The UNFI Cyberattack: How Hackers Disrupted the U.S. Food Supply Chain
In June 2025, United Natural Foods, