Good Morning Security Gang!
Happy Monday, August 25th, 2025—yes, it’s 8/25/25, and we’ve got a loaded episode to kick off the week. From a million Americans caught up in the Farmers Insurance breach, to ransomware hitting Data I/O, to Colt’s stolen data being auctioned, and even the FTC warning U.S. tech companies about censorship compliance abroad, today’s show is about the clash between cybercrime, supply chain disruption, and policy battles. Grab your coffee double espresso if you’re like me and let’s dive right in.
🏦 Farmers Insurance Breach Hits 1.1M Customers
Farmers Insurance disclosed a breach impacting 1.1 million Americans. Attackers accessed customer data through a third-party vendor on May 30, exfiltrating names, addresses, DOBs, driver’s license numbers, and the last four digits of SSNs. Farmers Group and Farmers New World Life Insurance filed separate reports, confirming this was part of the ongoing Salesforce/Snowflake-style vendor compromise wave. For an insurer serving nearly 19 million policies nationwide, this is a massive customer trust issue.
💻 Data I/O Ransomware Attack Disrupts Operations
Washington-based Data I/O, which makes tech used in semiconductors, vehicles, and consumer electronics, was crippled by ransomware starting August 16. The attack shut down production, shipping, and manufacturing support systems. With Tesla, Amazon, Panasonic, and Microsoft as customers, even a small disruption ($6M quarterly sales) could have downstream economic impacts on vehicle production and charging station supply chains. The company has no restoration timeline and is awaiting a third-party investigation.
📡 Colt Technology Data Auctioned by Warlock Gang
UK telecom and network services provider Colt Technology Services confirmed stolen customer documentation is now up for auction after negotiations with the Warlock ransomware gang collapsed. Warlock is selling 1 million stolen documents for $200,000, claiming financial data, network architecture, and customer information are included. Colt says customers can request lists of what’s been leaked, but the move underscores the shift from extortion to open-market dark web data auctions.
⚖ FTC Warns U.S. Tech Firms on Foreign Censorship
New FTC Chairman Andrew Ferguson issued a warning to U.S. tech CEOs: complying with EU or UK laws to censor Americans could be considered an unfair or deceptive practice under Section 5 of the FTC Act. The warning comes as Westminster braces for clashes with U.S. officials over its Online Safety Act, while extremist platforms like 4chan and Kiwi Farms refuse compliance.
"This censorship fight is going to heat up significantly, and eventually it'll hit a boiling point. Not all democracies are equal, and the idea that you can regulate speech or go after a foreign person's speech is itself a huge overreach." James Azar
This raises new legal and sovereignty questions: if I’m an American posting from U.S. soil, should I fall under foreign censorship laws? The FTC says no.
🐼 Chinese APT “Murky Panda” Exploiting Cloud Trust
CrowdStrike and Microsoft flagged Silk Typhoon (Murky Panda) exploiting trusted relationships with cloud providers to gain downstream access. By compromising cloud service providers with delegated admin rights, attackers pivoted into customer environments, created backdoor accounts, and escalated privileges—reading emails and stealing data at scale. This campaign shows why cloud supply chain trust relationships are a growing weak link.
🛠 CISA Drafts New SBOM Framework
CISA released a draft update to its SBOM minimum elements, pushing for machine-readable transparency and four new fields: component hash, license, tool name, and generation context. The move signals that by 2026, SBOM adoption may be federally enforced, becoming critical for vulnerability management and supply chain transparency.
📱 Russian Android Spyware Targeting Executives
Researchers at Dr. Web discovered new Android spyware (Backdoor.916.origin) posing as antivirus software, developed by Russia’s FSB. It steals conversations, records audio/video, and logs messenger activity. Targeted specifically at Russian executives, the malware is continuously evolving with new versions since January, showing state-sponsored targeting of domestic businesses.
🌍 Interpol Serengeti 2.0 – 1,200 Arrests, $97M Seized
Interpol’s Serengeti 2.0 operation across 18 African nations resulted in 1,209 arrests and the seizure of nearly $100M. Police dismantled crypto-mining farms, fraudulent crypto schemes, and even human trafficking networks linked to online scams. In Zambia alone, authorities broke up a $300M high-yield crypto scam, while in the Ivory Coast, they shut down a German-based inheritance scam. A huge win for global law enforcement.
🇨🇳 Chinese National Jailed in Ohio Sabotage Case
David Liu, a former Eaton Corp employee, was sentenced to four years in prison for intentionally sabotaging company systems in retaliation for reduced access after restructuring. He deployed malicious code in 2018–19 that crashed networks and caused hundreds of thousands in damages. The DOJ said his case is a stark reminder of insider risk tied to disgruntled employees.
📈 Netskope Files for IPO
Cloud security company Netskope filed to go public on NASDAQ under the ticker NTSK. Despite record sales ($707M first-half 2025, up 33%), the company posted a net loss of $170M. Lead underwriters include JPMorgan and Morgan Stanley. This IPO continues the wave of cybersecurity firms going public, signaling investor appetite despite profitability challenges.
🧠 James Azar’s CISO Take
Today’s stories connect two core truths: cyber resilience is about supply chains and trust. Farmers Insurance wasn’t directly breached—it was a vendor. Data I/O is small, but its disruption will ripple across EV and consumer tech supply chains. Colt’s refusal to pay shows how cybercrime economics shift toward open auctions. And Murky Panda’s abuse of cloud trust proves that downstream risk is where adversaries are focusing. CISOs must view their security posture not in isolation, but in terms of interconnected vendor and partner risk.
The second big theme is policy and sovereignty battles. The FTC’s pushback on foreign censorship laws shows that cyber isn’t just technical anymore—it’s legal, political, and cultural. SBOM adoption is moving toward enforcement, and Interpol’s Serengeti op shows how global cooperation can deliver real wins. Our role as security leaders is to track both sides of the game—the technical vulnerabilities and the policy environments shaping our ability to defend.
✅ Action Items
🔐 Patch Apple devices for CVE-2025-43300 immediately.
🛡 Review Salesforce/Snowflake vendor exposures; enforce MFA everywhere.
📡 Map cloud trust relationships; monitor CSP delegated admin rights.
📑 Participate in CISA’s SBOM draft consultation (deadline Oct. 3).
📲 Audit employee devices for spyware and ensure Android AV tools are vetted.
💾 Train staff on insider threat indicators; reinforce access monitoring.
🌍 Track downstream vendor disruptions—small suppliers can cause big outages.
🚨 If you’re in critical infrastructure, engage in sector-wide resilience initiatives.
Share this post