Week of June 13th, 2025
Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
Packetlabs at Info-Tech LIVE 2025
Info-Tech LIVE 2025 brought another wave of powerful insights to the thousands of IT leaders gathered at the Bellagio in Las Vegas for the global research and advisory firm's annual industry conference.
Info-Tech LIVE is hosted by the Info-Tech Research Group, one of the world's leading research and advisory firms, proudly serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
From AI's organizational impact to transformative leadership frameworks, the day-two sessions of the three-day event delivered strategic direction across the most pressing areas of enterprise technology.
The keynotes drilled into the leadership disciplines and bold bets that separate tomorrow's IT winners from the pack. Featured speakers unpacked everything from building an exceptional IT leadership bench and steering high‑stakes digital gambles to sizing up the next wave of tech trends and reigniting motivation at the human level.
One such presentation was our Lead Researcher, Arman Aryanpour's, insights on the illusion of security in the cloud security landscape.
For those who weren't able to catch Arman's presentation in person, we recommend the following resources:
It was a pleasure to be a part of this year's Info-Tech LIVE. Are you attending Black Hat USA this August?
Canadian N.S Power Approved for $1.8M Cyber Project Weeks After Large-Scale Ransomware Attack
Nova Scotia Power has gotten approval for a cybersecurity improvement project, just weeks after a ransomware attack affected the personal data of thousands of customers.
The Nova Scotia Energy Board approved the $1.8-million initiative, dubbed the Next Generation Network Security Design project, on Thursday.
The utility submitted its application on April 7 for the project, which it said would enhance its existing information technology network and firewall infrastructure to manage cyber threats, "resolve operational complexities, and facilitate future business objectives."
Nova Scotia Power said the project will "improve cyber security capabilities and reduce the risk of a cyber incident," Roland A. Deveau, the energy board's vice-chair, wrote in a decision letter that was shared with the media.
The utility's computer systems had already been attacked by ransomware hackers when the company made its application. It has said the breach happened on March 19, but it did not discover the issue until more than a month later, on April 25.
The company disclosed the cybersecurity incident three days after that.
"Importantly, the board's approval of this project does not preclude it from assessing the adequacy of N.S. Power's IT systems as part of the board's ongoing investigation into the data breach," the board said in a news release. "At this time, it is not known whether this specific project would have prevented or mitigated the breach."
About 280,000 customers — more than half of the utility's customers in the province — were informed by letter that their personal information, including their name, address, phone number, birthdate, driver's licence, social insurance number and banking information may have been taken in the attack.
The board stated it is working with cybersecurity experts to conduct a full review of whether Nova Scotia Power acted prudently before, during and after the event.
Meanwhile, Nova Scotia Power CEO Peter Gregg avoided a direct answer when asked last week whether the utility would commit to covering the costs of the breach internally rather than handing the bill to ratepayers.
He said insurance would likely cover many expenses, but the utility doesn't yet know the cost of the breach, so he could not give a "yes or no answer."
On Thursday, Premier Tim Houston told reporters that the province would step in if the company asks to recover those costs from customers.
"We're not going to let the ratepayers pay for this," Houston said. "If Nova Scotia Power makes a move to try to get ratepayers to pay for it, we will oppose that very vehemently."
➡️ Read More: Proactive Security Solutions for the Utilities Sector
Microsoft CoPilot: Critical Flaw Permitted Zero-Click Attack
A recently fixed critical vulnerability in Microsoft’s Copilot AI tool could have let a remote attacker steal sensitive data from an organization simply by sending an email, researchers say.
The vulnerability, dubbed EchoLeak and assigned the identifier CVE-2025-32711, could have allowed hackers to mount an attack without the target user having to do anything. EchoLeak represents the first known zero-click attack on an AI agent.
An EchoLeak attack could have exploited what researchers call an “LLM scope violation,” in which untrusted input from outside an organization can commandeer an AI model to access and steal privileged data.
Vulnerable data could potentially include everything to which Copilot has access, including chat histories, OneDrive documents, Sharepoint content, Teams conversations and preloaded data from an organization.
➡️ Read More: Demystifying the Market for Zero-Day Exploits
Microsoft said it has updated products to mitigate the issue. The company is also implementing defense-in-depth measures to make further enhancements to its security posture.
Jeff Pollard, vice president and principal analyst at Forrester, said the vulnerability is in line with prior concerns raised about the potential security risks from AI agents.
Recent Posts From Our Ethical Hackers
Every month, our ethical hackers work to provide free resources so that your team can continue improving your organization's security posture.
"The Newly-Launched Packetlabs GitHub" by Ian Lin , Director of Research and Development
"Writing Off Ransomware Payments" by Isaac Privett, ethical hacker at Packetlabs