When the government shut down, the Cybersecurity Information Sharing Act of 2015 expired with it. That law provided liability protections for cyber threat information sharing and underpinned DHS’s Automated Indicator Sharing (AIS) program, which costs about $1M a month to run. Is it worth the cost? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the value of public-private information sharing, the uncertain future of AIS, and how cybersecurity leaders should adapt as visibility gaps emerge. Along the way, they share a real-world story of how information sharing stopped a ransomware attack in its tracks — and what could happen if those pipelines dry up.

Key Takeaways:

• Strengthen threat intelligence pipelines: Don’t rely solely on AIS or your vendor. Ask providers how they source threat intel and diversify feeds.

• Review liability exposure: With CISA expired, safe harbors are gone — consult counsel before sharing.

• Plan for reduced visibility: Run tabletop exercises simulating loss of upstream intel.

• Get proactive about information exchange: Join ISACs, ISAOs, or local peer groups — and contribute, not just consume.

Resources:

• Reuters: Industry groups worry about cyber info-sharing as key U.S. law set to expire

• U.S. Chamber of Commerce: Letter to Congress on CISA 2015

• Baker McKenzie: CISA Liability Protections Terminate — What Legal & Infosec Need to Know

• Cyberside Chats: Executive Order Shockwave: The Future of Cybersecurity Unveiled

#CybersideChats #CISA #CISO #cybersecurity #infosec

Scattered Spider is back in the headlines, with two recent arrests — Thalha Jubair in the UK and a teenager in Nevada — bringing fresh attention to one of the most disruptive cybercriminal crews today. But the real story is in the indictments: they offer a rare inside look at the group’s structure, their victims, and the mistakes that led law enforcement to track them down. In this episode, Sherri Davidoff and Matt Durrin break down what the indictments reveal about Scattered Spider’s tactics, roles, and evolution, and what defenders can learn from these cases.

Key Takeaways:

• Lock down your help desk. Require strong, multi-step verification before resetting accounts, and monitor for suspicious or unusual requests.

• Prepare for ransom decisions. Develop playbooks that model both paying and refusing, so leadership understands the financial and operational tradeoffs before an incident hits.

• Get proactive on insider risk. Teens and early-career workers are being recruited in open forums like Telegram and Discord — build awareness and detection into your insider risk program.

• Pressure-test your MFA. Don’t just roll it out — simulate how attackers might bypass or trick staff into resetting it.

• Educate your team on voice social engineering. Scattered Spider relied on phone-based tactics; training staff to recognize and resist them is critical. (LMG Security offers targeted social engineering training to help your team prepare.)

Resources:

• BleepingComputer: “US charges UK teen over Scattered Spider hacks including US Courts” https://www.bleepingcomputer.com/news/security/uk-arrests-scattered-spider-teens-linked-to-transport-for-london-hack/

• “The Rabbit Hole Beneath the Crypto Couple is Endless” https://www.vice.com/en/article/the-rabbithole-beneath-the-crypto-couple-is-endless

• MGM Breach: A Wake-up Call for Better Social Engineering Training for Employees https://www.lmgsecurity.com/2023-mgm-breach-a-wake-up-call-for-better-social-engineering-training-for-employees/

• DOJ press release on the indictment of five Scattered Spider members (Nov 2024) – https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text

• DOJ press release on UK national Thalha Jubair charged in multiple attacks (Sept 2025) – https://www.justice.gov/opa/pr/united-kingdom-national-charged-connection-multiple-cyber-attacks-including-critical

#cyberattack #cybersecurity #cybercrime #informationsecurity #infosec #databreach #databreaches #ScatteredSpider

What happens when the same AI tools that make coding easier also give cybercriminals new powers? In this episode of Cyberside Chats Live, we explore the rise of “vibe coding” and its darker twin, “vibe hacking.” You’ll learn how AI is reshaping software development, how attackers are turning those vibes into cybercrime, and what it means for the future of security.

Key Takeaways

1. Establish ground rules for AI use
   • Even if you don’t have developers, employees may experiment with AI tools. Set a policy for how (or if) AI can be used for coding, automation, or day-to-day tasks.
   • Make sure staff understand not to paste sensitive data (like credentials or customer info) into AI tools.
2. Strengthen your software supply chain
   • If you rely on vendors or contractors, ask them whether they use AI in their development process and how they vet the resulting code.
   • Request (or create) an inventory of software components and dependencies (SBOMs) so you know what’s inside the software you buy.
   • Stay alert to supply chain risks from open-source code or third-party add-ons.
3. Treat your endpoints like crown jewels
   • Limit what software employees can install, especially IT staff.
   • Provide a safe “sandbox” machine for testing unfamiliar tools instead of using production systems.
   • Apply strong endpoint protection and restrict administrative privileges.
4. Prepare for AI-related incidents
   • Include scenarios where AI is part of the attack, such as compromised development tools, malicious packages, or data fed into rogue AI systems.
   • Plan for vendor incidents, since third-party software providers may be the first link in a compromise.
   • Test these scenarios through tabletop exercises so your team knows how to respond.

References

• Malwarebytes — Claude AI chatbot abused to launch cybercrime spree (Aug 2025): https://www.malwarebytes.com/blog/news/2025/08/claude-ai-chatbot-abused-to-launch-cybercrime-spree

• Trend Micro / Industrial Cyber — EvilAI malware campaign exploits AI-generated code to breach global critical sectors (Aug 2025): https://industrialcyber.co/ransomware/evilai-malware-campaign-exploits-ai-generated-code-to-breach-global-critical-sectors/

• The Hacker News — Cursor AI code editor flaw enables silent code execution on developer systems (Sept 2025): https://thehackernews.com/2025/09/cursor-ai-code-editor-flaw-enables.html

• PCWorld — I saw how an “evil” AI chatbot finds vulnerabilities. It’s as scary as you think (May 2025): https://www.pcworld.com/article/2424205/i-saw-how-an-evil-ai-chatbot-finds-vulnerabilities-its-as-scary-as-you-think.html

#AIhacking #AIcoding #vibehacking #vibecoding #cyberattack #cybersecurity #infosec #informationsecurity #datasecurity