Cybersecurity Digest: Law Lapses, Cisco Flaws, Ransomware Surge

Cybersecurity Digest: Law Lapses, Cisco Flaws, Ransomware Surge

Cybersecurity never slows down, and this past week has been especially turbulent. In the United States, the expiration of the Cybersecurity Information Sharing Act has stirred unease. That law gave private firms legal cover to share threat intelligence with the government, which kept information flowing when attacks happened. Now, with no safe harbor, many fear companies will simply go quiet—leaving U.S. defenses fragmented at the worst possible moment, especially as the federal cybersecurity agency itself is squeezed by a budget shutdown.

Hardware vulnerabilities are making matters worse. More than 50,000 Cisco firewalls still sit unpatched against critical flaws that let attackers take full control. Reports link some of the exploitation to China-backed actors, already implanting stealthy bootkits into corporate networks. Emergency directives are out, but urgency doesn’t always equal fast patching—and adversaries know it.

• Databricks Launches Data Intelligence for Cybersecurity
• 55 North Launches €300M Quantum Technology Fund in Denmark
• CyberCube Secures $180 Million Investment from Spectrum Equity
• Axonius CTRL/ACT, October 22–23, 2025, Virtual
• ACA Group Launches Self-Service Cybersecurity SaaS for Financial Services
• Mondoo Secures $17.5M to Scale Agentic Vulnerability Management
• Zania Secures $18 Million Series A to Accelerate Agentic AI for Security GRC
• Cyberstarts Closes $380M Opportunity Fund II to Back Cybersecurity Scale-Ups
• The Agentic SOC: Where AI Workers and Identity Guardrails Redefine Cybersecurity
• Upcoming Cybersecurity Events to Watch in 2025

Ransomware crews are back in the spotlight too. Cl0p, notorious for big-ticket extortion, has pivoted toward Oracle’s E-Business Suite customers, demanding ransoms in the millions. Google warns of related campaigns targeting executives with proof-of-theft screenshots, underscoring how carefully these gangs tailor their pressure tactics. Even schools and nurseries aren’t spared: a UK childcare provider, Kido, was breached, exposing thousands of children’s records. Hackers later claimed to delete the data, but trust rarely recovers once privacy is shattered.

On the policy front, Europe’s Cyber Resilience Act keeps inching closer to enforcement, with strict security requirements for connected products. Open-source developers worry about unintended burdens, but lawmakers are unlikely to roll it back. Meanwhile, a UN treaty on cybercrime is drawing sharp criticism for giving governments sweeping powers without adequate safeguards.

What ties all these threads together is the widening gap between regulation, corporate defenses, and attacker sophistication. While governments debate laws and agencies wrestle with budgets, ransomware operators and state-sponsored hackers simply keep moving. Expect more emergency patches, more headlines, and eventually, a scramble in Washington to replace the expired law with something tougher—probably after another major breach forces the issue.