. hi, it's Jim. If you're one of those people who likes to read to keep up, the next announcement is for you. By the way, this is not a paid announcement. This is just me pitching in to help a publisher who specializes in cybersecurity publications. Hi. , my name is Dan Swanson. I'm with Dan Swanson and Associates. I've been a series editor for A CRC press series for going on 10 years now. We're doing books in the security audit and leadership space.
We're approaching a hundred books the next month, and we've got a wide variety of authors practitioners, professors and other people that are giving back to the community. And you've got a special package deal that our listeners can take advantage of. for April we did bundle 10 books for cyber 10 books for audit and 10 books for leadership. And those packages are on the website and they provide a very low cost way of getting up to speed on all three important topics.
Almost a 70% discount from the regular price. And these are cybersecurity books written by cybersecurity professionals, right? Absolutely. Yeah, absolutely. Now there are some professors that do ongoing research and have written many books in the infosecurity space. If you do a Google search on security, audit and leadership the series will pop up and my contact information is on the website. Great. And for those, looking for a bit of a bargain in cybersecurity and catching up check it out.
Hackers hit two large British retailers. Apple issue spyware alerts to users in 100 countries. A fake security tool opens back doors in WordPress and a group of cybersecurity professionals issues an open letter in support of Chris Krebs. This is Cybersecurity today. I'm your host, Jim Love. Two major UK retailers are under Digital Siege.
The co-op, a large British cooperative that operates over 2,400 stores, has triggered a company-wide security lockdown following a cyber attack, while iconic retailer marks and Spencers is dealing with a full blown ransomware breach now under police investigation co-op staff have been ordered to keep their cameras on during video calls. Verify all attendees and avoid recording or transcribing meetings. VPN access from home has been shut off completely.
Employees now have to go to a co-op location to access core systems. Security consultant, Jen Ellis told the BBC. The internal email suggests co-op fears hackers may already be inside in her words. Reminding employees to keep their cameras on during conference calls is one way of enabling work to continue while ensuring that everyone. Is really who they claim to be and no one unexpected is participating in calls.
Meanwhile, marks and Spencer's has pulled all job ads from its website and some stores are reporting empty shelves. The company is recovering from a ransomware attack using the Dragon Force Service. That attack is believed to be linked to Scattered Spider. The same group responsible for hacking MGM Resorts and Transport for London.
The Metropolitan Police Cyber Unit is now investigating the Mark's and Spencer's incident, and the UK's National Cybersecurity Center has issued a broader warning to other retailers, but says there's no evidence yet that the sector is being directly targeted. For now, both companies insist they've taken proactive steps, but behind the scenes it's clear this is a serious and ongoing digital threat.
Apple has notified iPhone users across 100 countries about targeted mercenary spyware attacks, urging recipients to take the threat seriously. The company emphasized that these sophisticated attacks are aimed at individuals based on their identity or occupation in its threat notification Apple states, apple detected that you were being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple id.
This attack is likely targeting you specifically because of who you are or what you do. Among those who have publicly acknowledged receiving the alert is Italian journalist Cyro Pellegrino, who works for the Investigative Outlet Fan Page. He reported receiving both an email and an iMessage notification from Apple indicating that he was not the only individual targeted. Another recipient is Dutch commentator Eva Vlaardingerbroek, who shared her experience on social media.
Apple's threat notifications are part of its ongoing efforts to inform and assist users who may have been individually targeted by mercenary spyware attacks. These attacks are notably complex and costly, often associated with state actors or private companies developing spyware on their behalf, such as the NSO group's, Pegasus software. Apple's advisory page notes that if Apple detects activity consistent with a mercenary spyware attack, they will notify the targeted users in one of two ways.
a threat notification is displayed at the top of the page after the user signs into account.apple.com, and Apple sends an email and an iMessage notification to the email addresses and phone numbers associated with a user's Apple account. These notifications provide additional steps that notified users can take to help protect their devices, including enabling lockdown mode.
