π Welcome Back
Hello and welcome back to The CyberSignal.
Starting today, weβre permanently moving from Tuesdays to Thursdays β so you get a full ThursdayΒβThursday window of coverage. Consider this your fresh roundup of everything that mattered in U.S. and Canadian cyber from last Thursday through now.
We cut through the headlines β from zero-days and breach disclosures to policy shifts and threat actor movements β and zero in on whatβs next.
Whether youβre a CISO, SOC lead, or security practitioner, this is your guide to what to watch and what to act on.
π Overview: What Shifted in Cyber Since Last Thursday
CISA issues Emergency Directive 25-03 β federal agencies must patch two critical Cisco ASA / FTD vulnerabilities immediately. (TechRadar)
U.S. agencies targeted in hacking campaign tied to Chinese actors β newly exploited Cisco firewall flaws under investigation. (The Washington Post)
WestJet discloses data breach impacting 1.2 million passengers β passports, reservation files, and IDs exposed. (Reuters)
Allianz Life reports 1.5 million exposed in CRM breach β third-party vendor compromise disclosed. (Security Week)
Federal cyber posture weakened amid U.S. shutdown β CISA furloughs slow coordination, threat intelligence sharing. (CISO Series)
North American breach wave β ~3.7 million affected across multiple incidents (WestJet, Allianz, Motility Software) now being notified. (CISO Series)
β¨ This Weekβs Edition Brought to You By Kojo
Find your next winning ad creative in seconds with AI
Most platforms push you to make thousands of ads. Kojo helps you make better ones. We turn your social data into proven ideas, predict which will perform, and send them to real human creators in seconds. Less waste, more certainty, and ads that actually work.
π₯ Key Incidents & Analysis
CISAβs Emergency Directive & Cisco ASA / FTD Zero-Days
CISAβs Emergency Directive 25-03 orders all federal civilian agencies to identify, isolate, and patch vulnerable Cisco ASA / Firepower appliances (notably CVE-2025-20333 and CVE-2025-20362) amid an active exploitation campaign. (CISA)
Attackers have reportedly modified read-only memory (ROM) to persist across reboots and upgrades β making the threat especially insidious. (CISA)
Action: Immediately inventory ASA/FTD devices, turn off or disconnect unsupported units, apply patches, and collect forensic dumps per CISAβs βCore Dump & Huntβ guidance. (CISA)
U.S. Agencies Under Fire: The Chinese-Linked Intrusion Campaign
This weekβs reporting (Washington Post) reveals that U.S. agencies are among the victims of a sophisticated intrusion exploiting newly discovered firewall vulnerabilities. The campaign is believed to be state-sponsored and part of a broader pattern targeting government and critical infrastructure assets. (The Washington Post)
Why it matters: It underscores that even hardened federal systems are not immune to fast-moving exploit chains.
Action: Enhance threat hunting on firewall devices, especially for firmware anomalies or persistence techniques. Reassess segmentation between agency and contractor networks.
WestJet Breach: Cross-Border Exposure
WestJet confirmed that ~1.2M passengersβ personal and travel-related documents were exposed, including passport/ID data. Although no financial data was taken, this remains a significant breach. (Reuters)
U.S. residents affected are being notified, triggering state-level breach notice obligations. (Cybernews)
Action: If your organizations share systems or data with airlines, travel agencies, or loyalty platforms, confirm overlap, revalidate vendor security controls, and prep public notice or identity protection offers.
Allianz Life CRM Breach
Allianz Life disclosed that ~1.5 million U.S. customersβ data were accessed through a third-party CRM breach. (Security Week)
The firm asserts its own systems werenβt breached β the vulnerability stemmed from the vendor.
Action: Review your own CRM integrations and vendor oversight frameworks. Enforce stricter API and access controls, require audit logging, and verify encryption in transit and at rest.
North American Breach Wave: A Broader Pattern
A wave of breach disclosures this week β including WestJet, Allianz Life, and Motility Software β are delivering around 3.7 million notification letters across North America, as documented in filings to Maineβs AG. (CISO Series)
This cluster signals attackers are targeting high-density consumer data stores (insurance, travel, SaaS).
