The threat surface keeps expanding… from the inside out.
Today, silent access turns into mass disruption, trusted systems become attack vectors, and automation blurs the line between innovation and abuse.
Read past newsletters here.
Here’s what you need to know:
2.7 Million Impacted in Navia Data Breach
A benefits provider revealed attackers accessed its systems for weeks, exposing sensitive data of millions of users.
Exposed data includes SSNs, birth dates, and benefits details — valuable for identity theft and targeted attacks.
The company has begun notifying those impacted and no threat actor group has claimed responsibility at the time of publication.
Prioritize detection engineering, specifically alerting on abnormal access to benefits and HR systems, enforce stricter data retention policies, and use DLP solutions.
FBI Seizes Handala Sites After Stryker Attack
Federal authorities seized infrastructure used by the Handala group after a cyberattack wiped roughly 80,000 devices at Stryker.
The group, tied to Iranian state interests, used privileged access to trigger mass device wipes via Microsoft Intune — highlighting how identity compromise can drive large-scale disruption.
While the seizure shows growing law enforcement focus, the group plans to rebuild, and organizations using centralized device management remain at risk without strong admin controls.
Enforce strict conditional access and privileged identity management (PIM) for domain and Intune admins, use privileged access management tools, and audit for unauthorized Global Admin accounts regularly.
Global Takedown Disrupts Massive IoT Botnets
Authorities in the U.S., Germany, and Canada dismantled infrastructure behind multiple botnets used in large-scale cyberattacks.
The takedown targeted Aisuru, Kimwolf, JackSkid, and Mossad — botnets that hijacked millions of IoT devices to launch large-scale DDoS attacks.
Operating as cybercrime-as-a-service, they exploited poorly secured…
