Cybersecurity: Threats and Defences

A poisoned Nx Console extension sat on the VS Code Marketplace for 18 minutes, long enough to steal a GitHub employee's tokens and clone roughly 3,800 internal repositories. The same actor that hit Cisco's source last fortnight has now breached the registry operator itself. CISA added two AI-tier flaws and a Drupal SQL bug to KEV; the UK cyber sector cleared 14.7 billion pounds.

GTIG named the first criminal LLM-generated zero-day and the actor cluster that stole Cisco AI Defense source code. CISA gave federal agencies until 29 May to fix an Exchange flaw Microsoft has not patched. The ICO fined a UK water company £963,900.

CISA gave federal agencies until 9 May to fix a Palo Alto firewall flaw. The patch ships on 13 May. State-nexus attackers have been inside the same firewalls since 16 April. Trellix, cPanel and Ivanti round out a week in which the perimeter device stopped pretending to hold.

Sixteen agencies admitted on 23 April that indicators of compromise vanish faster than blocklists can absorb them. A day later, CISA and NCSC named FIRESTARTER, a Cisco firewall implant that survives every patch. The defender's job has shifted from removing the indicator to rearchitecting the device.

Iran-linked Handala wiped 80,000 to 200,000 Stryker devices across 79 countries on 11 March using one stolen Microsoft Intune admin credential, with no malware deployed. NHS Supply Chain issued a UK disruption alert; Stryker filed an SEC 8-K/A. US defenders face this with a proposed $707m CISA cut and a Citrix/F5 vendor stack still burning.