Weekly Security Sprint EP 119. Cyber fundamentals -third party management, passwords, and patching plus P2D2!

Please enjoy our newest podcast, the weekly Security Sprint, on Spotify, Apple, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

• The GRIP is one year old and to celebrate, we’re running an anniversary sale!!
• Join the GRIP in July and use promo code HOTJULY2025 to receive a 20% discount!

Gate 15 is excited to offer a new low-cost ransomware resilience exercise for executives designed to be budget-friendly especially for small and medium sized organizations and non-profits! Contact us today for more information on this great opportunity!

In this week’s Security Sprint, Dave and Andy covered the following topics:

• Join the GRIP! The GRIP is one year old and to celebrate, we’re running an anniversary sale!! Join the GRIP in July and use promo code HOTJULY2025 to receive a 20% discount!
• 26th Annual TribalNet Conference & Tradeshow
• The Gate 15 Interview EP 60 – Sasha Larkin: “I like the chaos, chaos makes sense to me.” 
• The SUN will not be published the week of 28 Jul – 01 Aug. The SUN will resume the following week.
• P2D2!

Main Topics:

Microsoft, China & Vendor Risk Management:

• A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
• US senator seeks details from Defense Department on Microsoft’s Chinese engineers
• Microsoft says it will no longer use engineers in China for Department of Defense work
• Chairmen Gimenez, Moolenaar, Self Probe Tech Companies Over Risks To Undersea Telecom Infrastructure

Weak password allowed hackers to sink a 158-year-old company

Patching!

• Microsoft SharePoint vulnerability CVE-2025-53770: Microsoft: Customer guidance for SharePoint vulnerability CVE-2025-53770 & UK NCSC: Active exploitation of vulnerability affecting Microsoft Office SharePoint Server products in the UK
• Canadian Centre for Cyber Security: CrushFTP security advisory (AV25-432)
• CISA Adds One Known Exploited Vulnerability to Catalog – CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability
• CitrixBleed 2 situation update — everybody already got owned
• Canadian Centre for Cyber Security – Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway – CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 – Update 2

Managing Politics and Bias

Quick Hits:

• National Guard hacked by Chinese ‘Salt Typhoon’ campaign for nearly a year, DHS memo says
• Charter Calls Increased Critical Infrastructure Attacks on Spectrum Network in Missouri Acts of Domestic Terrorism
• UK NPSA – Security-Minded Communications – Guidance for Remote and Rural Locations
• Canadian Centre for Cyber Security (CCCS) & Canadian Anti-Fraud Centre (CAFC) Joint Advisory: Cyber officials warns of malicious campaign to impersonate high-profile public figures
• Examining How International Hacktivist Groups Pursue Attention, Select Targets, and Interact in an Evolving Online Landscape
• China’s cyber sector amplifies Beijing’s hacking of U.S. targets
• Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity
• Of course, Grok’s AI companions want to have sex and burn down schools
• Investor Alert: Look Out For Possible Investment Scams Related to the Texas Floods
• The Amnban Files: Inside Iran’s Cyber-Espionage Factory Targeting Global Airlines
• Indian crypto exchange CoinDCX hacked, $44M drained

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• Venue Security, The IAVM Podcast Series was a 2024 limited series podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosted a series of short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at Gate15@gate15.global.