On September 2, a hacker group calling itself the Scattered LapSus Hunters threatened Google with a data leak unless two of its top security experts, namely Austin Larsen and Charles Carmakal, were fired.

The demand, made through the messaging app Telegram, is unusual. Hackers typically threaten companies, not individuals. By naming names, the group has shifted the battle from a corporate fight to a personal one.

Google has not confirmed whether its systems were breached, but the threat alone points to a troubling change in how cybercrime is carried out.

Mr. Larsen and Mr. Carmakal are well-known inside Google’s security ranks. Both work in the Threat Analysis Group, a team that investigates major hacking operations.

Mr. Carmakal, once the chief technology officer at the cybersecurity firm Mandiant before Google bought it, has helped companies respond to some of the most significant data breaches of the last decade.

On the other hand, Mr. Larsen is recognized for his work tracking groups like Scattered Spider, a collective blamed for attacks on airlines, video game makers, and technology firms.

For the hackers, targeting these two men is about more than removing obstacles. It is about making the fight personal, and in doing so, undermining the confidence of the very people responsible for exposing their methods.

The coalition behind the threat appears to be a mix of three groups: Scattered Spider, Lapsu$, and ShinyHunters. Each has a history of bold attacks.

Scattered Spider is known for tricking employees into giving up login details, sometimes by hijacking phone numbers through a technique called SIM swapping. Lapsu$, which gained attention in 2022, broke into companies including Microsoft, Nvidia, and Okta, and often bragged about its successes online. ShinyHunters was behind a 2023 breach of the cloud company Snowflake, which exposed data from hundreds of corporate clients.

In early August, members of these groups began posting under the joint name Scattered LapSus Hunters. On Telegram, they shared stolen information, issued taunts, and made demands.

The channel was later banned, but not before showing how hackers now combine technical skills with intimidation tactics meant to pressure companies into compliance.

The personal targeting of Larsen and Carmakal illustrates how the fight has shifted. Cyberattacks are no longer only about stealing information or disrupting services.

They are now about weakening the people who protect against them, raising the risk of harassment, reputational damage, and personal stress for those on the front lines.

Experts say this new phase of cybercrime means companies must do more than secure their networks. They must also protect their staff.

That could mean limiting how much personal information about employees is publicly available, using stronger authentication for logins, monitoring for leaked data, and offering legal and emotional support when threats arise.

For Google, the demand tests its willingness to stand by its security team. For the wider industry, it marks a turning point. Hackers are no longer only attacking companies. They are naming individuals, bringing a corporate struggle into the personal lives of the people sworn to defend it.

When the FBI issued a public warning in August about Russian hackers abusing a long-known flaw in Cisco devices, the message wasn’t aimed at Wall Street or big tech. It was meant for the kinds of organizations most people rarely notice—local utilities and regional authorities that keep everyday services running and often operate with thin budgets and aging gear. On the same day, Cisco’s threat-intelligence team published technical details that underscored the risk.

The campaign is attributed to a Russian state-sponsored group that security researchers call Static Tundra, which they link to the F.S.B.’s Center 16 unit and to the broader cluster known as Energetic/Berserk Bear. According to US officials and Cisco researchers, the group has spent more than a decade compromising network devices as a beachhead for long-term espionage.

At the center is CVE-2018-0171, a vulnerability in Cisco’s Smart Install feature. Left unpatched, it exposes devices listening on TCP port 4786 and can allow attackers to crash equipment, seize control, or plant code that persists across reboots. Many victims, investigators say, are running end-of-life hardware that never received updates.

The FBI says the actors have recently collected configuration files from thousands of US networking devices tied to critical infrastructure, in some cases modifying settings to enable unauthorized access and reconnaissance. Cisco reports similar activity worldwide, with particular focus on Ukraine and allied countries since the war began.

While the current wave is aimed at data collection and access, the tradecraft echoes earlier router compromises. Investigators have tied the group to historic use of “SYNful Knock,” a stealthy firmware implant first documented in 2015 that gives attackers durable control over Cisco routers.

US agencies and Cisco urge organizations to take basic but often under-resourced steps: apply patches or disable Smart Install, implement phishing-resistant multifactor authentication, segment networks so a single failure doesn’t cascade, and audit internet-facing devices for unexpected changes. For small public agencies with limited staff, those measures can be difficult to sustain—yet they remain the strongest defense.

In mid-July 2025, hackers gained unauthorized access to a cloud-based customer-management system used by Allianz Life Insurance Company of North America. The company disclosed the breach later that month.

The incident ranks as a significant breach at a major US life insurer in recent years, affecting a broad cross-section of the company’s policyholders, financial advisers, and employees.

Company officials said the attackers infiltrated the third-party platform on July 16 and retrieved a large set of personal records. The files contained routine identifiers—names, home and email addresses, phone numbers, and dates of birth—and, in some cases, more sensitive details such as Social Security numbers and tax identification numbers. Security experts note that once such identifiers are exposed, they can be exploited indefinitely for identity theft and fraud.

