CISOs Anticipate Surge in Cyber Attacks Next Three Years

An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security.

The report, “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,” names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years. more

Flash: Councillors Put Phones in Kitchen Amid Bugging Claims

UK - Members of a troubled town council have been told to put their phones in the kitchen during meetings because they suspect one of them is bugging their conversations.

The protocol has been introduced at Attleborough Town Council following suspicions that one of the councillors has been secretly recording discussions and leaking details...

The new protocol about phones being left in the kitchen next to the council chamber relates to ‘under the line’ parts of the meetings, where the public can be excluded and confidential matters discussed...

The rule has been introduced by council clerk Sharon Smyth, who claims “confidential information” was leaked following a meeting in April. more

Heineken and Shell Linked to Massive Espionage Scandal in Italy

Dutch beer brewer Heineken and Anglo-Dutch fossil energy company Shell have been linked to a major espionage scandal ongoing in Italy. The Italian company Equalize is accused of stealing and selling tax data and police information on Italian politicians and businessmen, among others, to its customers. Heineken and Shell were among those customers, NRC reports.

On paper, Equalize provides services like business intelligence and reputation management. It conducts research into the reliability of suppliers, the position of competitors, or misconduct by customers’ staff. Under the counter, Equalize also sold confidential data gained from hacking into police systems, the Italian tax authorities’ systems, and the reporting center for suspicious bank transactions, according to the Italian authorities. The company also had informants within Italian government organizations. more

Protecting Electronic Devices When Crossing U.S. Borders

Some general tips:

• Consider leaving your device behind.
• Password-protect your electronic devices with strong passwords
• Back up data before traveling. 
• Remove sensitive data from a device before traveling.
• Remember that “deleted” files can be searched. 
• Log out of cloud accounts 
• Know your rights and legal status. 
• Keep emergency contact information (including for an attorney) on paper to make this information available if a device is seized. 
• If your device is seized, request a receipt (CBP Form 6051D) 
• After a search, be sure to change your passwords.

Bearing in mind this information can mitigate – but not eliminate – privacy risks that travelers face when crossing the border. more

Summer Reading: Philby’s Granddaughter Exposes Espionage’s Best-Kept Secret: Women

The Secret Lives of Women Spies by Charlotte Philby (Author)

Philby’s new book, The Secret Lives of Women Spies, uncovers the hidden stories of female operatives, from Civil War spy Harriet Tubman to Resistance hero Josephine Baker and Soviet spymaster Agent Sonya.

Journalist and author Charlotte Philby writes in The Independent, the representation of women in espionage remains long overdue.

Philby—granddaughter of infamous double agent Kim Philby—offers a personal and poignant look into this evolution. Recounting her travels to Moscow and reflections on her grandfather’s complicated legacy, she notes the glaring absence of women in spy narratives. “Where were all the women?” she asks, recalling the male-centric portrayals of Cold War espionage in books, plays, and films.

Publisher ‏ : ‎ Puffin
Publication date ‏ : ‎ 19 Jun. 2025
Language ‏ : ‎ English
Print length ‏ : ‎ 240 pages
ISBN-10 ‏ : ‎ 0241709431
ISBN-13 ‏ : ‎ 978-0241709436

Britain’s MI6 Spy Agency - First Female Chief

Britain’s real-life spies have finally caught up with James Bond. MI6 has appointed its first female chief.

Prime Minister Keir Starmer announced Sunday that Blaise Metreweli will be the next head of the U.K.’s foreign intelligence agency, and the first woman to hold the post since its founding in 1909. She is currently the MI6 director of technology and innovation — the real-world equivalent of Bond gadget-master Q.

A career intelligence officer, Metreweli, 47, steps from the shadows into the light as the only MI6 employee whose name is made public. She said “I am proud and honored to be asked to lead my Service.” more

Superyachts Are Getting Caught Up in Spy Scandals

Even the rich and powerful may not be safe from the world of international espionage, as recent reports have alleged that countries are using multimillion-dollar superyachts in spy operations. And at least one country, China, has reportedly been spying on the superyacht manufacturers themselves.

How are superyachts connected with spying?

Most notable is Russia, which is reportedly "using its unrivaled underwater warfare capabilities to map, hack and potentially sabotage critical British infrastructure," said The Sunday Times...

This is noteworthy given that many of these oligarchs' yachts have moon pools, which are openings in the bottom of a ship's hull that can be "used covertly to deploy and retrieve deep-sea reconnaissance and diving equipment," said the Times...

Beyond the yachts themselves, Chinese officials may be spying on superyacht manufacturers, in particular luxury shipbuilder Ferretti SpA, according to a Bloomberg report. more

Weird Spy Science: Watch Watches Computer

A new research paper proposes an unusual method of data exfiltration from air-gapped systems using smartwatches.

The concept, created by researchers from Ben-Gurion University, sounds like something out of a spy thriller, but the details reveal just how technically complex and narrowly feasible such an attack would be.

The method, dubbed “SmartAttack,” relies on exploiting the microphone of a compromised smartwatch to receive ultrasonic signals from an infected air-gapped computer.

These ultrasonic transmissions operate between 18 and 22 kHz, just above the range of human hearing, and can carry data such as keystrokes or biometric information at up to 50 bits per second over distances of at least six meters.

For any part of the attack to work, multiple difficult steps must already be accomplished. (Whew!) more

Bugging Devices Found at Italian Yacht Builder Ferretti

The Italian Ferretti Group was the setting for a spy-vs-spy scenario that reportedly included private detectives shadowing an executive of the Italian builder’s primary Chinese investor and recording devices hidden in several offices, according to Bloomberg. 

The discovery of this board-level surveillance has prompted two criminal cases, now in the hands of Italian prosecutors. In April 2024, Xu Xinyu, an executive director at Ferretti SpA, noticed two men in an SUV outside Ferretti’s headquarters in Milan... 

Xu also observed the pair following him while visiting hotels in the city, Bloomberg reported. He hired a counter-surveillance company, which reportedly found a listening device and signal amplifier hidden in his office. Other devices were found in the offices of Ferretti’s Chinese-Italian translator and board secretary.

...the Ferretti Group filed its own complaint... “Ferretti SpA considers itself an aggrieved party, having been wronged by the unlawful and improper installation of surveillance devices within its offices,” the statement said. more

Laptop Microphone Could Be Spying — Through Walls — Even When It’s Off

Your microphone is leaking conversations: 

• Digital microphones in laptops, phones, and smart speakers unintentionally broadcast electromagnetic signals that can be intercepted up to 2 meters away, even through walls.

• The attack is surprisingly accessible: Researchers achieved over 94% accuracy in speech recognition using simple equipment like copper tape antennas, making this vulnerability exploitable by anyone with basic technical knowledge.

• Your “off” microphone might still be listening: Testing revealed that microphones often activate automatically when playing audio or video content, and some remain active even when apps appear muted.  more

Spy Device Can Read Book Text from Nearly a Mile Away

Scientists say they've developed a ludicrously keen-eyed laser device that can read the text in a book from a whopping 0.85 miles away.

As detailed in a new paper published in the journal Physical Review Letters, the team used interferometry, a commonly used technique in the world of astronomy that uses superimposed waves of light to create interference patterns, to develop the spy system.... Put simply, researchers applied a technology that space observatories use to a ground-based laser system to zoom across vast distances — with promising and somewhat creepy results. more

OpenAI's New Threat Report is Full of Spies, Scammers, and Spammers

(via theneurondaily.com)
Ever wonder what spies and scammers are doing with ChatGPT?

It’s not just asking for five-paragraph essays, obviously. 

… Here’s the Top 5 Most Interesting Cases…  
OpenAI just dropped a wild new threat report detailing how threat actors from China, Russia, North Korea, and Iran are using its models for everything from cyberattacks to elaborate schemes, and it reads like a new season of Mr. Robot.

The big takeaway: AI is making bad actors more efficient, but it's also making them sloppier. By using ChatGPT, they’re leaving a massive evidence trail that gives OpenAI an unprecedented look inside their playbooks.

1. North Korean-linked actors faked remote job applications. They automated the creation of credible-looking résumés for IT jobs and even used ChatGPT to research how to bypass security in live video interviews using tools like peer-to-peer VPNs and live-feed injectors. 

2. A Chinese operation ran influence campaigns and wrote its own performance reviews. Dubbed “Sneer Review,” this group generated fake comments on TikTok and X to create the illusion of organic debate. The wildest part? They also used ChatGPT to draft their own internal performance reviews, detailing timelines and account maintenance tasks for the operation.

3. A Russian-speaking hacker built malware with a chatbot. In an operation called “ScopeCreep,” an actor used ChatGPT as a coding assistant to iteratively build and debug Windows malware, which was then hidden inside a popular gaming tool.

4. Another Chinese group fueled U.S. political division. “Uncle Spam” generated polarizing content supporting both sides of divisive topics like tariffs. They also used AI image generators to create logos for fake personas, like a “Veterans for Justice” group critical of the current US administration.

5. A Filipino PR firm spammed social media for politicians. “Operation High Five” used AI to generate thousands of pro-government comments on Facebook and TikTok, even creating the nickname “Princess Fiona” to mock a political opponent.

Why this matters: It’s a glimpse into the future of cyber threats and information warfare. AI lowers the barrier to entry, allowing less-skilled actors to create more sophisticated malware and propaganda. A lone wolf can now operate with the efficiency of a small team. This type of information will also likely be used to discredit or outright ban local open-source AI if we’re not careful to defend them (for their positive uses).

Now get this: The very tool these actors use to scale their operations is also their biggest vulnerability. This report shows that monitoring how models are used is one of the most powerful tools we have to fight back. Every prompt, every code snippet they ask for help with, and every error they try to debug is a breadcrumb. They're essentially telling on themselves, giving researchers a real-time feed of their tactics. For now, the spies using AI are also being spied on by AI.

Any Wall Can be Turned Into a Camera...

...to see around corners!

An ordinary camera could soon take photos of things that are out of sight, thanks to algorithms that interpret how light bounces off a wall.

“Normally, when light bounces off rough surfaces, like walls, it scrambles the scene into a messy blur,” says Wenwen Li at the University of Science and Technology of China, Hefei. “Our goal was to ‘unscramble’ that blur and recover the hidden scene. Think of it like turning a rough wall into a mirror.”

The method involves mapping the geometry and reflectance of the wall surface by taking many images under different lighting conditions, so the researchers could predict how each bump and groove would distort reflected light. Once they had created a digital model of the surface, the team devised equations to reconstruct a hidden image from the scrambled light pattern

Li and her colleagues have successfully demonstrated real-time imaging at 25 frames per second using an ordinary camera, like one found in a smartphone. more

Personnel Officer, "So, What Qualifies You for this National Security Position?"

After a recent grocery store clerk was appointed as an anti-terror chief, it can be revealed that a second young national security official was hired straight from the cash register—with disastrous results.

A U.S. intelligence worker charged with trying to leak state secrets to a foreign spy agency was hired as a 22-year-old with little professional experience outside the cash register at a local grocery store...

His professional experience prior to joining a U.S. national security agency was remarkably similar to that of Thomas Fugate, who has just been appointed to lead terror prevention at the Department of Homeland Security.

A cybersecurity graduate of Florida Polytechnic University, Nathan Vilas Laatsch is the second national security official in two days whom The Daily Beast has revealed to have virtually no professional experience other than working at a grocery store before being hired by a U.S national security agency at the age of 22.

Laatsch, now 28, a computer scientist with “top secret” clearance at the Defense Intelligence Agency (DIA) in Virginia, was hired under the last Trump administration. He was arrested last week, accused of attempting to pass sensitive information to Germany’s Federal Intelligence Service (BND). more

UFB (shakes head and walks away)

FBI: Home Internet Connected Devices Facilitate Criminal Activity

The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement to warn the public about cyber criminals exploiting Internet of Things (IoT) devices connected to home networks to conduct criminal activity using the BADBOX 2.0 botnet. Cyber criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products. Most of the infected devices were manufactured in China. Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity.

WHAT IS BADBOX 2.0 BOTNET

BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. BADBOX was identified in 2023, and primarily consisted of Android operating system devices that were compromised with backdoor malware prior to purchase. BADBOX 2.0, in addition to compromising devices prior to purchase, can also infect devices by requiring the download of malicious apps from unofficial marketplaces. The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity.

INDICATORS

The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks. more

Behold The Amazing "AIR" Key

AIR, a joke acronym for “Anti InfraRed.”

However, just a blast of compressed air can open most card-key access entry doors in commercial buildings. 

Compressed air does this by tricking the internal exit sensor into thinking someone wants to leave. 

Click the link to learn more and actually watch how anyone can B&E without a key. https://counterespionage.com/lock-trick/

P.S. - We creatively labeled these cans for our clients so they can demonstrate the vulnerability to their colleagues. Of course, we also provide them with security solutions to rectify the problem. 

You really should join our client family. It's easy. Just add our TSCM inspections to your security program. 

Corporate Spy v Spy v Spy v Spy, or Spy Cubed

The fight between HR tech startups has heated up another notch this week as Rippling on Thursday filed an 84-page amended complaint in its lawsuit against Deel.

The complaint accuses Deel of targeting, infiltrating, and compromising four other competitors, in addition to Rippling.

The revised complaint doesn’t name all of the four other alleged victims, except cryptocurrency-based tax and payroll compliance company, Toku. Toku is suing its competitor LiquiFi, also alleging corporate espionage and that Deel was involved...

The complaint also says that there are one or more additional victims who are “major competitors of Deel” in the employer of record market. A source familiar with the investigation believes that more witnesses will soon come forward at these other companies to offer details. more

So, A Man Steals A Cherry-Picker...

...while undercover L.A. sheriff’s deputy is using it to remove concealed surveillance cameras!

A man carjacked an L.A. County Sheriff’s Department bucket truck early Wednesday morning while a sheriff’s deputy was precariously positioned high above the ground in the bucket, authorities said....

Two undercover deputies were using the truck to remove concealed cameras when a man jumped into the vehicle, said he had to go to the hospital and began to drive away, law enforcement sources told The Times.

When the carjacking took place, one of the deputies was elevated in the bucket.

The man conducted a takeover of a 2011 Ford F550 utility bucket truck on the corner of Spring and Temple streets around 5 a.m. while two deputies were in the vehicle, according to a department bulletin. A deputy received minor injuries during a struggle with the carjacker and was treated at a hospital, according to a department statement. more

P.S. I'll bet there is at least one very nervous citizen who frequents that part of town.

Supermarket Facial Recognition: "Attention. Miscreant in Asile 5."

The facial recognition system used by New Zealand’s supermarket chain Foodstuffs to prevent retail crime is compliant with privacy rules but questions still remain about bias and negative impacts on Māori and Pacific people, according to the country’s privacy watchdog...

The trial covered 25 supermarkets in which more than 225.9 million faces were scanned ... the system was effective at reducing harmful behavior, especially reducing serious violent incidents...The system only identified people who have engaged in seriously harmful behavior, while people under 18 or deemed vulnerable were not included on the list.

The Privacy Commissioner’s Office is currently working on New Zealand’s first code of practice for regulating biometric data, slated to be released by mid-2025. more

Book: Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup

Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup

by Ross Haleliuk

Reader Review: “Cyber for Builders" offers an essential roadmap for navigating the cybersecurity vendor landscape.

Most cybersecurity books are written for hackers, security leaders and practitioners, and a general audience. 

This book is different as it is intended first and foremost for builders - startup founders, security engineers, marketing and sales teams, product managers, VCs, angel investors, software developers, investor relations and analyst relations professionals, and others who are building the future of cybersecurity. 

Cyber for Builders provides an overview of the cybersecurity industry from entrepreneurial lenses, breaks down the role of a variety of industry players, from investors to channel partners and acquirers, and offers insight into the trends shaping the future of security. 

Moreover, the book is packed with mental models, notes, and advice to help early-stage cybersecurity founders get their ideas off the ground and solve problems faced by young companies around problem discovery, hiring, building products, and fundraising, to name some. more

From the Off-Topic Files

The world's largest freely available fart recording dataset.
This dataset contains over 7500 fart recordings that were collected over a period of 37 months.

Suggested Uses

• Unsupervised signal classification - You can experiment with categorizing farts without any preexisting knowledge of defining characteristics and potentially apply these learnings to other signal types - speech, radar, tv, radio, light, EEG.

• Supervised signal recognition - This dataset could be used to experiment with developing deep learning models capable of recognizing whether a sound is a fart. An interesting property of farts is variable frequencies and inconsistent durations.

• Sound effects creation - This dataset could be used by sound designers or audio engineers as a basis to create new sound effects for movies, video games, or other media. You could also simply use it as a publicly available and free source of farts.

• Education and outreach - Educators and scientists can use this dataset as an approach to better engage their audiences in signal processing and deep learning.

License

• This data is publicly and freely available to use and modify however you would like. There is no license and no limitations for use. I would appreciate being notified of this data being used publicly, purely for my own entertainment. more