Good Morning Security Gang
I’m still on the road — running late, low on espresso, and running on caffeine fumes, but we’ve got a packed show this morning.
Today we’re talking about the Synnovis NHS data breach fallout, Google’s lawsuit against Chinese phishing operations, and new U.K. cyber laws that could change compliance forever. Plus, we’ve got an avalanche of Patch Tuesday updates and a shake-up coming for U.S. Cyber Command.
So grab that coffee, even if it’s drip, and let’s power through the biggest stories shaping cybersecurity today — coffee cup cheers, y’all!
Synnovis Confirms NHS Data Breach Following 2024 Ransomware Attack
The Synnovis pathology group, part of the U.K.’s NHS network, confirmed that its 2024 ransomware attack — launched by the Kalin ransomware gang — included NHS numbers, patient names, birth dates, and some lab test results.
This incident led to the cancellation of over 800 surgeries and 700 outpatient appointments across London hospitals, making it one of the most disruptive healthcare cyber events in British history. Synnovis says NHS organizations, not patients directly, are being notified, with completion expected by November 21st.
This breach highlights the long-tail consequences of ransomware in healthcare — from patient safety risks to targeted phishing against both patients and clinicians. For CISOs in healthcare, this is a call to:
Audit third-party suppliers and their cyber hygiene.
Deploy immutable offline backups.
Build resilience testing into incident response plans.
As I said on the show, these breaches aren’t just about downtime — they’re about life safety.
China Accuses the U.S. of Bitcoin Theft Amid Growing Propaganda Push
In an ironic twist straight from the propaganda playbook, Chinese state media is accusing the U.S. of hacking $13 billion in Bitcoin from a mining pool. The claim — unsupported and highly dubious — is part of a coordinated information operation campaign to paint China as the victim of Western aggression.
This narrative comes amid deepening economic woes and trade tensions between China and the U.S. following new tariffs under the Trump administration. Beijing’s goal? Rally domestic support by reframing cyber warfare as “defensive justice.”
As I put it bluntly on the podcast: this is textbook authoritarian disinformation — an “us vs. them” tactic to shift blame internally while continuing cyber aggression abroad.
U.S. Launches Strike Force Against Southeast Asian Scam Compounds
The U.S. has announced a new Strike Force initiative to dismantle Southeast Asian scam compounds, the same networks behind global pig-butchering and investment fraud schemes.
Treasury sanctions now target the operators and facilitators of these criminal enterprises, many of whom operate out of Myanmar and Cambodia. These scams have trafficked thousands of workers, forcing them to conduct online fraud campaigns across China, Thailand, and the Philippines.
The move will disrupt operations temporarily, but expect rebranding and relocation efforts from these criminal groups. The crackdown represents an important first step in recognizing cyber-enabled human trafficking as both a law enforcement and national security issue.
Google Sues Chinese Phishing Network Behind U.S. Toll Scam
Google is suing a China-based phishing operation that has defrauded thousands of Americans through fake U.S. toll payment SMS campaigns. The lawsuit targets both the infrastructure and the domains used in the scams, with court orders expected to authorize domain seizures.
These SMS scams impersonate toll authorities and prompt users to click malicious links leading to credential theft. Google’s action supports a broader “Scam Act” strategy backed by the U.S. government to combat cross-border fraud and scam compounds.
As I said on the show, this is a “whack-a-mole fight” — Google will take it down, and within days, it’ll resurface elsewhere. But each takedown makes the global phishing ecosystem more expensive and less profitable.
U.K. Passes Sweeping Cyber Legislation Expanding Critical Infrastructure Oversight
The U.K. Parliament has introduced new cyber regulations expanding the definition of critical infrastructure to include managed service providers (MSPs) and MSSPs.
The law sets mandatory cybersecurity standards, rapid reporting rules, and turnover-based penalties for noncompliance — effectively mirroring and extending the EU’s NIS2 directive.
While it’s being sold as a move to “strengthen national resilience,” many in the industry see it as another cost driver disguised as compliance. The legislation means:
More audits.
More reporting.
More cost — all of which will be passed to the customer.
As I put it, “In the U.K., they never met a fine they didn’t like.”
OpenAI Faces Court Order in NYT Copyright Battle
OpenAI has received a court preservation order tied to the New York Times copyright lawsuit, requiring the company to retain all ChatGPT output log data — even data users have requested deleted.
This raises significant privacy implications, as OpenAI must now store potentially sensitive interactions indefinitely, overriding user deletion rights under GDPR-like frameworks.
This case could redefine how AI-generated data is classified — as user data, model data, or something in between — and will likely ripple through the entire AI ecosystem.
Citrix Netscaler ADC and Gateway XSS Vulnerability Actively Exploited
A new cross-site scripting (XSS) vulnerability has been patched in Citrix Netscaler ADC and Gateway products. The flaw allows session hijacking on gateway servers, with attackers exploiting the bug via AAA virtual servers.
Admins must update to v14.1-56.73 or v13.1-60.32, as end-of-life branches remain vulnerable. Citrix confirms active exploitation, with Amazon researchers identifying custom web shells that inject into Tomcat threads and use DES-encrypted traffic to evade detection.
If you’re running Citrix — patch now or take systems offline.
Intel, AMD, NVIDIA, and Zoom Release Coordinated Security Updates
Intel, AMD, and NVIDIA joined the Patch Tuesday chaos with a combined 60 new vulnerabilities, spanning firmware, drivers, and AI platform software. Many flaws are privilege escalation and code execution risks that could enable persistent kernel-level access.
Zoom also patched multiple bugs in SSO, SCIM, and client-side components, while Ivanti continues its patch sprint for endpoint manager deserialization flaws.
If you’re managing enterprise fleets, now’s the time to:
Run SBOM scans for unpatched components.
Prioritize driver and firmware updates.
Coordinate with hardware OEMs to prevent bricking during patch rollout.
Siemens, Rockwell, and Schneider Issue OT Security Advisories
On the industrial front, Siemens, Schneider Electric, Rockwell Automation, and AVEVA issued new advisories across multiple products.
Siemens: Six advisories, including critical code execution flaws in COMOS engineering software.
Rockwell: Five new advisories affecting the Verve Asset Manager OT platform, allowing unauthorized account manipulation via API.
Schneider: Vulnerabilities in EcoStruxure Machine SCADA and Pro-Face Blue Open Studio enabling privilege escalation.
AVEVA: Cross-site scripting bug affecting HMI products used in manufacturing environments.
If your organization touches OT or ICS, patch immediately and restrict internet access to control systems.
Army Officer Emerges as Contender to Lead U.S. Cyber Command and NSA
A surprising candidate has emerged in the search for the next head of U.S. Cyber Command and the NSA — Lt. Gen. Joshua Reed, currently the No. 2 at Indo-Pacific Command.
While Reed lacks digital warfare experience, his regional expertise aligns with the U.S. strategic focus on China and Indo-Pacific cyber threats. If appointed, he’d bring a military-geopolitical perspective to the cyber command structure — a move signaling a harder, Asia-focused cyber posture.
Action List
🧬 Audit healthcare vendors and strengthen third-party breach response plans.
🧱 Patch Citrix ADC/Gateway immediately.
💾 Back up OT systems offline and isolate network segments.
📜 Prepare for new U.K. MSP compliance requirements.
⚙️ Update Intel, AMD, NVIDIA, and Zoom products enterprise-wide.
🧑⚖️ Monitor OpenAI–NYT case for data retention precedents.
🚨 Hunt for DES-encrypted Citrix traffic and potential web shells.
🔒 Enable immutable backups for critical workloads.
James Azar’s CISO’s Take
Today’s stories show just how interconnected cyber risk has become — healthcare, cloud, AI, and geopolitics are now colliding in the same threat landscape. From Synnovis’s ransomware fallout to Citrix’s active exploit chain, it’s clear that third-party exposure remains the Achilles’ heel of most organizations. The problem isn’t technology — it’s trust without verification.
My biggest takeaway? Regulation and litigation are rising faster than resilience. Whether it’s the U.K.’s compliance expansion or the OpenAI court order, policy is sprinting ahead while patching lags behind. As CISOs, our job is to close that gap — through proactive monitoring, faster remediation, and smarter vendor governance.
So, Security Gang, patch fast, plan ahead, and don’t let compliance fatigue dull your focus. Until tomorrow — stay caffeinated, stay sharp, and as always, stay cyber safe.
