On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through:

• Israeli “hacktivists” take out an Iranian state-owned bank
• Scattered-spider and friends pivot into attacking insurers
• Securing identities in a cloud-first world keeps us awake at night
• Microsoft takes the “aas” out of SaaS for Europe, leaving us with just software!
• An AI prompt injection into M365 exfils corporate data

This week’s episode is sponsored by Kroll’s Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks.

Show Notes:

Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop https://cyberscoop.com/iran-bank-sepah-cyberattack/.

Iran orders officials to ditch connected devices https://www.politico.eu/article/iran-orders-officials-to-ditch-connected-devices/

Heightened Cyberthreat Amidst Israel-Iran Conflict https://www.radware.com/getattachment/072a3d01-ad06-4070-99bc-1162d7d05906/Threat-Alert-Heightened-Cyberthreat-Amidst-Israel-Iran-Conflict.pdf.aspx

Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive https://www.cybersecuritydive.com/news/threat-group-linked-to-uk-us-retail-attacks-now-targeting-insurance-indust/750870/

Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica https://arstechnica.com/security/2025/06/apple-previews-new-import-export-feature-to-make-passkeys-more-interoperable/

Cyberattack on Washington Post Compromises Email Accounts of Journalists https://www.wsj.com/tech/cybersecurity/cyberattack-on-washington-post-compromises-email-accounts-of-journalists-70bf1300

Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News https://therecord.media/keir-giles-russia-researcher-email-hacked

A good one to talk to Chris about: https://blogs.microsoft.com/blog/2025/06/16/announcing-comprehensive-sovereign-solutions-empowering-european-organizations/

Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot https://www.aim.security/lp/aim-labs-echoleak-blogpost

CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive https://www.cybersecuritydive.com/news/simplehelp-vulnerabilities-cisa-warning/750676/

Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News https://therecord.media/unfi-groceries-supplier-cyberattack-update

Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News https://therecord.media/yes24-south-korea-ransomware-attack

Advisory: Cybersecurity incident https://www.westjet.com/en-ca/news/2025/advisory–cybersecurity-incident-