- The Infosec Monitor
- Posts
- Cyber insurers look to restrict breach payouts, Chinese APT exploits cloud trust, and AI fuels 70% ransomware surge.
Cyber insurers look to restrict breach payouts, Chinese APT exploits cloud trust, and AI fuels 70% ransomware surge.
Infosec Monitor: No. 56
Bryan Smith
August 29, 2025
No. 56, August 29, 2025
Welcome to the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.
In this week's edition of the Infosec Monitor — Cyber insurers look to restrict breach payouts, Chinese APT exploits cloud trust, and AI fuels 70% ransomware surge.
Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.
Highlight of the Week
Payouts limits would be for breaches caused by unpatched vulnerabilities, using CVE exclusions tied to how long flaws remain unfixed. This trend, driven by rising claims and risk, could penalize companies struggling to patch quickly.
News
Senator Wyden is accusing the courts of negligence and incompetence. He warns ongoing vulnerabilities threaten national security and criticizes the judiciary for resisting oversight and failing to adopt strong cyber protections.
Major scams, illegal crypto-mining, and human trafficking rings were disrupted. The crackdown highlights growing international cooperation and Africa’s urgent need for stronger cybersecurity.
Calling such compliance potential “censorship” of Americans. The agency says following foreign rules may violate US law and urged companies to prioritize American privacy and free speech protections.
Urban was sentenced to 10 years in prison and ordered to pay $13M restitution for SIM swapping and phishing attacks that stole millions in crypto.
The attack disrupted thousands of users worldwide and caused major losses. He faces three years’ supervised release; his lawyer plans to appeal.
AI & Security
AI is automating routine tasks, boosting productivity, and shifting team roles. As adversaries use AI for attacks, the future of cybersecurity will be AI versus AI, with humans providing oversight.
The issue is fixed, but experts warn AI chatbots need rigorous security testing and controls like any web app to prevent prompt-injection and data breaches.
This lets attackers steal user data via AI models like Google Gemini. The attack works across multiple platforms. Experts urge stricter image handling, user confirmations, and robust AI defenses to prevent prompt injection.
Cybersecurity Incidents
DaVita, a major dialysis provider, confirmed a ransomware attack exposed sensitive data of up to 2.7 million people. The Interlock gang claimed responsibility, leaking 1.5TB of data. Stolen info includes health and personal details.
The data includes unredacted Social Security numbers of over 4.4 million US consumers via a compromised Salesforce account. No credit reports were leaked. The attack is linked to broader Salesforce breaches. TransUnion is offering two years of free credit monitoring to affected individuals.
UK telecom giant Colt was hit by a ransomware attack on August 12, 2025, forcing key support systems offline. Hackers accessed and are selling sensitive customer data, exploiting a Microsoft SharePoint flaw. The incident highlights telecoms’ vulnerability and the critical need for rapid patching of internet-facing systems.
Electronics maker Data I/O suffered a ransomware attack on August 16, disrupting manufacturing, shipping, and communications. Major clients include Tesla, Apple, and Microsoft. The company took systems offline and is investigating with cybersecurity experts. Recovery timeline is unclear; financial impact is expected to be significant. Data theft is possible.
Attackers use real names, request remote control access, and deploy malware to steal data and crypto wallets. The campaign exploits Zoom’s remote control feature, making it a stealthier, more direct threat than typical phishing attacks.
The breach exposed sensitive data of 1.07M customers, including names, birth dates, and partial Social Security numbers. Victims get two years of identity theft protection. The incident highlights ongoing cyber risks in the insurance sector, following similar attacks on major insurers.
French retailer Auchan suffered a data breach exposing loyalty account details, including names, contact info, and card numbers of several hundred thousand customers. No banking data or passwords were leaked. Customers are warned to watch for phishing. Auchan notified authorities; no link to recent similar breaches is confirmed.
The event halted new ride bookings for disabled riders but did not affect core transit lines. Previously scheduled trips remain on. State agencies and cybersecurity experts are responding. The incident highlights ongoing cyber risks to disability services nationwide. No group has claimed responsibility.
Starting Sunday Nevada shut all state offices after a cyberattack disrupted government websites and phone lines. Emergency services remain unaffected. No evidence of stolen personal data, but residents are warned about scams. Restoration is ongoing with state, local, and federal help; the cause and full impact are still under investigation.
The attack stole 4TB of sensitive vehicle design data. Qilin threatened to leak the data, risking competitive exposure. Only Nissan’s data was affected. The attack exploited vulnerabilities in Kickidler and Fortinet products.
The breach occurred in late 2024. Exposed data may include Social Security numbers and financial info. No misuse reported yet; no ransomware group has claimed responsibility.
Scammers lured victims with fake job offers. Netcraft found the operation uses automated templates and hundreds of domains, making detection hard. The scam is ongoing and targets people seeking online income.
Threat Intel
Murky Panda (Silk Typhoon) is exploiting cloud service provider trust to breach North American government, tech, and legal sectors. Using zero-day vulnerabilities and cloud admin privileges, they access downstream customer data. Attacks are surging, hard to detect, and highlight major risks for organizations relying on cloud environments.
Tricking users into running malicious Terminal commands (ClickFix). Shamos steals credentials, crypto wallets, and persists on devices. Over 300 attacks since June 2025 highlight rising social engineering threats bypassing macOS security.
This attack bypasses security and MFA. Darktrace reports a surge since March 2025, with attackers using subtle email rules and clean IPs to evade detection. Experts urge advanced behavioral monitoring to counter these stealthy threats.
Gaining access via third-party SaaS providers. The group uses zero-day vulnerabilities and stealthy malware to steal intelligence. Experts warn cloud trust models create systemic risk, making organizations vulnerable to cascading attacks.
Vendors are preparing updates; admins should monitor advisories and act quickly to safeguard infrastructure.
The issue, caused by users failing to secure dashboards, has worsened since 2022. Experts urge TeslaMate users to enable authentication to prevent public access and protect their privacy.
Authorities are investigating, and a ransom was demanded.
Interesting Reads
The move aims to protect global security but risks fragmenting threat intelligence sharing, raising concerns for multinationals in China and highlighting tensions between transparency and cybersecurity trust.
Including contextual info and encrypted messages, according to new research. Despite Apple’s privacy claims, data like music preferences and WhatsApp contacts are sent to Apple servers. Experts urge users and enterprises to monitor data sharing and review privacy settings.
Data & Research
Over 3 million Fortune 500 employee accounts compromised, exposing credentials for 1 in 10 employees
Each breached account averaged 5.7 exposures, increasing risks of account takeover, phishing, fraud, and ransomware for major companies.
Driven by faster detection via AI and automation. Healthcare breaches remain costliest at $7.42M. US breach costs rose to $10.22M. Skills shortages and AI misuse continue to amplify risks and expenses.
Cl0p led a 300% spike exploiting software flaws. AI-driven cybercrime lowers barriers for attackers, making sophisticated threats a persistent risk for businesses and MSPs worldwide.
With only 13% of organizations equipped to counter advanced AI-driven threats. Burnout and lack of specialized skills worsen the gap. Experts urge upskilling, culture change, and AI adoption to address risks and reduce workforce strain.
Cybersecurity Mergers, Acquisitions, and Funding
Cloud security firm Netskope filed for an IPO after reporting rising revenues ($328.5M) and narrowing losses ($169.5M) in early 2025. axios.com
Okta will acquire Axiom Security for $100M to boost its privileged access management tools, following a strong Q2 with revenue up 13% to $728M and earnings beating expectations. siliconangle.com
Get the Infosec Monitor in your inbox Same great news in your inbox every Friday morning.