This week we cover five stories that all point at the same uncomfortable truth - the systems we trust to keep us safe are failing quietly, and the bill is coming due.

A US military contractor built government-grade iPhone spyware. An insider sold it to Russia. Criminals are now using it on everyday people. We break down what Coruna is, how it got out, and what your institution should be doing about it today.

Then the bombshell ProPublica investigation into Microsoft's GCC High - the cloud product handling some of America's most sensitive national security data, that the government's own reviewers called "a pile of shit" and approved anyway. What it means for every bank running Microsoft 365, and why DORA's third-party risk requirements exist for exactly this reason.

Medical device giant Stryker was brought to its knees across 79 countries - not by ransomware, but by a single compromised admin account in Microsoft Intune. Surgeries delayed. 5,500 employees sent home. The one configuration change that would have stopped it cold.

A Chinese company posed as a cybersecurity firm while systematically robbing crypto wallet users of $7 million. What it means for your digital asset supply chain risk.

And Meta's AI agent posted sensitive data to an internal forum without permission - triggering a Sev 1 incident. The same month, Meta's own Director of AI Safety had her inbox wiped by an agent she was overseeing. The model risk management questions every CRO should be asking before their next AI deployment.

In this episode I break down four major stories that reveal where the biggest risks are heading - from AI automation to cloud data breaches and mobile banking threats.

An AI agent is spreading so fast that regulators are stepping in, a well-known hacker group is threatening companies using stolen Salesforce data, an alleged insider incident raises concerns around Social Security records, and a banking trojan is draining money from users in real time.

While these stories may seem unrelated, they all point to the same underlying issue: access.

As systems become more connected and automated, controlling who - or what - has access is becoming one of the most critical challenges in cybersecurity today.

In this episode, we cover seven stories that sit at the intersection of geopolitics, technology, and financial risk. From Iranian state-linked hackers confirmed inside U.S. banking networks, to regulators forcing a reckoning on cloud concentration, to AI systems taking over operational decision-making without adequate governance, the risks are converging faster than most institutions are moving.

Seven stories. One through line. The threat surface is wider, faster, and more complex than most risk registers reflect.

• Hackers are inside banking networks right now - Symantec confirms active Seedworm intrusions at a U.S. bank, airport, and defense supply chain since February
• Your threat detection response window is now 30 minutes - AI has cut lateral movement time from 100 minutes in 2021 to 30 today
• Three cloud providers control 85% of European financial infrastructure - DORA is forcing banks to build multi-cloud resilience now
• Agentic AI is flipping the operating model - the machine becomes the operator, the human supervises, and governance hasn't caught up
• A government iPhone exploit kit has leaked into criminal hands - 23 vulnerabilities, five exploit chains, already used by Russian and Chinese threat actors

This week, Anthropic refused the Pentagon's demand to deploy Claude without safeguards on surveillance. The government's response? A supply chain risk designation.

When Anthropic refused the Pentagon's demand to deploy Claude AI without safeguards on surveillance and autonomous weapons, the government responded with economic coercion, designating the company as a "supply chain risk" and banning it from all DoD contracts.

Meanwhile, the State Department is pressuring countries worldwide to eliminate data sovereignty laws, even as the U.S. deploys AI systems ingesting classified military and intelligence data.

The Resilience 2025 Cyber Risk Report reveals that ransomware has fundamentally shifted from encryption-based disruption to data-theft-based extortion- with phishing jumping from 21% to 50% of losses in a single year.

Nation-states are running industrial-scale espionage campaigns like GridTide, targeting telecom infrastructure across 42 countries.

And vulnerabilities in AI development tools are creating new supply chain attack vectors.

If you work in financial services, tech, or any regulated industry, this 30-minute episode changes how you think about cyber risk.

#Cybersecurity #RiskManagement #AI #DataSovereignty #Resilience

Happy New Year! This is our first episode of 2025, and I want to start by wishing all my listeners a happy, healthy, and successful year ahead.

In this week’s episode - Week 2 of 2025 - we’ll dive into the most critical updates in the world of cybersecurity and geopolitics. Here’s a sneak peek at what’s coming up:

• Volt and Salt Typhoon: Chinese state-sponsored hackers targeting critical U.S. infrastructure.
• Gravy Analytics Breach: Hackers threaten to expose sensitive location data and personal movements.
• AI Spear Phishing Study: A chilling revelation—AI now matches human experts in creating deceptive phishing campaigns.
• UK Ministry of Defence: Stronger cybersecurity demands for its supply chain in response to escalating threats.
• Geopolitical Cyber Warfare: A cyber clash between the Philippines and China over territorial disputes.

From state-sponsored hackers embedding themselves in U.S. networks to the alarming rise of AI-driven cyber threats, this episode has it all. Let’s dive in, starting with the evolving cyber warfare landscape involving Volt and Salt Typhoon.

Welcome to Risk and Resilience and you're tuned into the weekly update where I bring you the latest and most crucial developments in cybersecurity and technology.

This week I will be covering

• Interbank Data Breach: Extortion Attempt and Customer Data Leak

• CrowdStrike Outage: Impact, Response, and Lessons for Operational Resilience

• Delta Air Lines Seeks Damages from CrowdStrike and Microsoft After Costly Outage

• Ledger Fined €750,000 by French Data Protection Authority for Data Breaches

• Russian "Doppelganger" Campaign Exploits Domain Registrars to Spread Disinformation

• RedLine and Meta: Disruption of Two Major Infostealer Operations

• Senator Warner Calls for Action from Domain Registrars to Combat Foreign Influence Campaign

If you liked this week's update, then do share this with your friends and colleagues.

Welcome to Risk and Resilience and you're tuned into the weekly update where I bring you the latest and most crucial developments in cybersecurity and technology.

This week I will be covering

• Internet Archive Suffers Major Security Breach, Affecting 31 Million Accounts
• Google Launches Global Signal Exchange to Combat Online Scams and Fraud
• Critical Security Flaws Discovered in Fortinet Products, CISA Issues Warning
• Palo Alto Networks Discloses Multiple Vulnerabilities in Expedition Software
• Cisco Patches Critical Command Execution Flaw in Nexus Dashboard Fabric Controller
• Microsoft's October Patch Tuesday Addresses 118 Vulnerabilities, Including Five Zero-Days
• UK Financial Sector Conducts SIMEX 24 Simulation Exercise to Test Resilience
• MoneyGram Confirms Cyberattack, Customer Data Compromised
• MITRE Launches AI Incident Sharing Initiative to Enhance AI System Security
• UK Government Announces Upcoming Cyber Security and Resilience Bill to Strengthen National Defenses

If you liked this week's update then do share this with your friends and colleagues.

Welcome to Risk and Resilience and you're tuned into the weekly update where I bring you the latest and most crucial developments in cybersecurity and technology. This week I will be covering

• China-linked threat actors compromised some U.S. internet service providers

• Kaspersky deleted its anti-malware software from customers' computers across the United States

• Google says several major US companies have unknowingly hired North Korean IT workers.

• US to ban connected vehicle tech from China, Russia due to national security risks.

• DOJ, FBI need better metrics for tracking ransomware disruption efforts, audit finds

• NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines

• In a recent survey, it found that ore than a third of employees share sensitive work information with AI tools without their employer’s permission.

If you liked this weeks update then do share this with your friends and colleagues.