Apple notes that its staff will never ask users to click on links, install apps, or provide any information over the phone to verify that a warning is genuine. They recommend logging into account.apple.com. And additionally, apple recommends seeking expert advice such as contacting the digital security helpline provided by the nonprofit Access.
Now, Apple has been issuing such notifications since 2021 and to date users in over 150 countries have been alerted to potential mercenary spyware attacks.
A malicious WordPress plugin masquerading as a security tool has been discovered, injecting back doors into websites, granting attackers unauthorized access and control According to a report by Bleeping computer, the plugin named WP Anti-Malware Bot PHP is part of a broader malware campaign targeting WordPress sites Once installed, it provides attackers with persistent access, remote code execution capabilities, and the ability to inject malicious JavaScript into site pages.
The malware operates stealthily by hiding from the plugin dashboard and reactivating itself if deleted. It achieves this by modifying the WP dash cron dot PhP file, which recreates and reactivates the malicious plugin upon site visits. Wordfence researchers first identified the malware during a site cleanup in January, 2025. They noted that the plugin registers.
An unauthenticated custom rest API route allowing attackers to insert arbitrary PHP code into active theme files and perform other malicious actions, the command and control server associated with this malware is located in Cyprus, and the campaign shares similarities with a supply chain attack from July, 2024.
The recommendations for WordPress site administrators are to inspect the WP dash cr, do PHP and header PHP files for any unauthorized modifications, Monitor access logs for suspicious parameters like emergency underscore login and check underscore plugin, Regularly update all plugins and themes to their latest versions. Implement strong authentication measures including two-factor authentication, and of course utilize reputable security plugins and services to scan for vulnerabilities.
A coalition of cybersecurity professionals and organizations, including the Electronic Frontier Foundation, has issued an open letter urging President Donald Trump to cease his ongoing investigation into former cybersecurity and infrastructure security agency, director. Chris Krebs, the letter contends that the president's actions amount to political retaliation undermining both national security and the integrity of the cybersecurity profession.
The signatories express concerns that targeting Krebs and his most recent employer, cybersecurity firms, Sentinel One, sets a dangerous precedent. They argue that such actions signal to cybersecurity professionals that presenting findings contrary to political narratives could jeopardize their careers.
The letter states by placing Krebs and Sentinel one in the crosshairs, the President is signaling that cybersecurity professionals whose findings do not align with his narrative risk, having their businesses and livelihoods subjected to spurious and retaliatory targeting. The controversy stems from Krebs dismissal in 2020 after he publicly refuted claims of widespread electoral fraud in the presidential election, asserting it was one of the most secure in American history.
In April, 2025, the White House issued a memorandum ordering a criminal investigation into Krebs, accusing him of abusing his role at CSA to conceal evidence of election rigging and alleging collusion with social media companies to suppress dissenting views during the COVID-19 pandemic. The memo also revoked security clearances for both Krebs and Sentinel one. Krebs global entry privileges, which allow easier clearance at airports for international travel have also been revoked.
In response to these developments, Krebs resigned from his position at Sentinel One stating that he needed to focus entirely on addressing the challenges posed by the investigation. The open letter concludes by underscoring the importance of an independent cybersecurity community. An independent InfoSec community is fundamental to protecting our democracy and to the profession itself.
It is only by allowing us to do our jobs and report truthfully on systems in an impartial and factual way without fear of political retribution, that we can hope to secure those systems. Now while this letter's a step forward, at least when we reviewed it, not one large security company was willing to step forward.
And while this isn't an indictment of those companies who have a duty to their shareholders, it does note that the US government may no longer have any independent objective advisors operating in cybersecurity. The motto of the Washington Post itself criticized for knuckling under the government pressure was democracy dies in darkness, potentially so does cybersecurity, and that's our show this weekend.
We have our roving correspondent, David Shipley, who will take us all through the B side and RSA shows. If you couldn't make it to those shows, join us Saturday morning or whenever you listen to long form podcasts. I'm your host, Jim Love. Thanks for listening.