Alexander Chamandy

As tech evolves, so do the tactics of cybercriminals targeting privileged credentials. Federal agencies are stepping up their game with NIST’s Cybersecurity Framework. Dive into NIST’s Special Publication 800-63 to see how they're managing digital identity risks.

Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901). "The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO), one of the major aircraft production entities in Russia via using товарно-транспортная накладная (TTN) documents — critical to Russian logistics operations," Seqrite Labs researcher Subhajeet Singha said in an analysis published this week. The attack commences with a spear-phishing email bearing cargo delivery-themed lures that contain a ZIP archive, within which is a Windows shortcut (LNK) file that uses PowerShell to display a decoy Microsoft Excel document, while also deploying the EAGLET DLL implant on the host. https://lnkd.in/g_vQ7w6s

4

Federal PQC Procurement Has Reset Private Sector Security Standards When the federal government declares post-quantum cryptography widely available, it establishes a new baseline for reasonable security that the private sector cannot ignore. On January 23, 2026, Cybersecurity and Infrastructure Security Agency published its Product Categories for Technologies That Use Post-Quantum Cryptography Standards, executing Executive Order 14306. The guidance is explicit. When PQC-capable products are widely available in a category, federal agencies should procure only those products. That decision reshapes the market. Why this matters beyond compliance: Federal procurement power drives vendor roadmaps. Vendors adapt or lose revenue. Within one to two refresh cycles, PQC capabilities become default in commercial products. Systems that cannot support PQC rapidly become legacy technology while still under maintenance contracts. The risk model driving this shift is not speculative. Harvest now, decrypt later attacks are already happening. Adversaries are collecting encrypted data today with long retention value. If your data must remain confidential for decades, financial records, intellectual property, infrastructure designs, exposure already exists. CISA’s guidance operationalizes years of standards work led by the National Institute of Standards and Technology and removes technology immaturity as a valid reason to delay. The strategic cascade leaders should recognize: Federal procurement shapes vendor capability. Vendor capability determines interoperability. Interoperability governs supply chain eligibility. Insurance carriers price the risk. Litigation defines negligence. Together, these forces quietly reset what qualifies as reasonable security. Boards will eventually ask a simple question. Why were quantum-vulnerable systems procured in 2026 when PQC-capable alternatives were widely available? What leaders should do now: • Build a cryptographic bill of materials. Identify every use of RSA, ECDH, and ECDSA. Prioritize by data longevity and business impact. • Update procurement standards immediately. Any 2026 RFP in covered categories should require PQC capability with hybrid support. • Test performance early. PQC affects signature size, bandwidth, and latency differently across finance, manufacturing, and utilities. • Address firmware signing for long-lived systems. Industrial and infrastructure assets cannot wait for perfect conditions. The natural bias is to discount future quantum risk against present budget pressure. When alternatives are available, that bias becomes documented liability. This is not compliance theater. It is stewardship of trust, resilience, and market credibility over decades. CISA has made the signal clear. The tools exist. The remaining question is readiness. Is your risk committee tracking this market transformation? #PostQuantumCryptography #EnterpriseRisk #CyberLeadership #CriticalInfrastructure #QuantumSecurity

7

3 Comments

This recent WhatsApp issue is a useful case study because it demonstrates what unsophisticated attacks actually look like in practice. No exploit development, no heavy reverse engineering, just persistent querying of an endpoint that never said no combined with a platform team that never noticed.

34

2 Comments

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar Milenkoski and Tom Hegel said in a report published today. Some of the targeted sectors include manufacturing, government, finance, telecommunications, and research. Also present among the victims was an IT services and logistics company that was managing hardware logistics for SentinelOne employees at the time of the breach in early 2025. The malicious activity has been attributed with high confidence to China-nexus threat actors, with some of the attacks tied to a threat cluster dubbed PurpleHaze, which, in turn, overlaps with Chinese cyber espionage groups publicly reported as APT15 and UNC5174. In late April 2024, SentinelOne first disclosed PurpleHaze-related reconnaissance activity targeting some of its servers that were deliberately accessible over the internet by "virtue of their functionality." https://lnkd.in/gVsW6Pyj

6

2 Comments

VulnCheck security researcher Patrick Garrity 👾🛹💙 connected with Mathew Schwartz of Information Security Media Group (ISMG) at Infosecurity Europe to discuss all things vulnerabilities, including the state of existing databases, the growth of CVEs, the newly launched EUVD, and more. Check it out: https://lnkd.in/e4Jt-TG3

13