Risky Bulletin: White House Rejects Nominee for NSA & CyberCom Leader

Episode Release Date: June 23, 2025 | Host: Claire Aird | Presented by Risky.biz

1. White House Rejects Pentagon's Nominee for NSA & Cyber Command Leader

Timestamp: [00:04]

The episode opens with a significant development in U.S. cybersecurity leadership. The White House has officially rejected the Pentagon's nominee, Army Lt. Gen. Richard Angle, for the positions of National Security Agency (NSA) and Cyber Command (CyberCom) leader, replacing Gen. Timothy Haug.

Claire Aird reports, "The White House has rejected the Pentagon's choice for the head of NSA and Cyber Command" (00:04). This decision comes despite Angle having notable support from key Defense figures. In April, Politico highlighted that Defense Secretary Pete Hegseth and Director of National Intelligence Tulsi Gabbard backed Angle's nomination. However, the White House has yet to provide a reason for the rejection, leaving the cybersecurity community speculating about the underlying motivations.

2. FCC Investigates U.S. Cyber Trust Mark Program

Timestamp: [00:04]

In related news, the Federal Communications Commission (FCC) is scrutinizing the U.S. Cyber TrustMark program, which was launched earlier this year to assess and assign safety labels to Internet of Things (IoT) devices based on their cybersecurity features.

Claire Aird states, "The FCC is investigating the company that manages the U.S. cyber trustmart program" (00:04). An internal FCC document revealed by Fox News raises alarms about UL Solutions, the managing entity, highlighting their "deep ties to China, including testing labs in the country." This revelation has sparked concerns over the integrity and security implications of the Cyber TrustMark program.

3. Massive Data Breaches and Ransomware Attacks

a. Paraguay Data Breach

Timestamp: [00:04]

A significant breach has affected Paraguay, where hackers leaked data of 7.4 million citizens following the government's refusal to pay a $7.4 million ransom demanded by the hacking group Brigada Cyber. Notably, Paraguay's population is approximately 6.8 million, suggesting exhaustive data coverage.

Claire Aird notes, "Hackers have leaked the data of 7.4 million citizens in Paraguay" (00:04). Security firm Re Security attributes the data theft to breaches in at least two government agencies, raising serious concerns about national data security protocols.

b. Russian Animal Products Industry Disruption

Timestamp: [00:04]

A cyber attack has targeted Russia's Vetis system, which manages animal health and veterinary documents. The disruption has far-reaching impacts on industries reliant on Vetis, including the dairy sector. The attack has forced companies to revert to paper documentation, hampering production efficiency.

Claire Aird explains, "The attack on the Vetis system has impacted several industries, including the dairy" (00:04).

c. Tonga's National Healthcare System Hit by Ransomware

Timestamp: [00:04]

Tonga's national healthcare infrastructure has suffered another ransomware attack, crippling its public website and multiple internal systems. This incident marks the second major ransomware assault on Tonga, with the first occurring in 2023 when the Medusa Group targeted the state-owned telecommunications company. The current attack prompted Australian cybersecurity experts to assist with recovery efforts.

Claire Aird reports, "This is Tonga's second major ransomware attack" (00:04), highlighting the ongoing vulnerability of small island nations to sophisticated cyber threats.

d. Iranian Hackers Breach Tirana's Municipal Government

Timestamp: [00:04]

The Homeland Justice Group, linked to Iranian intelligence, has carried out a cyber attack on Tirana's municipal government. The breach disabled the city's website and the Kindergarten enrollment system. This group has a history of cyber skirmishes, previously targeting Albania in 2022, motivated by political tensions involving Iran's opposition party, MEK, based in Albania.

Claire Aird states, "The Homeland Justice Group, which is affiliated with Iranian intelligence, has taken credit for the attack" (00:04).

e. Oxford City Employee Data Breach

Timestamp: [00:04]

In the UK, hackers have accessed personal data of employees from Oxford City, particularly those involved in local elections from 2001 to 2022. The breach occurred on June 6th, and the city has since secured and restored its systems, with affected employees being notified.

Claire Aird mentions, "Hackers have stolen employees' personal data from the UK city of Oxford" (00:04).

f. Aflac and Coin Market Cap Targeted by Cybercriminals

Timestamp: [00:04]

American insurance firm Aflac has fallen victim to a sophisticated cybercrime group employing social engineering tactics to infiltrate the company's internal network and steal customer data. Concurrently, nearly $50,000 in assets were siphoned from over 100 users of the cryptocurrency portal Coin Market Cap through a phishing scheme that manipulated users into connecting their crypto wallets to malicious code.

