Intro Snapshot
Today’s stories illuminate the erosion of trust across foundational layers — from trusted vendors and cloud services to user credentials. The adversary’s playbook thrives not on stealth, but on becoming integral, invisible, and persistent in our fabric of operations.
1. CPCSC Compliance Looms for Canadian Defense Contractors
Full URL: https://www.cyberdefensemagazine.com/what-canadian-defense-contractors-need-to-know-about-the-cpcsc/
Canada is rolling out the Canadian Program for Cyber Security Certification (CPCSC), modeled on NIST 800-171/172, targeting contractors handling Controlled Unclassified Information. Requirements include tiered certification levels and third-party validation — tightening security across the defense supply chain.
2. Bridgestone Americas Victim of Cyberattack via Legacy IT
Full URL: https://www.darkreading.com/cyberattacks-data-breaches/bridgestone-americas-cyberattack
Bridgestone Americas reported a cyber incident traced to aging IT infrastructure within a subsidiary. While details remain limited, the disruption impacted tire inventory systems and stress-tested business continuity frameworks. (Note: exact URL details pending.)
3. ISC2 Offers New DFIR Certificate to Fill Skills Void
Full URL: https://www.darkreading.com/cybersecurity-careers/isc2-aims-to-bridge-dfir-skill-gap-with-new-certificate
ISC2 launched the Threat Handling Foundations Certificate series — spanning digital forensics, incident response, and threat hunting — as a response to a 60% reported DFIR skill gap among cybersecurity teams.
4. Sitecore Zero-Day ViewState RCE in Active Exploitation
Full URL: https://www.darkreading.com/vulnerabilities-threats/sitecore-zero-day-viewstate-threats
A critical zero-day (CVE-2025-53690) in Sitecore’s ASP.NET ViewState handling enables remote code execution via exposed machine keys. Threat actors have weaponized documented, default keys for targeted RCE campaigns.
5. Lengths of Phishing Empire Use Google & Cloudflare Hosting
Full URL: https://www.darkreading.com/cloud-security/phishing-empire-undetected-google-cloudflare
Deep Specter researchers uncovered a massive, three-year phishing-as-a-service scheme using Google Cloud and Cloudflare hosting, along with hijacked expired domains. The infrastructure impersonates Fortune 500 brands at scale.
6. APT28 Deploys “NotDoor” Outlook Backdoor via DevTunnel Abuse
Full URL: https://thehackernews.com/2025/09/russian-apt28-deploys-notdoor-outlook.html
APT28 is using a side-loaded DLL in Microsoft’s OneDrive agent to deliver a stealthy Outlook VBA backdoor — NotDoor — that listens for keyword triggers, exfiltrates data via email, and leverages Microsoft Dev Tunnels to evade attribution. Highly stealthy and prescient.
Key Takeaways
Supply chain and vendor trust are now risk zones. Whether due to policy compliance like CPCSC or legacy systems, blind trust can be a liability. Skills shortages exacerbate exploitation cycles. DFIR gaps only widen the attack surface—education remains a layer of defense. Default keys and shared infrastructure can be weaponized at scale. Phishing farms and RCEs leverage legitimacy. Attackers increasingly live in plain sight. APT28’s use of dev tunnels shows that visibility doesn’t equal visibility—threat encapsulation is evolving.