Issue 41 September 2nd 2025

Welcome

...

Welcome

Hello and Welcome!

Be sure to attend our monthly meetings. Lots of good information there. Register for our Thursday September 25th Virtual Meeting on our site ISC2CT.org

Also come Join our (ISC)2 Connecticut Chapter Discord Server

Upcoming events:

RSAC Virtual Seminar: Security Strategy & Architecture | September 4, 2025 11:00 AM ET This half-day seminar will explore the strategic approaches to organizational security and the landscape changes and emerging technologies that impact the overall security strategy. Sessions will examine architectural trends and approaches to modern security design as well as frameworks for defining roles and responsibilities within the security organization Agenda and Registration

Attack Surface Management Summit | September 17, 2025 | Virtual Event Join us for a must-attend virtual event exclusively focused on Attack Surface Management (ASM) as corporate defenders shift tactics to continuously discover, inventory, classify, prioritize, and monitor digital assets and cloud services.Hear from leading cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management Agenda and Registration

ISC2 Global Women’s Summit | September 18th, 2025 | Virtual Complimentary Pricing 4.25 CPE Credits Join us for the 2025 ISC2 Global Women’s Summit—a dynamic, half-day virtual event bringing together women and allies across the cybersecurity ecosystem. Whether you’re just starting out or have years of experience, this summit is for anyone passionate about advancing inclusion, sharing knowledge, and securing our digital world. By attending this live event, you are eligible to receive 4.25 CPE credits. Additional credits can be earned with on-demand viewing Agenda & Registration

BSides CT | Saturday, Sept. 20th, 2025 | Sacred Heart University (West Campus) 3135 Easton Turnpike Fairfield, CT A conference for the Connecticut information security (infosec) community, run by the Connecticut infosec community! The annual BSides CT event is a place for the community to share ideas and learn with: Insightful discussions: Formal and informal networking and educational opportunities Practical demonstrations: Hands-on activities, like our annual Capture the Flag (CTF) and workshops Interactive sessions: Talks covering latest trends and ongoing events that shape the future of infosec. Limited amount of discounted early bird tickets are still available Registration Link

Cyber Nutmeg 2025 | Friday October 10th 2025 | Central Connecticut State University CCSU Connecticut's Premier Cybersecurity Event for community anchors institutions. Join the National Guard, Connecticut Education Network (CEN), and your fellow colleagues this October. Given the current threats posed by various actors across the cyber domain, it is more imperative than ever that we ensure our vigilance and commitment to improving our cybersecurity posture across the state. The Cyber Nutmeg event is an opportunity to share our collective challenges, discuss innovative solutions, and work toward our common goal: securing our state’s networks and protecting our data. Registration Link

NEACS - The NorthEast Annual Cybersecurity Summit | Thursday, November 13th 2025 | Quinnipiac University, North Haven, CT Succinct presentations will focus on topics that give cyber leaders immediately actionable insights. Moderated discussion will follow each topic, with streamlined talking points to maximize audience take-aways. Agenda focus: The intersection of academics and enterprise for cybersecurity leadersCyber industry trends with respect to vendors, investment, product sprawl for 2026 planning. Case studies from law enforcement agencies, focusing on recent trends. The convergence of fraud prevention/risk management and cybersecurity Zero Trust, what it means in the context of risk strategy vs products & services Agenda and Registration Link

Thank you to our Sponsors

Quinnipiac University is committed to helping advance the field of cybersecurity through its School of Computing & Engineering. To support the growth of professionals within cybersecurity and computing, Quinnipiac offers flexible online and on-campus opportunities that deliver practical skills you can immediately apply on the job. Both its MS in Cybersecurity and MS in Computer Science programs feature hands-on experience in lab settings that simulate real-world scenarios. To learn more about these exciting opportunities, Visit Quinnipiac University

Cyber News

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI assistants.

One long sentence is all it takes to make LLMs misbehave

Updated: Chatbots ignore their guardrails when your grammar sucks, researchers find

Introducing: The Cyber Talent Podcast

The Cyber Talent Series — a show created to support cybersecurity professionals and people managers with practical insights on building and leading high-performing security teams. The first episode dropped on August 5, 2025, and new episodes will be released every other Tuesday

10 Major GitHub Risk Vectors Hidden in Plain Sight

By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software.

August 2025 Patch Tuesday forecast: Try, try again

Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, so the risk was low. But a short time later, two CVEs in SharePoint were reported exploited, and the month started to heat up with hotfixes near the end of the month. Mix in some security configuration issues with Microsoft Exchange Server and some major updates from Google and Apple, and the month ended with lots of activity.

CrowdStrike investigated 320 North Korean IT worker cases in the past year

Threat hunters saw North Korean operatives almost daily, reflecting a 220% year-over-year increase in activity, CrowdStrike said in a new report.

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations

Organizations detected only 1 in 7 attacks in 2025; log failures, misconfigurations, and performance issues left systems exposed.

Citrix Gear Under Active Attack Again With Another Zero-Day

The flaw is one of three that the company disclosed affecting its NetScaler ADC and NetScaler Gateway technologies. Citrix is once again testing customer patience with three new NetScaler flaws, one of which is a zero-day that attackers are already actively exploiting.

Data breach at TransUnion impacts 4.4 million people

Nearly 4.5 million people were affected by a data breach at the credit reporting giant TransUnion, the company informed regulators this week.

Hackers breach and expose a major North Korean spying operation

Two hackers broke into the computer of a North Korean government hacker and leaked its contents, offering a rare glimpse inside the secretive nation's spying operations.