Some weeks in cybersecurity feel like a reminder of how many moving parts we’re all responsible for watching. This was one of those weeks.
Between a suspected supply-chain breach involving a telecommunications provider tied to a sensitive FBI system, dozens of firewall vulnerabilities requiring immediate patching, and another example of a third-party provider exposing telecom data, the common thread is pretty clear: attackers rarely go through the front door if a side entrance is available.
At the same time, the broader geopolitical situation involving Iran has analysts watching for increased cyber activity against U.S. organizations and infrastructure. That doesn’t mean panic — it just means paying closer attention to the signals that matter. For those of us working in security operations, weeks like this reinforce why visibility and curiosity are so important.
One thing I enjoy about this field is that there’s always something new to learn. New vulnerabilities, new techniques, new ways attackers try to blend in with normal activity. But there are also new tools helping defenders — like the recent AI-driven security analysis work uncovering thousands of open-source vulnerabilities before they become major incidents.
🔒 Security Tip of the Week:
When geopolitical tensions rise, it’s a good time to revisit your detection queries for abnormal authentication, unusual network scanning, and newly created administrative accounts. These early signals often appear before larger attacks unfold. Since U.S. authorities are warning of potential retaliatory cyber activity as a result from the Iranian conflict, here are some things to check:
Common TTPs observed in past Iranian campaigns
MITRE ATT&CK references:
- T1078 – Valid Accounts
- T1566 – Phishing
- T1046 – Network Service Scanning
- T1190 – Exploit Public-Facing Application
- T1021 – Remote Services
Early Indicators
Look for:
- Mass password spraying against O365 / Azure AD
- Increased scanning against VPN portals
- Webshell uploads on public-facing servers
- PowerShell spawning from IIS worker processes
Example Detection
- Process: w3wp.exe spawning powershell.exe
📌 This Week’s Outlook in a Shareable Statement:
Supply-chain exposure, critical firewall vulnerabilities, and rising geopolitical tensions are increasing cyber risk for U.S. organizations. Teams that strengthen monitoring, patch quickly, and track emerging indicators of compromise will be best positioned to detect activity early.
Thanks for taking a few minutes to stay informed this week! Staying curious, sharing what we learn, and helping each other improve is still one of the best defenses we have.
-Alan Kelly, Analyst
📰 Weekly News Roundup:
Here is the most recent Cybersecurity news for the past week:
🕵️♂️ FBI Wiretap Network Reportedly Breached via Supply Chain
US investigators suspect that hackers affiliated with the Chinese government breached a critical FBI wiretap system. Rather than a direct assault on the agency’s defenses, the attackers reportedly exploited a side door through an internet service provider that served as a vendor, highlighting severe ongoing risks in third-party telecommunications supply chains.
US investigators suspect that hackers affiliated with the Chinese government breached a critical FBI wiretap system. Rather than a direct assault on the agency’s defenses, the attackers reportedly exploited a side door through an internet service provider that served as a vendor, highlighting severe ongoing risks in third-party telecommunications supply chains.
⚠️ Cisco Discloses 48 Firewall Vulnerabilities, Including Two Critical 10.0 Flaws
Cisco has released patches for 48 new vulnerabilities across its firewall ecosystem, warning specifically of two critical bugs (CVE-2026-20079 and CVE-2026-20131) affecting the Secure Firewall Management Center (FMC). Both flaws carry a maximum CVSS score of 10.0 and could allow unauthenticated remote attackers to bypass authentication or execute arbitrary code with root privileges.
Cisco has released patches for 48 new vulnerabilities across its firewall ecosystem, warning specifically of two critical bugs (CVE-2026-20079 and CVE-2026-20131) affecting the Secure Firewall Management Center (FMC). Both flaws carry a maximum CVSS score of 10.0 and could allow unauthenticated remote attackers to bypass authentication or execute arbitrary code with root privileges.
📱 Ericsson Discloses Third-Party Data Breach Impacting Thousands
Global telecommunications giant Ericsson has confirmed a data breach affecting approximately 15,000 individuals. The incident stems from unauthorized access to systems belonging to an unnamed third-party service provider in April 2025, though the investigation and subsequent notification process were only recently completed.
Global telecommunications giant Ericsson has confirmed a data breach affecting approximately 15,000 individuals. The incident stems from unauthorized access to systems belonging to an unnamed third-party service provider in April 2025, though the investigation and subsequent notification process were only recently completed.
🤖 OpenAI’s New Codex Security Tool Uncovers Thousands of Open-Source Flaws
OpenAI has launched Codex Security, a new AI agent designed to help developers identify and mitigate complex risks at scale. Over the past month, the tool scanned 1.2 million commits across open-source repositories, discovering 792 critical and over 10,000 high-severity vulnerabilities in projects including OpenSSH, GnuTLS, and Chromium.
OpenAI has launched Codex Security, a new AI agent designed to help developers identify and mitigate complex risks at scale. Over the past month, the tool scanned 1.2 million commits across open-source repositories, discovering 792 critical and over 10,000 high-severity vulnerabilities in projects including OpenSSH, GnuTLS, and Chromium.
🌍 US Entities Face Heightened Cyber Risk Linked to Middle East Conflict
Analysts and insurance experts are warning that local governments, critical infrastructure providers, and major U.S. companies face an elevated risk of disruptive cyberattacks stemming from the ongoing military campaign against Iran. Reports indicate that a significant percentage of large U.S. firms across critical sectors are vulnerable to nation-state and proxy attacks, which could severely degrade services.
Analysts and insurance experts are warning that local governments, critical infrastructure providers, and major U.S. companies face an elevated risk of disruptive cyberattacks stemming from the ongoing military campaign against Iran. Reports indicate that a significant percentage of large U.S. firms across critical sectors are vulnerable to nation-state and proxy attacks, which could severely degrade services.