Daily Briefing for 09.19.25

Attacks, Threats, and Vulnerabilities

New York Blood Center Alerts 194,000 People to Data Breach (Infosecurity Magazine) A breach at the New York Blood Center resulted in theft of data for 194,000 people, including SSNs, IDs, bank and health information

How weak passwords and other failings led to catastrophic breach of Ascension (Ars Technica) A deep-dive into Active Directory and how “Kerberoasting” breaks it wide open.

Trends

2025 SonicWall Threat Brief - The Misconfiguration Epidemic (SonicWall) Misconfiguration and authentication bypass attacks have become the bread and butter of successful cybercriminals this year. These aren’t cutting-edge techniques requiring elite hacking skills. Learn how basic misconfigurations are fueling today’s biggest breaches.

Legislation, Policy, and Regulation

DOD official: We need to drop the cybersecurity talent hiring window to 25 days (CyberScoop) The Department of Defense is seeking to address persistent shortages in its cyber workforce by reducing the time to fill vacant cybersecurity jobs to 25 days.

Senate confirms Sutton as Pentagon cyber policy chief (The Record) Katherine Sutton most recently served as the chief technology adviser to the commander and director of Pentagon operations at U.S. Cyber Command.

MI6 upgrades dark web portal to recruit new spies (The Register) YouTube vids explain digital tradecraft to reach spooks over Tor or VPN without blowing your cover

Litigation, Investigation, and Law Enforcement

Contractor Used Classified CIA Systems as ‘His Own Personal Google’ (404 Media) Dale Britt Bendler “​​earned approximately $360,000 in private client fees while also working as a full-time CIA contractor with daily access to highly classified material that he searched like it was his own personal Google,” according to a court record.

For a complete running list of events, please visit the Event Tracker.

Events

Open Source Security Summit 2025 (Virtual, Sep 25, 2025) The sixth annual Open Source Security Summit brings together business leaders, industry visionaries, and technology users to chart a path forward and highlight the future of open source security solutions at this free virtual event. Register now to explore advancements in open source security and how using open source tools can build trust with customers and consumers.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

Uniting Women in Cyber 2025 (Crystal City, Virginia, USA, Oct 9, 2025) UWIC is the premier event for cybersecurity leaders, professionals, and aspiring practitioners. Connect with a vibrant community focused on emerging global trends, technological advancements, and workforce development. Attend UWIC 2025 to learn, share ideas, and expand your professional network!

ISC2 Security Congress 2025 (Nashville + Virtual, Tennessee, USA, Oct 29 - 31, 2025) Join thousands of cybersecurity experts at ISC2 Security Congress 2025 and help lead the future of our connected world. Gain the insights you need to stay ahead of the evolving digital landscape. From innovative software to new security strategies, ISC2 Security Congress 2025 is designed to ensure you can navigate tomorrow’s threats.