Security News Bites for June 13, 2025

TLS Certificate Lifetimes Will Officially Reduce to 47 Days

If you are responsible for a website, this applies to you. TLS certificates, the tech behind making HTTPS:// work on your website, has been changing over the years. A website owner used to be able to buy a certificate and it would be valid for 10 years. But certificates do get compromised by hackers and there is no realistic way to revoke compromised certificates. So over the years, the people in charge, the CAB Forum, reduced the maximum allowed lifetime from 10 years to 7 years, then to 3 years, then to 1 year and now, likely starting next year, to 47 days. If your website provides a expiration date more than one year now, soon 47 days, the web site will not load in the user’s browser. Needless to say, this will be a problem for you. This makes the problem of hackers compromising a web site’s certificate much less of a problem, but it creates a bigger problem for the web site owner to manage it. If you need assistance, please contact us. Credit: Digicert

Move Fast, Break Things

A bug dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables hackers to steal sensitive data from Microsoft 365 copilot without the user’s knowing or interacting with it. It would allow the attacker to steal anything you shared with Copilot. Luckily, the cloud is our friend in this case and Microsoft was able to fix the problem also with zero user interaction, AKA by fixing their servers. Assume this is the first of many. Credit: Bleeping Computer

How Does China Use AI in the Attack Chain?

We use AI every day; it makes our business more efficient. The same is true for China. Given that it is ‘business as usual’ for them, and they have hundreds of thousands of hackers working for them, you might say do they need to be more efficient. The answer is that there is always more to hack. For example, has your business been compromised this week? That is a new opportunity for China. The FBI says they (China) use AI to create fake business profiles at scale; to create more believable spear-phishing messages in social media, stuff like that. Once they break into a network, it helps them map the insides of the network more efficiently. They also use it to make deep fake videos of your boss asking you to wire money. See what else the FBI has to say about AI and China. Credit: The Register

86 Percent of Global Companies ADMITTED to Paying Ransom After Attack

If you ever wondered why ransomware is still a thing, this is the reason. Despite an explosion in cybersecurity tools and awareness campaigns, organizations around the world are still surrendering to ransomware attackers at an alarming rate. According to new research from Rubrik Zero Labs, 86% of organizations globally admitted to paying ransom demands following a cyberattack in the past year — a figure that underscores a harsh reality: recovery, not prevention, is where most defenses still crumble. If you need help with this, contact us. Credit: CSO Online

Ransomware Attacks on Food and Agriculture Doubled in 2025

Based on data collected from a variety of sources, the food and ag industry saw 84 cyber attacks in the first quarter of this year which is more than double the number seen in the first quarter of last year. Just this month mega-food-distributer UNFI was hit by a cyberattack. As a result, store shelves in places like Target, Walmart and Whole Foods were a lot emptier this week. While many of the attacks like UNFI are high profile, many are never even reported. That means the number of attacks is probably much higher than we know. Credit: The Record

by