After identifying the intrusion, Allianz Life reported the breach to the Federal Bureau of Investigation. The company says there is no evidence that its internal corporate systems, including policy administration platforms and network infrastructure, were accessed. Early findings indicate the exposure was confined to a third-party system, though the scale of the incident has drawn scrutiny from regulators and consumer advocates.

By early August, Allianz Life had begun notifying affected individuals and offering 24 months of credit monitoring and identity-protection services at no cost. Consumer advocates caution that the risks can extend well beyond any monitoring period, because Social Security numbers and similar identifiers cannot be replaced or revoked.

Independent researchers, including the breach-reporting service Have I Been Pwned, as reported by SecurityWeek, have verified the scale of the leak and revealed that 72% of exposed email addresses had already appeared in prior breaches. This overlap enables criminals to combine older data with newly exposed details, building fuller profiles of victims that make phishing more persuasive and fraudulent account openings harder to detect.

The Allianz Life case also underscores the growing risk posed by outside vendors in financial services. According to Verizon’s 2025 Data Breach Investigations Report, about 30% of breaches involved third parties. That pattern points to a structural weakness: firms can invest heavily in their own defenses yet remain exposed through partners and contractors on which they rely.

Thus, the attack has renewed calls for stronger oversight of supply-chain partners and wider adoption of Zero Trust security models, which assume that no user or system should be trusted by default. Analysts say these approaches can be costly but remain among the most effective ways to limit the impact of intrusions of this kind.

Allianz Life has filed breach notices with several state attorneys general, including Maine and Washington, and reviews are underway. The case is likely to give added momentum to state privacy measures and to renew calls for a single, nationwide data-security standard.

For Allianz Life, the breach represents not only a technical incident but also a reputational test. Trust sits at the center of life insurance and retirement planning, and a public loss of confidence can carry lasting consequences.

On an August morning in Columbia’s Merriweather District, Governor Wes Moore joined IronCircle executives to cut the ribbon on the company’s new global headquarters. The move from Florida to Howard County is expected to bring more than 200 jobs, and for Maryland officials, it represents another step in shaping the state into a hub for cybersecurity.

The decision to relocate was partly driven by geography because Columbia sits within a short drive of Fort Meade, home to the National Security Agency and U.S. Cyber Command. That proximity, combined with a dense network of contractors and technology firms, has made central Maryland one of the busiest cyber corridors in the country.

With such a concentration of federal agencies and private firms, Maryland has seen a surge in demand for skilled workers. State figures show that more than 24% of information technology job postings in Maryland now require cybersecurity skills.

However, even with starting salaries exceeding $100,000, employers continue to struggle with hiring. Across the United States, workforce trackers estimate that more than half a million cyber jobs were listed over the past year, leaving gaps that affect not just corporations but also schools, hospitals, and even local governments.

IronCircle has built its business model around this shortage through its training platform. It utilizes artificial intelligence to simulate cyberattacks and adjusts the difficulty level based on the learner’s skills. IronCircle claims to bridge the gap between classroom instruction and the speed of real-world threats. From its new Maryland base, the firm plans to expand its workforce and increase opportunities for contractors, instructors, and institutions that already utilize its platform.

For Moore, the relocation aligns with a broader strategy. His administration has directed millions of dollars to community colleges to expand cyber courses, including funding for new training labs. It has also steered money to programs such as Cyber Maryland, which aims to connect schools, businesses, and government agencies in developing the workforce.

State leaders argue that investments like these are already paying off. Maryland has nearly 19,000 information technology businesses, generating about $80 billion in annual output and employing more than 124,000 people. Howard County alone is home to almost 300 cybersecurity firms, a cluster that provides students and professionals with a direct path from training to employment.

James C. Foster, IronCircle’s chief executive, has warned that the gap remains even as training programs multiply and salaries climb. Forster argued that the shortage of cyber talent is “growing by the year,” and with advances in technology continually raising the bar, new demands continue to emerge that even schools and companies struggle to meet.

Artificial Intelligence, for example, illustrates that tension. Although the tool is being used to train workers and strengthen defenses, it is also available to attackers. Britain’s National Cyber Security Centre has cautioned that AI is lowering the barrier for would-be criminals and is likely to drive a rise in ransomware within the next two years.

That dynamic has made workforce development both an economic and a security concern for the state of Maryland. A vacancy can leave a small business, a hospital, or a school system more vulnerable. Filling that role not only brings a paycheck but also adds to the state’s resilience at a time when nearly every part of the economy depends on secure networks.

IronCircle’s new headquarters is one piece of that puzzle. Its presence in Columbia reflects the state’s bet that building the workforce will bring jobs and also strengthen its role in defending against the next wave of digital threats.

Security leaders are rethinking the way they defend their networks. What used to be a system that was built solely on the defensive has evolved into a more proactive approach, with companies choosing to attack themselves first to expose weaknesses.

This “new idea” of securing networks was recently highlighted in a TechRadar Pro analysis that detailed a significant shift in how organizations think about cybersecurity. For decades, cybersecurity networks were built on a defensive approach: create walls, patch systems, and respond when intruders broke through.