Claire Aird reports, "Hackers have stolen almost $50,000 in assets from users of the popular crypto portal Coin Market Cap" (00:04), linking the attack to the same underground community behind Scattered Spider, which Google has identified as targeting the insurance sector.

g. Bitapro Cryptocurrency Exchange Compromised

Timestamp: [00:04]

Taiwanese cryptocurrency exchange Bitapro has accused North Korea's Lazarus Group of stealing $11 million in crypto assets. The attack involved social engineering to obtain AWS session tokens, bypassing multi-factor authentication (MFA) and exploiting a window during a wallet upgrade to execute the theft.

Claire Aird states, "The company says the Lazarus group stole 11 million worth of crypto assets from the exchange in late May" (00:04).

4. Cyber Espionage and State-Sponsored Attacks

a. Chinese Group Salt Typhoon Targets Canadian Telco

Timestamp: [00:04]

Salt Typhoon, a Chinese cyber espionage group, has breached a Canadian telecommunications company by exploiting a vulnerability in Cisco's Dev Assault from 2023. This marks Salt Typhoon's first known victim outside the United States, broadening the geographical scope of their cyber activities.

Claire Aird reports, "Salt Typhoon's telco hacking spree was discovered last year" (00:04), emphasizing the group's expanding reach.

b. Iranian Tactics in Israeli Security Cameras

Timestamp: [00:04]

The Israeli government has issued warnings to its citizens to disable security cameras, citing Iranian hacking attempts aiming to manipulate live feeds for missile targeting adjustments. This cyber tactic mirrors strategies employed by Russia during the Ukraine conflict and underscores the persistent cyber threats faced by national infrastructures.

Claire Aird notes, "Officials say Iran is hacking security cameras and using live feeds to adjust missile targeting" (00:04).

5. Government Initiatives and Investments in Cybersecurity

Timestamp: [00:04]

In a proactive move, the UK government has committed £16 million to bolster domestic cybersecurity startups through the Cyber Growth Action Plan program. A newly established board will oversee the allocation of funds, aiming to support the UK's robust cybersecurity industry, which boasts over 2,100 firms and generates more than £13.2 billion annually.

Claire Aird states, "The UK government will invest 16 million pounds in domestic cybersecurity start-ups this year" (00:04), highlighting the nation's commitment to enhancing its cyber defense capabilities.

6. Notable Cybercrime Cases and Vulnerabilities

a. Australian Man's Wi-Fi Phishing Scheme

Timestamp: [00:04]

Michael Clapsis, a 43-year-old Australian, has pleaded guilty to orchestrating fake Wi-Fi networks across various locations, including domestic flights and major Australian cities. These networks redirected users to phishing sites, capturing credentials and personal media, leading to unauthorized account access and privacy invasions.

Claire Aird reports, "An Australian man has pleaded guilty to setting up fake wifi networks and stealing personal data" (00:04).

b. Paragon Solutions' Zero-Day Exploits

Timestamp: [00:04]

Israeli spyware manufacturer Paragon Solutions has been implicated in deploying zero-day exploits to disseminate its graphite spyware on Android devices. The exploitation involved a vulnerability in the Font rendering library, delivered via PDF files through WhatsApp. Although Prophet Meta patched this zero-day in March, similar vulnerabilities continue to pose threats, with recent links to iOS attacks.

Claire Aird states, "Israeli spyware maker Paragon Solutions used a zero day to deploy its graphite spyware on Android devices" (00:04).

c. Asus Removes Vulnerable API Credentials

Timestamp: [00:04]

Asus has addressed a critical security flaw by removing hard-coded API credentials from its MyASUS support application. Discovered by a New Zealand software engineer known as Mr. Brah, the credentials granted administrator-level access, posing significant security risks since the app's 2022 release.

Claire Aird mentions, "Asus has removed hard coded API credentials from its myasis support app" (00:04).

d. IBM and Microsoft Address System Vulnerabilities

Timestamp: [00:04]

IBM has released a security update for its Storage Protect backup system to fix a vulnerability that allowed attackers to bypass authentication using a built-in admin account. Simultaneously, Microsoft announced plans to remove legacy drivers from the Windows Update system to mitigate security and compatibility risks, prioritizing the removal of outdated drivers with newer versions available.

Claire Aird reports, "IBM has released a security update to fix a vulnerability in its Storage Protect backup system" (00:04), and adds, "Microsoft will remove legacy drivers from the Windows Update system" (00:04).

Conclusion

This episode of Risky Bulletin delivered a comprehensive overview of significant cybersecurity developments, ranging from high-level governmental decisions to intricate cyber attacks affecting various sectors globally. The rejection of the Pentagon's nominee underscores the complexities in cybersecurity leadership, while ongoing data breaches and state-sponsored attacks highlight the relentless nature of cyber threats. Concurrently, government initiatives and corporate responses demonstrate a multifaceted approach to enhancing cybersecurity resilience.

For those keen on staying informed about the evolving cybersecurity landscape, this episode provides valuable insights into the challenges and responses shaping the field today.

Prepared by Catalyn Kim Panu and read by Claire Aird.