Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
The recent escalation in cyber-physical attacks targeting Programmable Logic Controllers (PLCs) across U.S. water and energy sectors represents a critical shift in the threat landscape. By exploiting Unitronics Vision Series PLCs through default credential sets and direct internet exposure, the Iran-affiliated group “Cyber Av3ngers” has successfully moved beyond mere data exfiltration into the realm of operational technology (OT) disruption. This incident highlights a systemic failure in securing industrial control systems (ICS), where legacy hardware is often connected to the public internet without the robust perimeter defenses typically found in enterprise IT environments.
Technically, the vulnerability lies in the lack of multi-factor authentication (MFA) and the persistence of default “1111” administrative passwords on internet-facing controllers. Once access is gained, attackers utilize the PCOM protocol to manipulate the device’s logic, change setpoints, or completely disable the human-machine interface (HMI). These actions can lead to physical consequences, such as altering chemical levels in water treatment or disrupting pressure valves in gas pipelines. The exposure of nearly 4,000 similar devices across the United States underscores a massive surface area for state-sponsored actors to conduct non-kinetic warfare with high-impact results.
For CISOs and OT security managers, this campaign serves as a definitive wake-up call regarding the convergence of IT and OT. Securing these environments requires a transition from “security by obscurity” to a zero-trust architecture specifically tailored for industrial protocols. Immediate remediation steps must include the removal of PLCs from the public internet, the implementation of robust VPNs with MFA for remote access, and the mandatory rotation of all factory-default credentials. Failure to segment these critical assets will continue to leave national infrastructure vulnerable to geopolitical tensions played out in cyberspace.
Projects
- TryHackMe – Virtualisation Basics – Complete
- TryHackMe – Cloud Computing Fundamentals – Complete
- TryHackMe – Operating Systems: Introduction – Complete
- TryHackMe – Network Security Essentials – Complete
- TryHackMe – Network Security Prtotocols- In Progress
Articles
- Telehealth giant Hims & Hers says its customer support system was hacked – Hims & Hers, the telehealth company that sells weight-loss drugs and sexual health prescriptions, has confirmed a data breach affecting its third-party customer service platform.
- LinkedIn secretly scans for 6,000+ Chrome extensions, collects data – A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data.
- Microsoft fixes Classic Outlook bug causing email delivery issues – Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com.
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit – Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.
- German authorities identify REvil and GandCrab ransomware bosses – The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021.
- Dutch healthcare software vendor goes dark after ransomware attack – ChipSoft’s website remains down but emails are functioning
- Hackers steal and leak sensitive LAPD police documents – Cybercriminals have allegedly stolen a large amount of sensitive internal documents from the Los Angeles Police Department and leaked the data online.
- Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying – Microsoft Threat Intelligence reveals how Russian hacking group Forest Blizzard uses home routers for DNS hijacking and spying.
- Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks – Federal agencies warn attackers are manipulating PLC and SCADA systems across multiple sectors, triggering operational disruptions and raising concerns over broader OT targeting.
- FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’ – The designation suggests the hackers successfully compromised swathes of sensitive data stored directly on FBI systems.
- Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack – The high-end casino and hotel operator has likely paid a ransom to avoid a data leak.
- Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access – Dozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints.
- Eurail data breach impacted 308,777 people – Hackers breached Eurail in Dec 2025, stole names and passport data, and exposed over 300,000 travelers’ personal information.
- Malicious PDF reveals active Adobe Reader zero-day in the wild – Hackers used an Adobe Reader zero-day for months. Researcher Haifei Li found a malicious PDF and asks the community to help analyze it.
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks – The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation.