Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
Ukraine Drones Avert Defeat, Fail to Secure Victory
Swarming, low-cost drones have repeatedly kept Ukraine in the fight—disrupting logistics, shortening kill chains, and preventing routs—but their impact has been largely tactical, buying time rather than delivering a decisive, war-ending breakthrough.
Ukraine’s Drone Milestone: Defense Held, Victory Uncertain
A wave of cheap, internet‑connected drones has given Ukraine game‑changing eyes and strike power—blunting offensives and keeping the country afloat—yet despite reshaping the battlefield, mass UAS have so far prevented defeat without delivering a decisive victory.
A-PNT: Essential for USV Maritime Mission Success
When GPS goes dark or is spoofed, USVs can’t rely on lookouts — they need Assured PNT. By fusing multi‑GNSS, inertial navigation and real‑time anomaly detection, A‑PNT keeps unmanned vessels safe and mission‑capable in contested seas.
Upcoming Speaking Engagements: Schedule and Key Takeaways
How do you change a system that amplifies its own noise? Join Bruce Schneier and Nathan E. Sanders on Oct 22–23, 2025 as they turn insights from Rewiring Democracy into practical prescriptions across three public events — a policy talk at Harvard’s Ash Center, a community conversation and book signing at Cambridge Public Library, and a wide-ranging virtual session with Data & Society.
Trump Administration Expands Social Media Surveillance
Heads up: the Trump administration is using AI to scan public social media posts by noncitizens and feed algorithmic flags into visa‑revocation decisions. What began as quiet open‑source monitoring has become a high‑stakes tool that can cost people their legal status.
Report: Staff Burnout Now Top Organizational Threat
A new Security Magazine–backed report finds burnout—not malware or tech gaps—is now the top security threat, because exhausted teams mean slower detection, more mistakes, and fragile defenses. Leaders must treat workforce resilience as a core security control, not an HR afterthought.
60% of Security Leaders Warn of Rapid Threat Evolution
Sixty percent of security leaders say attackers are evolving faster than defenses — a wake‑up call as crime gets industrialized into automated, turnkey attacks that prey on cloud, supply‑chain and IoT gaps. The upshot: rising costs, eroding trust and a simple choice for organizations — act now to close the gap or accept escalating risk.
Aisuru Botnet Blankets US ISPs in Record DDoS
Imagine a DDoS so huge it’s powered by the smart gadgets in your own living room — the Aisuru botnet corralled compromised IoT devices across AT&T, Comcast and Verizon to unleash nearly 30 trillion bits per second. That surge forced ISPs into an impossible choice—risk network collapse or sever millions of customers—so defenders had to rely on slow, surgical fixes instead of blunt blocks.
85,000 Pet Owner Records Exposed in Major Data Breach
Turns out your pet’s medical chart can be a treasure map for crooks — over 85,000 pet and owner records were left publicly accessible, exposing names, contact details, microchip and medical data. What starts as spam can quickly turn into targeted fraud, identity theft or even false ownership claims, putting families and animals at real risk.
Securing Critical Infrastructure With Limited Funding
Budget shortfalls don’t have to mean crippling risk — prioritize high-impact, low-cost defenses like accurate asset inventories, basic OT/IT segmentation, strong access controls, and practiced incident plans to get the biggest security gains per dollar.
Unified IT, Continuity & Security Make or Break Crisis Response
When an alarm sounds, fragmented teams and competing playbooks can turn a single incident into a drawn-out crisis — and with fast-moving adversaries and complex cloud and supply chains, partial visibility just won’t cut it. The solution isn’t only better tools; it’s aligning people, processes and decision authority with shared metrics and rehearsed runbooks so responses are fast, coordinated and accountable.
ShinyHunters Orchestrate Widespread Corporate Extortion
ShinyHunters have kicked off a sweeping campaign of corporate extortion—leaking stolen data and demanding ransoms—so read on to see how companies are fighting back and what it means for you.
