Brief #104: Coinbase $400m Breach, Wiz's Zero-CVE OS, Cisco Readiness Index

Happy Sunday!

The gap between cybersecurity awareness and actual readiness continues to widen. Cisco's latest report shows only 4% of companies have reached mature security readiness despite growing threats. I'm seeing this constantly with orgs who understand the risks but struggle to implement effective defenses.

In this week's brief:

• Chinese threat actors are actively exploiting a critical SAP NetWeaver vulnerability across hundreds of systems
• Anthropic's CISO predicts AI virtual employees with their own accounts will appear on corporate networks within a year
• The cybersecurity job market remains strong for experienced professionals, with application security roles in particularly high demand

Dive in for the full stories and more insights to start your week prepared.

Industry News

Chinese Nation-State Actors Exploit Critical SAP NetWeaver Vulnerability Across 581 Systems

• Multiple China-linked threat groups are actively exploiting the unauthenticated SAP NetWeaver vulnerability (CVE-2025-31324) that enables remote code execution to compromise critical infrastructure systems across UK, US, and Saudi Arabia.

• Attackers deploy web shells for persistent access and drop various malware including KrustyLoader (Rust-based), SNOWLIGHT, VShell (Go-based RAT), and GOREVERSE backdoor; EclecticIQ found exposed attacker infrastructure containing logs of compromised systems and 800 domains targeted for future exploitation.

• SAP has released patches for this vulnerability and a newly discovered critical flaw (CVE-2025-42999, CVSS 9.1) in NetWeaver's Visual Composer Metadata Uploader component; immediate patching is strongly recommended.

Wiz Launches WizOS: Hardened Container Base Images With Near-Zero CVEs

• Wiz has released WizOS, a hardened Linux distribution designed as a minimal container base image with near-zero CVEs to address the problem of developers being slowed down by critical vulnerabilities in base images.

• Built as a drop-in replacement compatible with Alpine but using glibc instead of musl, WizOS features a reproducible pipeline with controlled environments, deterministic output, and components built from source with signing and provenance.

• The implementation reduced critical and high CVEs to near zero, resulting in fewer blocked builds, smaller container sizes, and faster CI pipelines, while now being available in private preview for Wiz customers.

Coinbase Breach Exposes Customer Data After Rogue Support Agents Steal Information

• Cybercriminals bribed overseas support agents to steal personal data from approximately 1 million Coinbase customers (1% of their user base), including names, addresses, government IDs, and account transaction history.

• While no passwords, private keys, or funds were directly compromised, Coinbase estimates potential losses between $180-400 million from remediation costs and reimbursements to customers who were subsequently tricked into sending funds.

• Coinbase refused to pay the $20 million extortion demand and instead established a reward fund of the same amount for information leading to the attackers' identification.

Leadership Insights

SMBs Face Critical Cybersecurity Gaps Despite Awareness, Kinetic Business Reports

• 52% of small and medium-sized businesses lack confidence in their cybersecurity preparedness, despite 59% recognizing it as a key priority – creating a significant vulnerability gap that cybercriminals can exploit.

• Economic constraints are the primary challenge with 66% of SMBs citing budget limitations for technology adoption, while 43% of all cyberattacks target SMBs at an average cost of $25,000 per incident.

• SMBs are primarily seeking affordable security solutions with 61% citing price as the deciding factor for switching providers, while only 36% express interest in advanced or AI-powered tools due to limited IT resources.

Cisco's 2025 Cybersecurity Readiness Index Shows Flat Progress Despite Rising AI Threats

• Cisco's third annual survey of 8,000 businesses across 30 global markets reveals only 4% of companies reached Mature cybersecurity readiness (up from 3% in 2023), while 70% remain in the bottom two categories (Formative 61%, Beginner 9%).

• Nearly 9 out of 10 (86%) business leaders reported at least one AI-related incident in the past year, with the most common being model theft (43%), AI-enhanced social engineering (42%), and data poisoning attempts (38%).

• Despite widespread AI adoption, there's a concerning security gap – only 49% of respondents believe employees understand AI-related cybersecurity threats, while 22% allow unrestricted access to publicly available GenAI tools without security oversight.

Bitsight State of the Underground 2025 Reveals 25% Rise in Ransomware Attacks

• Ransomware attacks increased nearly 25% in 2024, with a 53% rise in leak sites, while data breaches on underground forums grew 43% with US organizations comprising 20% of victims.

• Compromised credentials surged to 2.9 billion unique sets in 2024 (up from 2.2 billion), and stealer logs from 7.7 million endpoints were listed on underground markets, with Lumma and Risepro replacing Raccoon as leading malware.

• Underground markets listed 14.5 million compromised credit cards in 2024 (20% increase), with US cards accounting for 80.7% of all listings, while the most vulnerable devices were found in Information and Professional Services sectors.

Discover my collection of industry reports, guides and cheat sheets in Cyber Strategy OS

Career Development

SANS | GIAC 2025 Cybersecurity Workforce Report Redefines Talent Challenge

• Organizations are shifting focus from merely filling headcount vacancies to finding professionals with the right skills, with 52% identifying "not having the right staff" as their primary challenge compared to 48% citing "not enough staff."

• Technical capability has emerged as the top hiring criterion (19%), followed by certifications (14%), with 65% of organizations requiring skill validation for client requirements and 58% using certifications for internal decisions.

• Workplace culture significantly impacts retention, with 34% of organizations identifying "working well within a team" as the most crucial cultural value, while new regulatory requirements like NIS II, DORA, and CMMC already influence hiring practices for 40% of organizations globally.

Cybersecurity Professionals Report Growing Skills Gap Between Interviews and Job Performance

• Cybersecurity practitioners observe that recent hires often interview well using buzzwords but lack practical skills, with some candidates misrepresenting online learning platforms as actual work experience.

• The fundamental issue isn't inexperience but unwillingness to learn, with veteran industry professionals noting that teaching fundamentals and troubleshooting skills has become increasingly neglected in modern training approaches.

• Multiple commenters suggest the hiring process has become "gamified," with companies selecting candidates based on interview performance rather than technical aptitude, while experienced professionals recommend focusing on building comprehensive onboarding and mentorship programs.

Experienced Cybersecurity Professionals Finding Job Market Remains Strong Despite Economic Concerns

• Experienced cybersecurity professionals report relative ease in finding positions, with many stating that the market remains strong for those with practical skills and proper job search techniques.

• Application security roles were specifically highlighted as remaining in high demand, with one commenter noting these positions command some of the highest salaries in the cybersecurity field.

• Breaking into the industry without experience remains exceptionally difficult, with recommendations to gain security-related experience in current roles before transitioning to dedicated security positions.

AI & Security

Anthropic CISO Warns of AI Virtual Employees Coming Within a Year

• Anthropic's Chief Information Security Officer Jason Clinton predicts AI-powered virtual employees with their own accounts, roles, and memories will begin operating on corporate networks within a year, requiring companies to reassess their cybersecurity strategies.

• These virtual employees present unique security challenges including account security, appropriate network access, potential rogue behavior, and questions of responsibility when AI systems perform unauthorized actions in corporate environments.

• Several cybersecurity vendors are already developing solutions for managing non-human identities, with Okta recently releasing a unified control platform to monitor unauthorized activity from AI accounts and provide better visibility into system access.

CaMeL System Defeats Prompt Injections by Design Using Control and Data Flow Security

• Researchers introduce CaMeL, a novel defense against prompt injection attacks that creates a protective layer around LLMs without modifying the models themselves. CaMeL explicitly extracts control and data flows from trusted queries and uses capabilities-based security to prevent untrusted data from impacting program flow.

• In evaluation on the AgentDojo benchmark, CaMeL successfully solved 67% of tasks with provable security while stopping all 949 attacks that compromised undefended models. The system maintains capabilities (metadata tags) for each value to restrict data flows based on fine-grained security policies.

• CaMeL implements a dual-LLM architecture with a Privileged LLM that plans actions and a Quarantined LLM that processes potentially malicious data, along with a custom Python interpreter that tracks data provenance and enforces security policies, requiring about 2.8× more tokens than native tool calling.

OpenAI Shares Seven Enterprise AI Adoption Strategies For Organizations

• OpenAI recommends starting with evals – systematic evaluation processes that measure how AI models perform against specific use cases, as demonstrated by Morgan Stanley who achieved 98% daily AI adoption among advisors after implementing rigorous evaluation frameworks.

• The company emphasizes embedding AI directly into products to create enhanced customer experiences, while also advising organizations to customize and fine-tune models to dramatically increase value for specific organizational contexts.

• For successful implementation, OpenAI suggests putting AI tools in the hands of domain experts, unblocking developers through automating the software development lifecycle, and setting bold automation goals for routine operations to free staff for higher-value activities.

Market Updates

Kovr.Ai Emerges From Stealth With $3.6M To Automate Cybersecurity Compliance

• Reston, VA-based Kovr.ai secured $3.6 million in funding led by IronGate and Xfund, with participation from Hack Factory, OODA Ventures, and McLean Capital, to expand its go-to-market, AI engineering, and product development teams.

• Founded in 2018, Kovr.ai claims to be the only AI-native cyber compliance automation platform, using real-time code-driven intelligence to automate frameworks like FedRAMP and cybersecurity maturity model certification.

• The platform reportedly reduces the time required for Authorization to Operate (ATO) readiness from months to minutes, addressing the typical "$2 million barrier" companies face when seeking government deployments.

Cybersecurity Market Projected to Reach USD 562.72 Billion by 2032](https://www.openpr.com/news/4017169/cybersecurity-market-usd-562-72-billion-by-2032-owing)

• Global cybersecurity market valued at USD 172.24 billion in 2023 is expected to grow at a CAGR of 14.3% through 2032, driven by increasing volume and complexity of cyber attacks targeting organizations across sectors.

• Key market trends include the rise of AI and machine learning in cybersecurity solutions for real-time threat detection, and growing adoption of cloud-based security solutions that provide scalability and centralized management capabilities.

• Leading market players include Cisco Systems, IBM, Microsoft, Fortinet, Palo Alto Networks, and other major technology companies competing in the rapidly expanding industry.

Orca Security Acquires Agentic AI Startup Opus

• Cybersecurity unicorn Orca Security has acquired AI security startup Opus, strengthening its capabilities in agentic artificial intelligence security.

• Orca Security plans to expand its Portland office and workforce following the acquisition, showing continued investment in the region's tech ecosystem.

• This acquisition follows other strategic moves in the cybersecurity industry, including previous executive role changes at Orca Security and significant investments in other Portland-based security firms.

Tools

Mend

An application security platform that combines SCA, SAST, container security, dependency management, and AI model risk analysis with integrated workflows for development and security teams.

Microsoft Entra Verified ID

A decentralized identity verification solution that enables organizations to issue, manage, and verify digital credentials for user-owned identity scenarios.

PAGO Networks Managed Security Services

PAGO Networks delivers AI-powered managed security services including MDR, integrated EPP/EDR, dark web monitoring, Open XDR, and OT-oriented endpoint protection.

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity, leadership and AI updates, follow me on LinkedIn, BlueSky and Mastodon.

Best, 
Nikoloz