Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
The attempted intrusion into Poland’s National Centre for Nuclear Research (NCBJ) represents a significant escalation in the targeting of Critical Infrastructure (CI) within the European theater. While initial reports from the Polish Internal Security Agency (ABW) indicate that the core infrastructure (specifically the MARIA research reactor) remained isolated and unaffected, the incident underscores a persistent trend of state-sponsored or high-level hacktivist groups probing the perimeter of nuclear facilities. This attack likely utilized sophisticated spear-phishing or credential harvesting techniques aimed at the administrative or research networks, which often serve as the primary gateway for lateral movement toward more sensitive Operational Technology (OT) environments.
From a technical standpoint, the containment of this breach highlights the critical importance of robust network segmentation and the “air-gapping” of Industrial Control Systems (ICS). The NCBJ’s ability to maintain the integrity of the reactor’s control systems suggests a mature defense-in-depth strategy where the IT and OT layers are strictly decoupled. However, the mere presence of unauthorized actors within the broader institutional network poses a severe risk of intellectual property theft and long-term persistence. Modern threat actors frequently deploy “living-off-the-land” (LotL) binaries to bypass traditional EDR solutions, making the detection of such lateral movements incredibly challenging for even well-resourced security operations centers.
For CISOs and security researchers, this event serves as a stark reminder that the security of nuclear facilities is no longer just about physical barriers or radiation monitoring, it is increasingly defined by the digital perimeter. The geopolitical context of Poland’s support for Ukraine adds a layer of attributional complexity, as such attacks are often synchronized with broader hybrid warfare objectives. Moving forward, the industry must prioritize the deployment of AI-driven anomaly detection within research networks to identify the subtle precursors of an intrusion before attackers can bridge the gap between administrative data and critical physical processes.
Projects
Articles
- Hacking Attempt Reported at Poland’s Nuclear Research Center – Initial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag.
- Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach – The medtech giant has been working on restoring systems affected by the cyberattack conducted by the Handala hackers.
- Nordstrom’s email system abused to send crypto scams to customers – Customers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick’s Day promotion.
- Department stores and online retailers exposed in AI chatbot logs and audio recordings data leak – I recently discovered 3 separate publicly exposed databases that were not password-protected nor encrypted. The databases contained a total of 3.7 million chat log transcripts, audio recordings, and text transcriptions of phone calls ranging from 2024-2026.
- Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish – In an unsuccessful phishing attack, threat actors leveraged trusted brands and domains to try to redirect a C-suite executive at Outpost24 to give up his credentials.
- New “Darksword” iOS exploit used in infostealer attack on iPhones – A new exploit kit for iOS devices and delivery framework dubbed “DarkSword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet app.
- Max severity Ubiquiti UniFi flaw may allow account takeover – Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts.
- Ex-data analyst stole company data in $2.5M extortion scheme – A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor.
- North Korea’s 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un – Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators
- FBI links Signal phishing attacks to Russian intelligence services – The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts.