Last Week in Cybersecurity: Why These Breaches Should Have You Asking “What If It Were Us?

The headlines may sound familiar:

• Chinese spies had year-long access to US tech and legal firms

• Akira ransomware bypassed MFA to breach SonicWall VPNs

• A first-ever malicious MCP server was discovered stealing emails via AI agents

• New vulnerabilities in Cisco ASA and Firepower devices prompted a CISA directive

• TransUnion faces a class-action lawsuit after

exposing the PII of 4.4M consumers

• Volvo joins Bridgestone and others disclosing sensitive data leaks

Individually, these may feel like just another round of news. But taken together, they paint a troubling picture of how attackers continue to outpace our defenses, and why every organization should pause and ask: What if this were us?

Why it Matters

1. Supply chain trust is fragile – From law firms to consumer credit giants, attackers are targeting the very services organizations rely on daily. If your outside counsel, credit bureau, or technology provider is compromised, your business may be indirectly exposed.

2. Old weaknesses are still in play – Cisco device flaws and SonicWall VPN bypasses remind us that attackers continue to exploit well-known enterprise tools, often where patching or monitoring lags.

3. Attackers are innovating – The malicious MCP server leveraging AI agents signals a shift. Threat actors are experimenting with AI not only to accelerate attacks, but to make them stealthier.

The Similarities Across These Breaches

• Persistence: Whether it’s Chinese espionage campaigns or ransomware actors, they

  establish long-term access.

• Exploiting trust: Legal firms, VPNs, financial services, Auto Industry — all are trusted access points that attackers weaponize.

• Targeting data and identity: From PII to stolen credentials, data remains the crown jewel, fueling both espionage and cybercrime.

Customers should be alert to unexpected MFA prompts or VPN access anomalies, emails routed through unusual servers, vendor or partner communications that feel “off,” and even regulatory notices or lawsuits tied to providers they rely on. These are all subtle signs that something may already be wrong.

Attackers are patient, resourceful, and opportunistic. They adapt faster than most organizations can patch, and they know that breaching a single vendor can open doors to hundreds of downstream victims.

So here’s the hard question: if a breach hit one of your core service providers tomorrow, would you know? Would your team catch it before the damage was done? Or would you only learn when a regulator, journalist, or lawsuit exposed it to the world?

This is the moment to evaluate your own exposure. Do you rely on any of the same services or technologies that have recently been compromised? Do you have visibility inside your network after an attacker slips past the perimeter?

The ABBI Phase™ (After Breach, Before Impact) is where most organizations lose visibility. That unGUARDED SPACE™ inside the network is where today’s attackers thrive. It’s time to rethink security, not just at the edge, but across the services and partners you depend on.

What’s your take? Do you believe these incidents show a failure of technology, or a failure of collaboration across industries?