John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
One word for this week in cybersecurity: trust. Not because anyone was building it. Because it kept falling apart.
Iran ran coordinated operations across continents. Patch Tuesday became patch-all-week. Developer tools millions rely on got caught carrying malware. AI agents went from buzzy demo to documented security risk. And the DOJ charged a ransomware negotiator who was allegedly playing both sides.
Iran Stopped Compartmentalizing
The Handala group claimed destructive hits on Stryker, the medical tech company. Albanian government systems got hit in a separate operation during the same window. GPS interference, internet shutdowns inside Iran, Meta takedowns of influence ops, security cameras in conflict zones repurposed for surveillance. All in the same week. All connected.
By Friday, Check Point tied Handala to Void Manticore, affiliated with Iran’s Ministry of Intelligence. Wiper methods, NetBird tunneling, hands-on-keyboard intrusions. This isn’t isolated incidents anymore. It’s one campaign across multiple fronts.
If you’re in healthcare or critical infrastructure, the old “nation-state threats are someone else’s problem” thinking doesn’t hold. And destructive-attack readiness is not the same exercise as ransomware readiness. Different playbook entirely.
Patch Week That Wouldn’t End
Microsoft’s Patch Tuesday covered roughly 80 vulnerabilities including two zero-days. But that was just Monday.
HPE switches had an unauth admin password reset bug. Veeam disclosed critical RCE flaws in backup infrastructure. Google pushed emergency Chrome zero-day patches. Microsoft dropped an out-of-band hotpatch over the weekend. SAP, Adobe, SolarWinds all piled on.
The old model of “block out a maintenance window after Patch Tuesday” is fiction. This week was continuous emergency response. Prioritize whatever controls trust: edge systems, identity platforms, backup infrastructure, browsers. Start there.
Your Dependencies Have Dependencies
Supply-chain attacks had a busy week. Fake npm packages were the obvious ones. Then came Polyfill getting attributed to North Korean operators. A critical RCE in simple-git. GlassWorm using invisible Unicode to hide malicious code across 151 GitHub repos. And the AppsFlyer SDK being abused to redirect crypto transactions.
These aren’t cases where someone installed something sketchy. These are attacks on software that was already trusted. Transitive dependencies, analytics SDKs baked into production apps, VS Code extensions from official channels. If your security model for third-party code is just “don’t install unknown packages,” it’s incomplete.
AI Agents Became a Security Story
Doyensec’s MCP protocol research and the “Agents of Chaos” red-team exercise showed a clear pattern: AI agents with tool-use permissions are failing basic security tests. Prompt injection resistance, access control, tool-use boundaries. Documented, reproducible failures in systems being deployed right now.
A chatbot that gives bad answers is annoying. An agent that can browse the web, modify files, and chain actions autonomously? That’s a privileged system. When prompt injection works against it, you don’t get wrong text. You get unauthorized actions with whatever permissions the agent holds.
Treat AI agents like infrastructure, not features. Minimum permissions. Human approval gates. Log everything. Assume every input could be hostile.
The Ransomware Negotiator Working Both Sides
The DOJ charged Angelo Martino, an incident response consultant, for allegedly collaborating with BlackCat ransomware operators while supposedly helping victims negotiate. Prosecutors say he and co-conspirators paid BlackCat admins a 20% cut of ransom proceeds for access to the extortion platform. Third person charged in the same conspiracy.
This hits different because it attacks the foundation of ransomware response. When you’re hit, one of the first things you do is bring in outside help. You assume they’re working for you. If they’re not, everything you share during your worst moment becomes leverage for the attacker.
Pre-vet response partners before an incident. Limit what you disclose during negotiations. Require auditable communication channels.
Also This Week
CBP reportedly bought ad-derived location data to track phones without warrants. FBI Section 702 search volumes kept climbing. The FBI asked users who downloaded specific Steam games to come forward as malware victims. Yes, really. And CISA’s ongoing capacity crisis, with sustained personnel losses and leadership churn, changes the backdrop on every other story this week.
Cyber Tip of the Week: Pick one category of inherited software trust and audit it. VS Code extensions you didn’t install directly. Analytics SDKs in your mobile apps. npm packages three levels deep. The AI agent running with admin permissions because the demo needed it. You’ll probably find something you didn’t know about.