The Cybersecurity Roundup

🔥 The Cybersecurity Roundup

"Hackers Don’t Take Vacations… And Neither Should Your Security"

This week’s cyber headlines read like the script of a summer blockbuster:

• Hackers hijacking oil pipelines.
• FBI warning us about ancient routers acting like zombie proxies.
• LockBit ransomware crew getting hacked themselves (karma?).
• And Google’s newest trick? A scam-fighting AI baked into Chrome.

If you're still treating cybersecurity like an after-hours project, you're officially behind. Security isn't just a firewall or a budget line item—it’s a business survival strategy. The threats are getting smarter, faster, and automated. Your response needs to be just as agile.

Let’s break it down...

📉 The Week in Cybersecurity – 13 Stories You Need to Know

1. The 8 Security Metrics That Matter Most Most companies track metrics that make them feel safe but don’t prove resilience. This piece outlines the critical KPIs like dwell time, patch cadence, and mean time to respond. 🔗 Read more

2. 7 Tips to Improve Cybersecurity ROI Cybersecurity is an investment, not a sunk cost. These seven strategies help you tie security directly to business performance. 🔗 Read more

3. Passwords Are Still a Nightmare in 2025 The laziest attack vector continues to work: reused passwords. This study reveals which bad habits businesses haven’t broken—and how they’re paying for it. 🔗 Read more

4. Chrome Rolls Out Scam-Fighting AI Google’s new scam-detection AI in Chrome flags sketchy pages and phishing language in real time. A helpful addition to the average user’s defense stack. 🔗 Read more

5. Security Tools Alone Don’t Save You You can have all the EDR, SIEM, and XDR in the world—and still get wrecked. Why? Because cybersecurity is more about people, culture, and process than tool count. 🔗 Read more

6. The Rise of Machine Credential Abuse Hackers are now targeting machine credentials—like service accounts, tokens, and keys—used by your vendors. And most companies aren’t even monitoring them. 🔗 Read more

7. The Hacker Marketplace is Getting Professional Criminal enterprises now mirror SaaS startups—offering ransomware kits, AI-enhanced phishing bots, and customer support. This isn’t “hacking in a hoodie” anymore. 🔗 Read more

8. Operation PowerOFF Takes Down DDoS-for-Hire Sites Nine major DDoS-for-hire platforms were shut down. A global win, but don’t expect a quiet summer—others will rise in their place. 🔗 Read more

9. ICS & SCADA Attacks Target Oil & Gas U.S. government issues warnings as threat actors zero in on infrastructure-level systems in energy sectors. Think Colonial Pipeline 2.0. 🔗 Read more

10. Cisco Patches 35 Vulnerabilities A sweeping patch cycle from Cisco. If your network gear isn’t updated—this is your sign. 🔗 Read more

11. FBI Warns on Legacy Routers Used as Proxies Outdated home and business routers are being hijacked into proxy networks to mask criminal activity. 🔗 Read more

12. LockBit’s Secrets Exposed In a twist of poetic irony, the LockBit ransomware gang was hacked—leaking internal chats that show just how predatory their tactics really are. 🔗 Read more

🎙️ Interview: Don Mangiarelli on Why Cybersecurity Still Fails in 2025

CSR: Don, security tools are everywhere—EDR, XDR, MDR, SIEM… Yet we’re still seeing breaches. Why do you think that is?

DM: Well, the bottom line for security in any business—or personally for that matter—is the human element. Until we take security training seriously, we will continue to see breaches. Humans fall into a false sense of security. Couple that with AI and the increasing sophistication of attackers, and you’ll see why cyberattacks are rising. Humans are the first and sometimes the last line of defense.

CSR: What’s a common blind spot that businesses overlook when they “check the box” on cybersecurity?

DM: Cybersecurity is like a plant—if you don’t water it, it dies. Most execs I talk to don’t realize the threats that exist and how easily a criminal can sit in their inbox for months. They wait for high-pressure moments to strike—like a deal closing—when people are emotional and rushed.

CSR: How should a company measure whether their cybersecurity is actually working?

DM: Your cybersecurity provider should be having quarterly briefings, twice-yearly security audits, and sending monthly reports showing the effectiveness of their work. If you’re just assuming your “IT guy” has it handled, you’re in danger of being hacked.

CSR: What trends are you seeing around AI and automation in cyber defense?

DM: AI is just another piece of software—and it has to be secured. Most businesses have no usage policy, and employees are pasting sensitive data into ChatGPT. That’s a goldmine for hackers. AI in defense is here, but without governance, it’s just another risk vector.

CSR: If a company could only make one cybersecurity improvement this quarter, what should it be?

DM: Implement usage policies around AI. Everyone’s using it—even if you don’t think your team is. Hackers can gather insights like revenue, clients, and employee count, then tailor extortion attacks. Business owners will either wise up or go out of business.

🤖 AI Prompt of the Week: “What Should I Do Next in My Career?”

CRIT Method Prompt:

Context: I’m trying to explore career opportunities or make a professional pivot that aligns with my experiences, strengths, and personal values. Role: You are an expert career strategist and executive coach trained in talent development, workforce trends, and AI-powered decision frameworks. Interview: Ask me deep questions about my job history, strengths, passions, skills, certifications, preferred work culture, and industries I’m curious about to gain a clear understanding of my strengths, weaknesses and interests. Task: Based on my answers, recommend 3–5 career paths or specific job roles that would be a strategic next step. Include why they’re a fit and what steps I’d need to take to get started. In addition, I want you to recommend 2 uncommon career paths that I haven't considered.

Paste this into ChatGPT, Claude, or your favorite AI platform and let it help you uncover your next big move.

🧠 Need to Talk Strategy?

Cybersecurity isn't just about tools—it's about protecting everything you’ve built. If you want a fresh perspective on your risks, AI strategy, or what your “IT guy” isn’t telling you, I offer a free 15-minute strategy session.

👉 Book your free session here

Let’s talk shop. No pressure. Just clarity.