Good Morning Security Gang,
Today’s episode was packed but also personal. Before diving into the news, I took a moment to reflect on something bigger than cybersecurity, how history teaches us that dehumanization, not technology, is often the root cause of collapse.
Today in Israel is Yom HaShoah Holocaust Remembrance Day, a day where we remember the six million Jewish men, women, and children who were murdered, not for anything they did, but simply for being Jewish. Every year we ask the same question: how did the world let that happen? How did humanity reach a point where over ninety million people died in World War Two and that was acceptable?
The truth is it didn’t start with the war. The war was just the ending. It started with something much quieter: dehumanization. It started when people stopped seeing others as humans, when language changed, when division became acceptable, when disagreements turned into hatred rather than simple disagreements.
If we’re being honest, we’re seeing pieces of that again today in our society. We see it in how quickly people label each other based on an opinion—right versus left, us versus them. We see it in rising anti-Semitism. We see it in global conflicts. We see it in how easily people justify excluding others from dignity on each and every single side.
History did not collapse overnight in 1938. It eroded slowly until people stopped questioning what was happening and just accepted it. Once that line is crossed, everything else becomes possible.
This show isn’t about politics—it’s not. This isn’t about ideology. It’s about a simple truth: if we allow ourselves to dehumanize people we disagree with, we’re walking down a path we’ve already seen before. History has shown us exactly where that path leads.
Today is not just about remembering the six million. It’s about remembering the warnings. I pray we recognize it in time. I pray we choose to see each other as humans first, even in our fiercest disagreements. I pray we don’t repeat the mistakes of our past.
Because whether it’s society or cybersecurity, it always starts with people.
Now, bringing it back to why you’re here, today’s stories reinforce one thing: attackers are no longer forcing their way in. They’re leveraging trust, identity, and platforms we rely on every single day.
Coffee cup cheers, let’s get into it.
Booking.com Breach: Identity and Access, Not Infrastructure
We start with Booking.com confirming a breach impacting user data, likely tied to compromised internal systems or third-party access rather than a direct infrastructure hack.
And that right there is the shift.
Attackers aren’t breaking systems—they’re accessing them through people, credentials, and support workflows.
This aligns with a broader trend across hospitality and travel platforms where attackers target high-volume identity ecosystems. If you can access the people managing the system, you don’t need to break the system itself.
The real risk here isn’t just data exposure—it’s downstream fraud. Travel data is incredibly valuable for social engineering, impersonation, and financial scams.
For users, this is a wake-up call: passwords alone are dead. MFA isn’t optional anymore.
Rockstar Breach: Cloud is the New Battleground
Next, we looked at Rockstar Games, where the ShinyHunters group claims access to data stored in a Snowflake environment via a third-party analytics platform.
This is a textbook cloud attack.
Compromise credentials → access cloud environment → operate as a legitimate user.
No alarms. No noise. Just quiet data access. This is what modern attacks look like credential-driven, API-based, and fast.
And the risk here is massive: once attackers are inside your cloud environment, they don’t need to escalate, they already have what they need.
Iranian Cyber Threats Target U.S. Infrastructure
We’re continuing to see warnings from CISA and NERC around Iranian-linked cyber activity targeting U.S. critical infrastructure, especially energy systems.
And here’s the key insight, this isn’t about immediate destruction.
This is about positioning.
Reconnaissance. Footholds. Preparation.
Nearly 4,000 exposed industrial devices from prior reporting fit directly into this narrative. Attackers are mapping the terrain now for potential future disruption. If your OT environment is exposed, you’re not a target, you’re an opportunity.
OpenAI Caught in Axios Supply Chain Attack
OpenAI showed up again, this time as part of the Axios npm supply chain compromise. This confirms something we’ve been talking about repeatedly: supply chain attacks don’t stop at developers.
They propagate.
From open source → to enterprise apps → to AI platforms → to production systems.
Once trust is compromised at the package level, everything downstream inherits that risk. This is why software supply chain security is no longer optional—it’s foundational.
NGINX and Grafana Vulnerabilities: Quiet but Dangerous
On the vulnerability front, NGINX updates addressed multiple issues in one of the most widely deployed web servers globally. These aren’t flashy zero-days but that’s what makes them dangerous.
Widespread infrastructure means even moderate vulnerabilities can have internet-scale impact.
Meanwhile, Grafana introduced a different kind of risk a zero-click AI-related vulnerability capable of leaking sensitive data without user interaction. No phishing. No execution. Just system interaction.
This is the next wave of risk—logic flaws in AI-driven features.
GitHub and Jira Abuse: Trusted Channels Turned Attack Vectors
Attackers are now abusing GitHub and Jira notification systems to deliver malicious links.
Why?
Because these are trusted platforms.
Notifications are expected. Users don’t question them. This is classic attacker behavior move into workflows where defenses are weakest. The risk here is silent delivery of phishing and malware through channels security teams often overlook.
CPU-Z Trojanized Downloads: Supply Chain Strikes Again
Attackers compromised the CPUID website to distribute trojanized versions of CPU-Z and HWMonitor. This is supply chain compromise at the distribution level.
Even trusted tools become weapons when the delivery channel is compromised. And most users won’t verify signatures—they’ll just download and install.
That’s the problem.
North Korea’s APT37 Social Engineering Campaign
APT37 is back, using Facebook-based social engineering to target victims with fake personas and relationship-building tactics. This is not smash-and-grab hacking.
This is patience. Persistence. Psychology. The attackers are building trust before deploying payloads.
This is where cybersecurity meets human behavior and where most defenses still fall short.
FBI Disrupts Russian Router Campaign
Finally, some good news—the FBI disrupted a Russian-linked campaign targeting routers and DNS infrastructure.
This type of attack is particularly dangerous because controlling the network layer gives attackers visibility and persistence. And here’s a practical takeaway sometimes the fix is simple.
Restart your router. You’d be surprised how often that breaks attacker persistence.
Action Items for Security Leaders
Enforce MFA across all user-facing platforms, especially high-volume services
Monitor cloud environments for anomalous API behavior and credential misuse
Eliminate internet exposure of OT and critical infrastructure systems
Implement software composition analysis for supply chain visibility
Patch foundational infrastructure like NGINX as a standard operational practice
Restrict sensitive data exposure in AI-driven features and validate outputs
Inspect links and payloads from collaboration tools like GitHub and Jira
Verify software integrity using cryptographic signatures before installation
Train employees on social engineering risks across social media platforms
Regularly reset and update network infrastructure, including routers
James Azar’s CISOs Take
What stood out to me today is how consistently attackers are targeting trust as their primary entry point. Whether it’s Booking.com, Rockstar, or supply chain compromises, the pattern is the same identity and access are the new perimeter. If you’re still thinking about security in terms of firewalls and endpoints alone, you’re missing where the real battle is happening.
The second takeaway is that cybersecurity is no longer just technical, it’s human. Social engineering, workflow abuse, and trust exploitation are now at the center of most attacks. That means our defenses need to evolve beyond tools and into behavior, awareness, and continuous validation. Trust can no longer be assumed, it has to be earned, monitored, and verified every single time.
Stay Cyber Safe.
