Rover and Marks & Spencer particularly vulnerable is the way in which their supply chains work.• UK NCSC: UK experiencing four 'nationally significant' cyber attacks every week• Cyber attack contingency plans should be put on paper, firms told• Policyholder Plot Twist: Cyber Insurer Sues Policyholder's Cyber Pros• The Ransomware Pricing Paradox: An Empirical Study of the Six Stages of Ransomware Negotiations. PDF• Paying off cyber criminals no guarantee stolen data won't be published – studySevere Weather: Hurricane Season continues18 Oct: No Kings nationwide protestsQuick Hits:• Peace in Israel and Gaza?• Sen. Peters tries another approach to extend expired cyber threat information-sharing law & Peters & Rounds Introduce Bipartisan Bill to Restore Critical Cybersecurity Protections• Yet another shutdown and its impact on cybersecurity professionals• Experts: Shutdown Strains Healthcare Cyber Defenses• Is the government shutdown impacting info sharing for healthcare cyber threats? • ICYMI! Gate 15 Weekly Security Sprint EP 130. The Evangelist has returned! Cybersecurity Awareness Month and more! • Poland says cyberattacks on critical infrastructure rising, blames Russia• Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS• Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense• Belgian PM reported to be among targets of ‘jihad-inspired' drone plot• Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign
In this special (and now maybe annual!) episode of The Gate 15 Interview, live from the floor of TribalNet 2025, Andy speaks with TribalHub's Senior Marketing & Communications Manager, Michelle Bouschor, as they catch up and talk incident response, why non-IT leaders need to be part of the conversation, and what's trending across the conference. Plus, Michelle throws out a fun popup question: what would Andy do if he weren't working in tech? Listen on Spotiy, Apple or the TribalHub page at podbean!Relevant to their conversation: Tribal-ISAC Unveils Cybersecurity Report. The Tribal Information Sharing and Analysis Center (Tribal-ISAC) released its first-ever report, The Pulse – The State of Cybersecurity Within Tribal Nations, during the Annual TribalNet Conference and Tradeshow in early September. The report was produced by the Tribal-ISAC with assistance from TribalHub, and features cybersecurity insights, trends and more gathered from three key sources: Tribal-ISAC's 2025 “Tribal Cybersecurity” Survey, TribalHub's “How Prepared is Your Tribe for AI?” Survey, and Gate 15's CHIEF and NATIVE Reports.More than two-thirds report zero or only one dedicated cybersecurity staff member, despite facing similar regulatory pressures as larger entities.Budget allocations remain modest, with more than 60% dedicating less than 20% of their technology budget to cybersecurity.73% of respondents anticipate increased cybersecurity spending in 2026, and 1% expect a decrease, signaling a shift toward resilience and threat mitigation.74% of organizations received no federal or state cybersecurity grants in 2025.Additional selected links:TribalNet 2025Tribal-ISACThe Pulse – Tribal-ISAC's new annual cybersecurity report!
On this week's episode of the Security Sprint, Andy is joined by the Cybersecurity Evangelist herself, Jennifer Walker as well as Sadie Anne Jones! Together they covered the following topics:Warm Open:• Tribal-ISAC Unveils Cybersecurity Report & Tribal-ISAC cybersecurity report delivers data, insights into risks• (TLP:CLEAR) WaterISAC Physical Security Advisory Committee: Insider Threat Management – Fact Sheet.• Colin Wood on Bluesky: “October isn't only cyber awareness month. It's also National Popcorn Poppin' Month, National Adopt a Shelter Dog Month and Eczema Awareness Month. There's something for everyone, really” It's also National Pizza Month!Main Topics:CISA: Cybersecurity Awareness Month - Building a Cyber Strong America. October is Cybersecurity Awareness Month! This year's theme is Building a Cyber Strong America, highlighting the need to strengthen the country's infrastructure against cyber threats, ensuring resilience and security. • Cybersecurity Awareness Month Toolkit• DHS and CISA Announce Cybersecurity Awareness Month 2025• Article: DHS, CISA kick off Cybersecurity Awareness Month 2025 to protect critical services, boost national resilienceCybersecurity Information Sharing Act of 2015 (CISA 2015): • CISA 2015 sunsets: Cyber Threat sharing without a net? • CISA Liability Protections Terminate - What Legal & InfoSec Need to Know Before Sharing Cyber Threat Information• Cyber Threat Information Sharing at Risk: What Companies Should Consider if the Cybersecurity Information Sharing Act of 2015 Is Not Renewed• Cyber defenders on edge amid shutdown furloughs, expired authorities• Information sharing under CISA 2015 in limbo after government shuts downQuick Hits:• Judge temporarily blocks use of National Guard in Portland• USNORTHCOM statement regarding protection of federal property and personnel in the Portland Area• Trump says US is in ‘armed conflict' with drug cartels after ordering strikes in the Caribbean• Venezuela says it detected 5 US ‘combat planes' flying 75km from its