Action: CISOs should re-evaluate vendor risk metrics, push for breach indemnity clauses, and ensure cross-jurisdiction notification plans (U.S. states + Canadian PIPEDA) are in place.
β οΈ Threat & Vulnerability Highlights
Threat / CVE | Summary | Relevance to U.S./Canada |
|---|---|---|
Cisco ASA / FTD zero-days (20333 / 20362) | Under active exploitation, with ROM persistence | Direct impact on federal and enterprise perimeter assets |
Chinese-linked intrusion | Targeted campaign against U.S. agencies via firewall flaws | Governments + critical sectors under pressure |
WestJet breach | PII, passports, IDs exposed | Cross-border consumer exposure |
Allianz Life CRM breach | Vendor access used to compromise data | Highlights SaaS / third-party risk |
North American breach wave | ~3.7M affected across sectors | Broad consumer data exposure trend |
π‘οΈ Actionable Tips for CISOs & IT Leaders
π§ Patch ASA/FTD gear immediately β prioritize per CISA ED 25-03, or isolate unpatchable devices, see more on TechRadar.
π₯οΈ Add monitoring for device integrity changes β firmware, ROM, and config drift checks on perimeter gear; see CISA βCore Dump & Huntβ guidance.
π€ Reassess vendor frameworks β particularly CRM, airline/loyalty, and SaaS integrations; review NIST vendor risk guidance.
π Align breach disclosure plans β ensure compliance across U.S. state laws and Canadian PIPEDA requirements.
π‘ Supplement federal intel with private feeds β during the U.S. shutdown, lean on vendors like Recorded Future, Mandiant, or CISOs Series daily updates.
π§ͺ Run cross-entity incident exercises β simulate scenarios like perimeter compromise + mass consumer data leak; see MITRE ATT&CK for tabletop inspiration.
ποΈ Legislative & Regulatory Changes
β οΈ CISA Emergency Directive 25-03 β binding order for U.S. federal agencies to inventory, patch, or isolate vulnerable Cisco ASA / FTD devices. Private sector CISOs should treat this as a benchmark. (CISA)
βοΈ Breach disclosure enforcement rising β Maine AG filings highlight how U.S. states enforce reporting timelines. Expect tighter scrutiny if firms delay notifications. (Maine AG breach portal)
π Canadian privacy law spotlight β WestJetβs breach triggers reporting under PIPEDA. Canadian regulators may issue further guidance on travel/airline data handling.
π’ Third-party vendor accountability β Allianz Lifeβs CRM incident highlights pressure on firms to enforce vendor contracts with stronger security SLAs. This trend aligns with NIST SP 800-161 supply chain security.
π Shutdown impact on federal oversight β With CISA partially furloughed, Congressional committees may revisit cyber funding resilience in future appropriations. (Washington Post)
π Poll of the Week
π Looking Ahead
Additional firewall/vendor zero-days likely will surface in the coming weeks.
State-level operators may escalate targeting of travel, insurance, and highly consumer-connected domains.
Regulatory scrutiny on third-party vendor breaches will intensify in both the U.S. and Canada.
Expect more breach disclosures in sectors aggregating consumer data (telco, financial services, travel).
π‘ Pro Tip of the Week
Enable firmware integrity monitoring on all critical network appliances (firewalls, routers). Maintain baseline images and automatically alert on drift or unsigned changes. Attackers are now tampering with ROM and firmware to embed persistence β see also CISAβs Core Dump & Hunt guidance.
π Conclusion
This weekβs stories were dominated by infrastructure-level compromises and sharp vendor breaches. The disparity: compromised walls and compromised relationships. For U.S./Canadian leaders, the playbook is clear β patch fast, validate trust, and be ready to operate with limited external support.
Thanks for reading this edition of The CyberSignal. Feel free to share β or tell me if youβd like sector-specific (healthcare, retail, OT) add-ons next week.
Thanks for reading this edition of The CyberSignal. Check out last weekβs edition if you havenβt already.
Till next week,
The CyberSignal Team
π© Found this roundup useful? Share The CyberSignal with a colleague who needs to stay ahead of cyber threats.
Stay Ahead with Daily CyberSignal Reports
Upgrade to The CyberSignal Daily for morning reports with the latest breaches, CVEs, and actionable insights before your day begins.