Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former FinWise employee may have accessed nearly 700K customer records

The data breach at FinWise Bank, which affected nearly 700,000 customer records, highlights the significant and often prolonged risk posed by former employees. A former staff member was able to potentially access sensitive information for over a year after their employment ended, demonstrating a critical failure in the company’s offboarding and access control protocols. While FinWise Bank has taken standard corrective measures, such as hiring cybersecurity professionals and offering free credit monitoring to the 689,000 affected customers, the incident underscores the severe consequences of a breach that goes undetected for a lengthy period.

This incident is not isolated and falls into a growing pattern of insider-related data breaches. The article cites similar, high-profile cases at companies like Coinbase and Rippling, where former or current employees were found to have maliciously accessed or stolen data. The problem extends beyond malicious intent to include accidental breaches, such as misdirected emails. The recurring nature of these events, including a statistic about student-caused cyberattacks in schools, points to a systemic vulnerability in how organizations manage and secure internal access to sensitive information.

Experts suggest that a more strategic approach to personnel security is needed to counter these risks effectively. The analysis from Paul Martin of RUSI points out the “lacking strategic thinking” in the field and recommends proactive measures rather than reactive ones. He advocates for a stronger internal security culture, built on trust, and the creation of a dedicated working group to aggregate and analyze data that could indicate insider malfeasance. By improving these internal processes, organizations like FinWise could better protect themselves from the risks posed by both current and former employees, thus preventing future incidents of this scale.

Projects

• TryHackMe – Log Fundamentals – In Progress

Papers

• DTEX 2025 Cost of Insider Risk Global Report

Articles

• 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet – Hackers leaked 600 GB of data linked to the Great Firewall of China, exposing documents, code, and operations. Full details available on the GFW Report.
• Google confirms hackers gained access to law enforcement portal – Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company.
• Former FinWise employee may have accessed nearly 700K customer records – Bank says incident went undetected for over a year before discovery in June.
• Scattered Spider ransomware group abruptly decides to end operations – for now, at least: The Scattered Spider ransomware group and more than a dozen other hacker buddies have abruptly decided to close up shop. Apparently, the pressure from law enforcement agencies has become too hot to handle.
• RaccoonO365 Phishing Service Disrupted, Leader Identified – Microsoft and Cloudflare have teamed up to take down the infrastructure used by RaccoonO365.
• Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims – Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.”
• BreachForums Owner Sent to Prison in Resentencing – Conor Fitzpatrick, who pleaded guilty in July 2023, was sentenced last year to time served and supervised release.
• UK arrests ‘Scattered Spider’ teens linked to Transport for London hack – Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom.
• Tiffany Data Breach Impacts Thousands of Customers – The high-end jewelry retailer is informing customers in the United States and Canada that hackers accessed information related to gift cards.
• U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city’s public transportation agency.
• ChatGPT Tricked Into Solving CAPTCHAs – The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior.
• UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware – An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.