coast, calls it a ‘provocation'• Clop extortion emails claim theft of Oracle E-Business Suite data• Active exploitation of vulnerability affecting Oracle E-Business Suite• Oracle Security Alert Advisory - CVE-2025-61882• CISA and UK NCSC Release Joint Guidance for Securing OT Systems• Shutdown guts U.S. cybersecurity agency at perilous time• CISA to furlough 65% of staff if government shuts down this week• UK NPSA - Manchester Incident • Security boost for Irish Jews after Manchester synagogue attack• Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalNet 2025: Cybersecurity Is Central to IT Modernization for Tribes • Cyberattacks remain big threat for tribes: survey • CISA to furlough 65% of staff if government shuts down this week• Cyber shutdown showdownMain Topics:Domestic Hostile Events:• Deadly attack on Michigan church leaves investigators searching for motive• Michigan church shooter was Marine veteran who White House official says "hated people of the Mormon faith"• Update from FBI Detroit on Shooting and Fire at a Michigan Church• Michigan church shooting suspect went on anti-LDS tirade, political candidate said• Armed man busted after plowing car through police barricade outside Michigan church day after deadly shooting, blaze• Iraq War veteran Thomas Sanford ID'd as gunman who attacked Grand Blanc LDS church, killing 4 and setting it ablaze• What we know about Michigan church shooter Thomas Sanford. Authorities have provided no motive for the attack.• Who is Michigan church attacker Thomas Jacob Sanford: Iraq war vet 'suffered from PTSD' and wore 'Make Liberals Cry Again' shirt• A List of Notable Shooting Attacks on Houses of Worship in the US in the Past 20 Years• Marine veteran in custody after 3 killed, at least 8 injured in shooting at a waterfront bar in North Carolina, officials say & Southport mass shooting: Suspect identified in gunfire from boat that killed 3, injured 8, officials say• Eagle Pass casino shooting: 2 killed, 5 hurt; suspect in custody, authorities say & Two dead, six hurt in shooting at Texas tribal casino; suspect in custodyRansomware• 'You'll never need to work again': Criminals offer reporter money to hack BBC• Co-op says cyber-attack cost it £206m in lost sales Quick Hits:• CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices• Threat Insights: Active Exploitation of Cisco ASA Zero Days • CISA - SonicWall Releases Advisory for Customers after Security Incident• Widespread Supply Chain Compromise Impacting npm Ecosystem• Russia dares NATO to shoot • New Kremlin-Linked Influence Campaign Targeting Moldovan Elections Draws 17 Million Views on X and Infects AI Models• Bot Networks Are Helping Drag Consumer Brands Into the Culture Wars• Outrage Cycle: Cracker Barrel and its CEO Targeted Amidst Logo Controversy• CISA Releases Advisory on Lessons Learned from an Incident Response Engagement• Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations• Designating Antifa as a Domestic Terrorist Organization• Fact Sheet: President Donald J. Trump Designates Antifa as a Domestic Terrorist Organization• Ranking Member Thompson Statement on Trump Incorrectly Designating ‘Antifa' as a Domestic Terrorism Organization• DHS Issues Statement on Targeted Attack on Dallas ICE Facility3 people shot at Dallas ICE field office: ICE official • Trump Says He Is Ordering Troops to Portland, Escalating Domestic Use of Military• Trump Says He's Sending Troops To ‘War Ravaged' America City — Authorizes ‘Full Force'• Pentagon calls up 200 National Guard troops after Trump Portland announcement• Oregon leaders object to Trump's deployment of 200 National Guard troops in the state• Feds march into downtown Chicago; top border agent says people are arrested based on ‘how they look'• ICE tactics inflame tensions in New York, Chicago and other cities• Shane Tamura, gunman in shooting at NFL headquarters, had CTE: Medical examiner
On the latest episode of Nerd Out, Dave and Alec talked about the following topics:The Charlie Kirk assassination and what it means for outdoor events.Politically motivated violence.The Michigan church attack - vehicle ramming, active shooter, and arson - and extending the perimeter.The North Carolina boat attack and considering all types of scenarios.Other Nerd topics to include what we are watching, the Mandalorian and Grogu trailer, and more.Some of the articles reference in the pod included:America Must Reclaim the Center Before Political Violence Becomes the Norm - https://thesoufancenter.org/intelbrief-2025-september-26/A look at research on Americans' changing attitudes toward political violence - https://www.npr.org/2025/09/12/nx-s1-5538063/a-look-at-research-on-americans-changing-attitudes-toward-political-violence10 Political Violence Experts on What Comes Next for America - https://www.politico.com/news/magazine/2025/09/12/charlie-kirk-political-violence-exp[…]ysis-00558638?utm_content=user/politico&utm_source=flipboardLeft-Wing Terrorism and Political Violence in the United States: What the Data Tells Us - https://www.csis.org/analysis/left-wing-terrorism-and-political-violence-united-states-what-data-tells-us#h2-left-wing-terror[…]ents-are-on-the-riseAnalysis: What data shows about political extremist violence - https://www.pbs.org/newshour/politics/right-wing-extremist-violence-is-more-frequent-and-deadly-than-left-wing-violence-data-shows'People are scared': Congress grapples with increasing political violence - https://www.npr.org/2025/09/16/g-s1-89053/people-are-scared-congress-grapples-with-increasing-political-violence
