Insights

Overview Since mid‑July 2025, there has been a marked increase in Akira ransomware attacks exploiting SonicWall SSL VPN connections. Multiple security research teams, including Arctic Wolf Labs, have observed active exploitation, with incidents frequently tied to devices running unpatched versions of SonicOS. What's Happening Initial vector: Many intrusions begin through unauthorized access to SonicWall SSL VPN accounts, often using locally stored credentials rather than centralized authentication. In nearly every case observed, Multi‑Factor Authentication (MFA) was disabled. Rapid escalation: Once connected, threat actors often move quickly from VPN access to system encryption and data exfiltration within hours. Potential root cause: Evidence suggests exploitation of a SonicWall zero‑day vulnerability (CVE‑2024‑40766), an improper access control flaw in SonicOS affecting Gen 5, Gen 6, and early Gen 7 devices (up to version 7.0.1‑5035). Credential‑based attacks such as brute force have also been noted as possible vectors. Vendor response: SonicWall released patches for CVE‑2024‑40766 in August 2024, later…

What Happened? On July 31, 2025, TechCrunch reported a troubling development: public shared ChatGPT conversations were discoverable through search engines like Google and Bing when indexed from https://chatgpt.com/share links. These conversations had only been made public if users explicitly clicked "Share link" and opted in by enabling a "make this chat discoverable" setting. However, search engines crawled those pages anyway, exposing queries ranging from innocuous recipe ideas to deeply personal job applications and even disturbing content. Why Privacy Took a Hit Search engines index anything publicly posted online. If a page lacks noindex tags or blocking rules, Google & Bing can crawl and cache it-whether or not that was intended. Users may have unknowingly checked the discoverability option, trusting the tool but overlooking downstream exposure risks. OpenAI's Response By August 1, 2025, OpenAI disabled the feature entirely, rolling back the "make discoverable" option. According to Chief Information Security Officer Dane…

Critical Path Security is proud to announce that our own Patrick Kelley will be taking the stage at BSidesAugusta 2025 to deliver a talk that hits at the heart of what it means to work in this industry:"Measuring Fatigue, CPTD, and Burnout in Cybersecurity with the Copenhagen Burnout Inventory." This session will take place October 25 at the Georgia Cyber Center in Augusta, GA, as part of one of the most respected security community events in the Southeast. The cybersecurity industry is a high-pressure environment-endless alerts, late nights, and incident after incident. But there's a cost that's rarely measured or discussed: fatigue, cumulative PTSD, and burnout. These aren't abstract HR terms; they're real conditions that affect our health, our teams, and our ability to keep organizations secure. In this talk, Patrick will explore: Copenhagen Burnout Inventory (CBI): A proven framework for measuring burnout across personal, work, and client-related domains. CPTD…

This past weekend at Calabogie Motorsports Park was a reminder that in both racing and cybersecurity, you can bring your absolute best - but sometimes the unexpected still forces you to adapt. Ryan Vargas and the Critical Path Security #28 team came into the weekend strong, showing impressive pace during practice. Ryan found excellent long-run speed, which translated into a solid qualifying performance, starting P8 for Sunday's race. At the green flag, Ryan quickly settled into seventh, poised for a smart, consistent run. The plan was clear: manage the car, hold position, and be ready to capitalize later in the race. But after 14 laps, the team's race took an unexpected turn - a motor failure ended the day far earlier than planned. While the result wasn't what the team was aiming for, the pace and preparation proved that the #28 has speed to contend. Ryan summed it up best:…