Today, as attacks become faster and more sophisticated, many security teams are turning to controlled intrusions through staging their own red team exercises, automating penetration tests, and simulating exploits to determine weaknesses before criminals do.

And this approach is being driven by a new reality—AI.

Cyberattacks have not only grown in number in recent years but also in sophistication, with artificial intelligence powering everything from malware that adapts in real time to phishing emails that look indistinguishable from genuine communication.

While exact figures vary, the damage is rising. For example, average ransomware payments passed the million-dollar mark, more than twice the level of the previous quarter, according to ITPro. Investigators say the surge is less about one-off cases and more about a shift in tactics.

Criminal groups are leaning on AI tools to automate tasks that once slowed them down—writing convincing phishing messages, tailoring malware on the fly, and scaling campaigns that previously required large crews.

The speed and scale made possible by artificial intelligence are what alarm researchers most. They point out that the very tools helping criminals accelerate their operations could just as easily be placed in the hands of defenders. And that tension has led many in the field to call AI a double-edged sword. The same algorithms that allow attackers to scan entire networks for misconfigurations or generate new exploits in minutes can also be used by security teams to probe their own systems with equal intensity.

Academic studies have shown that AI can accelerate the discovery of weaknesses, but most experts caution against overstating precision metrics. What is clear, however, is that AI has collapsed timelines on both sides of the battle.

One instance is that the Cybersecurity and Infrastructure Security Agency has repeatedly encouraged critical infrastructure operators to adopt proactive security practices. In recent advisories, the agency pointed to red team assessments and the testing of AI models under stress as examples of methods that can strengthen resilience.

The Department of Homeland Security even went further in 2024 by publishing AI safety and security guidelines that urged operators to move beyond static defenses and treat cyber readiness as a continuous process.

For many security officers, the shift is not about abandoning traditional safeguards but about changing the timeline. Firewalls, detection systems, and antivirus software remain essential, but they are no longer seen as enough on their own.

The priority is to discover vulnerabilities during a drill, not in the middle of a crisis. The strategy, however, is not without complications. Misconfigured test environments can cause outages, and some organizations worry about blurring the line between a controlled simulation and a real-world breach.

Despite the risks, momentum is building. Analysts and industry experts believe that offensive testing, powered in part by AI, will move steadily into the mainstream. Within a few years, many expect it to be a standard part of security programs across both business and government.

What is emerging is a new kind of playbook. Security teams are no longer content to defend passively. Instead, they are trying to think like their adversaries, act first, and build systems that can withstand the next wave of attacks before it arrives.

A major cyber intrusion has compromised critical systems used by the US federal courts, disrupting operations in multiple districts and raising fears of potential exposure of sensitive case records. The breach, which was publicly confirmed by the Administrative Office of the US Courts (AO) on Aug. 7, affected the judiciary’s two primary digital platforms: the Case Management/Electronic Case Files (CM/ECF) system and PACER—two essential portals responsible for providing public access to court filings.

According to officials familiar with the matter, the attack was detected in early July and is now under investigation by the Department of Justice, the Department of Homeland Security, and other federal partners. While the AO did not describe the incident as a complete shutdown, several courts have taken portions of their filing systems offline as a precaution. Some sensitive filings are being handled outside of the electronic system entirely.

The AO called the incident a “serious compromise” of judicial infrastructure, one that prompted immediate steps to limit access and strengthen security protocols. The move follows years of warnings from the Government Accountability Office and judiciary officials that the courts’ digital systems (which were built decades ago) are increasingly vulnerable to sophisticated cyber threats.

Federal agencies have not yet confirmed who was responsible. A recent update, however, revealed that investigators are examining whether the breach is linked to Russian-affiliated hacking groups due to similarities with previous espionage campaigns. But officials stress that attribution remains preliminary, and it could take months before they know the full scope of the attack or whether any sealed or classified materials were taken.

What is clear, however, is that any leak of confidential case records could have far-reaching consequences. This might include exposure of sealed filings that could jeopardize active law enforcement operations, reveal the identities of confidential informants, or be used to intimidate witnesses.

In Washington, the incident has triggered calls for accountability and reform. Members of Congress, already briefed on the breach in late July, have requested classified follow-ups and are pressing for public hearings. Lawmakers from both parties say the episode underscores the judiciary’s chronic underinvestment in cybersecurity.

CISA, the Cybersecurity and Infrastructure Security Agency within DHS, is sharing threat information and technical guidance with the judiciary as the investigation unfolds. Forensic teams are combing through compromised networks to determine how the attackers gained access and whether they altered or removed records.

However, restoring secure, nationwide digital access will not be quick. Officials say the process will unfold in phases, beginning with hardening existing systems and expanding protections for high-risk cases.

For the judiciary, which has long operated with far less cybersecurity attention than executive branch agencies, the breach marks a sobering shift. The courts, once considered a lower-priority target for foreign adversaries, are now firmly in the crosshairs.

And for a democracy built on the rule of law, the warning is plain: safeguarding the integrity of judicial records is no less critical than protecting the ballot box.