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalNet: Casino-systems suppliers protecting operations from cyberattacks • TribalNet: AI main focus of tribal technology conference• TribalNet 2025: Cybersecurity Is Central to IT Modernization for Tribes• The Gate 15 Interview EP 62: Justine Bone, Executive Director, Crypto ISACMain Topics:U.S. Secret Service dismantles imminent telecommunications threat in New York tristate area. The U.S. Secret Service dismantled a network of electronic devices located throughout the New York tristate area that were used to conduct multiple telecommunications-related threats directed towards senior U.S. government officials, which represented an imminent threat to the agency's protective operations. This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites. In addition to carrying out anonymous telephonic threats, these devices could be used to conduct a wide range of telecommunications attacks. This includes disabling cell phone towers, enabling denial of services attacks and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises. While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.Ransomware!• EU cyber agency says airport software held to ransom by criminals • A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster • Rising cyberattacks on K-12 schools prompt concern as Uvalde CISD grapples with ransomwareCyber threat information law hurtles toward expiration, with poor prospects for renewal• Rand Paul's last-minute demands push key cybersecurity law to the brink• Peters Urges Senate to Quickly Extend Critical Cybersecurity Protections That Expire on October 1st• Health-ISAC CSO: A Looming Deadline: The Cybersecurity Information Sharing Act of 2015• RER and Coalition Urges TRIA Reauthorization• Commentary: Shrinking cyber budgets and rising threats: Why public-private partnerships are now mission-criticalUS threats and violence• MN man threatened people via email as retaliation for Charlie Kirk's death: Charges• NH Man Arrested for Allegedly Plotting to Kill Republican Governor Kelly Ayotte With Pipe Bombs• NCTC Supports U.S. Law Enforcement, First Responders by Sharing Intel Product Aimed at Deterring Attacks by Al-Qa'ida• ISIS calls for slaughter of Christians and Jews in UK attacks – 'shoot, stab, and ram' Quick Hits:• FBI PSA: Threat Actors Spoofing the FBI IC3 Website for Possible Malicious Activity• NHC issuing advisories for the Atlantic on Hurricane Gabrielle• UK NPSA: Vehicle Security Barriers at Event Venues • TikTok: Statement from ByteDanceo Deal to Keep TikTok in U.S. Is Near. These Are the Details.o Trump expected to approve TikTok deal via executive order later this week, WSJ reports• OpenAI admits AI hallucinations are mathematically inevitable, not just engineering flaws
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Justine Bone, Executive Director, Crypto ISAC. She has worked at the intersection of technology, governance, and investment for over twenty years from her start in the intelligence community with the New Zealand GCSB and the U.S. NSA, and has since spanned CEO roles, multinational board appointments, and global advisory positions. Today she serves as Executive Director of the Crypto ISAC, leading global collaboration at the nexus of digital assets, cybersecurity, and governance, and working with public and private stakeholders to build trust and resilience in international markets. She has also held leadership roles at Dow Jones, Bloomberg, and MedSec, and worked with public–private collaborations alongside the FDA, DHS, and DOD. Learn more about Justine on LinkedIn.In the discussion Justine and Andy cover:Justine's background.Crypto ISAC's mission and community.Threats to the blockchain and crypto industry, including the threat from North Korea.Personal and organizational crypto security considerations.What's ahead in 2026.Resilience and the power of information sharing.We play 3 Questions!“there's a lot that's the same, but there's a lot that's different”Selected links:Crypto ISAC(TLP:CLEAR) North Korea IT Worker Threat Report: Threat Overview and Mitigation. This report is a collaboration that incorporates analysis from several leading Information Sharing and Analysis Centers (ISACs), including Crypto ISAC, Oil and Natural Energy ISAC (ONE-ISAC), Real Estate ISAC, Tribal ISAC, WaterISAC, the Faith-Based Information Sharing and Analysis Organization (ISAO), and Gate 15