Cyber Risks Are Legal Risks: Protect Your Organization
When a misconfigured cloud bucket or a single line of code can become a courtroom exhibit, cyber incidents stop being just IT problems and become legal, regulatory and contractual risks that keep boards and general counsel awake. Treat cybersecurity as corporate governance: shore up vendor contracts, document AI use, and preserve evidence before the litigation starts.
145,000 Healthcare Records Exposed in Cyberattack
About 145,000 patient records — including names, contacts and treatment notes — were left accessible online after a misconfigured cloud database, showing how a small error can expose intimate health details and invite fraud, embarrassment and legal trouble. This isn’t a cinematic hack; it’s a blunt reminder that secure-by-default cloud settings, strong access controls and encryption are essential to protect patient privacy.
US Government Shutdown Begins Oct 1, 2025
At 12:01 a.m. on Oct. 1, 2025, the U.S. government hit pause — not from disaster but from a funding lapse — furloughing hundreds of thousands, slowing passports, closing parks, and freezing grants, contracts and research. With essential services limping on and paychecks delayed, the ripple effects quickly reach families, projects and everyday life nationwide.
3 Steps to Tighten Security for Cybersecurity Month
This Cybersecurity Awareness Month, forget flashy purchases and run a short, disciplined campaign to fix the basics: tighten identity and access controls, prioritize vulnerability management and attack‑surface reduction, and rehearse detection and response — small, focused moves that stop most breaches. Start now and turn playbooks into muscle memory before the next incident.
WestJet Notifies U.S. Consumers of Data Breach
WestJet has notified U.S. customers of a recent data breach—find out what happened and the simple steps you can take now to protect your information. Stay informed and act quickly to safeguard your accounts.
5M Auto Insurance Records Exposed, Customers at Risk
What if your car insurance records were sitting unprotected online? For more than 5 million policyholders, that’s exactly what happened when a password-free auto-insurance database exposed names, policy numbers, VINs and claims details — creating prime targets for fraud, identity theft and social-engineering attacks.
Feds Tie Scattered Spider Duo to $115M in Ransoms
U.S. prosecutors say 19‑year‑old Thalha Jubair helped power Scattered Spiders telecom‑focused extortion ring, allegedly netting at least $115 million through SIM‑swap scams, social engineering and account takeovers. The cross‑border indictment is a stark wake‑up call that human trust, lax recovery policies and reused credentials—not exotic malware—still fuel major ransoms.
Cyberattack Hits European Airports, Security Leaders Respond
When check‑in screens went dark across multiple European airports, travel suddenly became chaotic and painfully human as staff scrambled to process passengers manually while security teams fought to contain the intrusion. The episode is a wake‑up call: fixing systems is only half the job — real resilience needs preparedness, clear passenger communication and tested recovery plans.
Cyberattack Hits European Airports; Security Leaders React
When flight screens go dark and kiosks fail, passengers face chaos and airport teams scramble — recent cyberattacks have exposed how fragile aviation’s digital backbone really is.
Self-Replicating Worm Compromises 180+ Software Packages
What if the package you just installed quietly handed an attacker your API keys? Researchers found a self‑replicating worm in 187 npm packages that harvests secrets during install, posts them to a public GitHub repo, and uses each new install to spread and pivot into other projects.
Microsoft Patch Tuesday: September 2025 Critical Fixes
Microsoft’s September 2025 Patch Tuesday fixes over 80 vulnerabilities — including 13 critical RCE and privilege‑escalation bugs — so it’s welcome news, but not a reason to relax. If you manage systems, prioritize internet‑facing services and identity infrastructure, stage updates in test environments, and use automation with rollback plans to avoid surprises.
Stark Industries Evades EU Sanctions via Bulletproof Host
When the EU sanctioned Stark Industries in May 2025 — a bulletproof host tied to Kremlin-linked cyberattacks — the operation simply rebranded and shifted assets, proving how shell companies and rapid infrastructure swaps let illicit networks shrug off penalties. It’s a wake-up call: sanctions alone can’t stop a well‑engineered cyber hydra.