Five for Friday: 27 June 2025

Sherpa Intelligence: Your Guide Up a Mountain of Information!

Check out these five Information Security and Data Privacy news items from this past week that may have been overlooked.

The countdown to the weekend begins with 5-4-Friday!

---

Monday, June 23 - Friday, June 27

---

---

More from Sherpa Intelligence: Click the image below to read my guest blog post for the THOR Collective Dispatch here on Substack! Don’t Let Mis(s) Information Take the Crown is about applying the Intelligence Cycle to your OSINT news gathering initiatives, for Threat Hunters and everyone!

Click image to read article.

---

Get Sherpa Intelligence for customized research, reports, and news monitoring.

---

Monday, June 23rd

1. Iran-Linked Threat Actors Leak Visitors and Athletes' Data from Saudi Games
   (Resecurity)
   - The threat actors associated with the "Cyber Fattah" movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom of Saudi Arabia.

2. New State Privacy and Minor Social Media Laws to Become Effective in July
   (Covington)
   - A number of previously enacted laws related to privacy and minors’ use of social media platforms will enter into force in July 2025. These laws include comprehensive privacy frameworks in Tennessee and Minnesota, as well as laws governing the use of social media platforms by minors in Georgia and Louisiana.

---

Tuesday, June 24th

1. New York Legislature Passes Sweeping AI Safety Legislation
   (Covington)
   - The New York legislature passed the Responsible AI Safety & Education (“RAISE”) Act, aiming to establish safeguards, reporting, and disclosure requirements for developers of frontier AI models. If signed by Governor Kathy Hochul, this bill would make New York the first state to enact such public safety regulations, imposing significant fines on non-compliant model developers.

2. INTERPOL confirms Africa cyber-crime surge
   (African Law & Business)
   - INTERPOL has confirmed spiking rates of cyber-crime across Africa in its latest Africa Cyberthreat Assessment Report. Published 23 June, the agency confirmed that cyber-crime accounted for over 30% of all crime reported in Eastern and Western Africa, with 90% of countries requiring a significant upgrade in law enforcement and prosecution capabilities.

---

Wednesday, June 25th

1. Bridewell report indicates rise in lone wolf ransomware actors
   (IT Security Guru)
   - The rise of lone-wolf actors, or individual affiliates or cybercriminals operating independently; these actors often rely on leaked RaaS source code or publicly available tools to mount ransomware operations without the need for an established group. This trend is partly driven by a lack of trust in larger operations due to the risk of exit scams, where affiliates are denied their share of ransom proceeds.

2. Short-term extension of expiring cyber information-sharing law could be on the table
   (CyberScoop)
   - The 2015 Cybersecurity Information Sharing Act, which provided legal safeguards for companies to share threat data, is due to sunset at the end of September, and Congress doesn’t tend to work much in August.

---

Thursday, June 26th

1. Hand and Glove: How Authoritarian Cyber ​​Operations Leverage Non-state Capabilities - An Integrated Understanding of Both Is Required to Recalibrate Political and Legal Responses
   (German Institute for International and Security Affairs)
   Note: Article is in German
   - Authoritarian states are increasingly leveraging non-state cyber capabilities to expand their operational reach, thereby challenging conventional distinctions between state and non-state activity. This practice complicates attribution and presents obstacles for coordinated international responses. Furthermore, as cyber threats become more complex and entangled, effective countermeasures require enhanced information sharing, trusted partnerships and the development of response tools that function independently of political attribution.

2. Connecticut Legislature Amends Its Privacy Statute
   (Covington)
   - On June 24, 2025, the Connecticut governor signed SB 1295, which amends the state’s comprehensive privacy statute, the Connecticut Data Privacy Act (“CTDPA”). SB 1295 takes effect on July 1, 2026. SB 1295 makes a number of changes to the CTDPA. Some of these changes make edits that reflect requirements in other state privacy statutes.

---

Friday, June 27th

1. Cyber Command and Coast Guard establish task force for port cyber defence
   (Geneva Internet Platform DigWatch)
   - U.S. Cyber Command and the Coast Guard established a joint task force during a major exercise to simulate coordinated cyber defence of multiple U.S. ports under attack.

2. How to protect your farm from cyber threats
   (Farm Progress - Dakota Farmer)
   - Agriculture is particularly vulnerable to cyber breaches for a number of reasons. Farmers need to understand that anything and everything they have connected to the internet is vulnerable to hacking.

---