In that latest episode of the Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalNet 2025!• FB-ISAO Releases an All-Faiths Analysis of Attacks on U.S. Houses of Worship in 2024, FB-ISAO Releases an All-Faiths Analysis of Attacks on U.S. Houses of Worship in 2024 & FB-ISAO Newsletter• Water at the 2025 WaterPro Conference• Errol LinkedIn: A Looming Deadline: The Cybersecurity Information Sharing Act of 2015• Health-ISAC and CI-ISAC Australia joint white paper Main Topics:Charlie Kirk Assassination• The Hostile Event Attack Cycle (HEAC)• De-escalation Reference Card: CISA De-escalation Reference Card & CISA De-escalation Reference Card Printer FriendlyInsider Threat Awareness Month: Fake Faces, Real Damage: The Corporate Risk of AI-Powered Manipulation. Security professionals are rapidly confronting a new reality: artificial intelligence (AI) and big data, while excellent tools for improving productivity and business operations, are equally lowering the barriers for sophisticated attacks by a wide range of threat groups. From hostile nation-states to issue-motivated groups to cybercriminals, these technologies are enabling attacks that are more personalized, scalable, and harder to detect. The widespread availability of our personal data—from what we post on social media to the massive resale of information gathered by data brokers from both our devices and our online activity—has made open-source data the key ingredient for highly effective AI-driven deception and disruption and enabled the creation of deepfakes.Quick Hits:• NOAA - Hurricane Erin: When distant storms pose a danger to America's coastal communities• Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure• 'Chilling reminder': Multiple historically Black universities under lockdown after receiving threats• 1 injured while U.S. Naval Academy building was cleared after reported threat• Police Swarm UMass Boston After Unconfirmed Shooting Report Sparks Campus Chaos• USCP Clears False Bomb Threat & Police clear possible bomb threat at DNC headquarters• A shooting at Denver-area high school leaves community shaken during third week of school• Man Pleads Guilty to Attempting to Use a Weapon of Mass Destruction and Attempting to Destroy an Energy Facility in Nashville• Out of the woodwork: Examining the global aspirations of The Base• The Online Radicalization of Youth Remains a Growing Problem Worldwide• CTC - The Global State of al-Qa`ida 24 Years After 9/11 • 18 Popular Code Packages Hacked, Rigged to Steal Crypto• Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads• npm Supply chain Attack: Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents• Salesloft: March GitHub repo breach led to Salesforce data theft attacks• Ransomware Losses Climb as AI Pushes Phishing to New Heights• Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Patch It or Pay: Closing the Door on Exploits. This blog is part of Gate 15's Summer of Security: Ransomware Resilience Series, highlighting the essential considerations for organizational leaders and cybersecurity professionals.Main Topics:• House panel approves cyber information sharing, grant legislation as expiration deadlines loom• CISA Delays Cyber Incident Reporting Rule for Critical InfrastructureRansomware & Data Breaches: • Australian Government - Australian Institute of Criminology: Examining the activities and careers of ransomware criminal groups. PDF • Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response• Cyberattack on Jaguar Land Rover threatens to hit British economic growth• Hackers linked to M&S breach claim responsibility for Jaguar Land Rover cyber-attack • How JLR's Cyber Breach is Disrupting Global Operations • Jaguar Land Rover staff home for another day as company reels from cyber attackPresidential Message on National Preparedness Month• National Insider Threat Awareness Month; Help prevent the exploitation of authorized access from causing harm to your organization• Plan to avoid scams this National Preparedness Month• ABA Foundation and FBI Release New Infographic to Help Americans Spot and Avoid Deepfake ScamsQuick Hits:• All IT work to involve AI by 2030, says Gartner, but jobs are safe. All work in IT departments will be done with the help of AI by 2030, according to analyst firm Gartner, which thinks massive job losses won't result.• Salesloft Drift updates• Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers• Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack• Frostbyte10 flaws in Copeland E2 and E3 controllers highlight cyber threats to refrigeration, HVAC, lighting infrastructure• Czech NUKIB alerts critical infrastructure sector to rising cyber risks from Chinese data transfers, remote management• ‘Unrestrained' Chinese Cyberattackers May Have Stolen Data From Almost Every American• Chinese Hackers Impersonate US Lawmaker in Malware Scheme During Trade Talks• US military kills 11 in strike on alleged drug boat tied to Venezuelan cartel, Trump says• Targeting Iran's Leaders, Israel Found a Weak Link: Their Bodyguards• U.S. and Canadian Intelligence Partners Issue Guidance to Protect Western Tech Startups from Exploitation in International Pitch Competitions • The Blockchain Is Not Your Friend: Examining EtherHiding and using Blockchain for Attacks• New Cyber Resources from the Canadian Centre for Cyber Security: Cyber security hygiene best practices for your organization - ITSAP.10.102o Virtualizing your infrastructure (ITSAP.70.011)o Universal plug and play (ITSAP.00.008)
© 2020-2026 Ivy Podcast Discovery LLC
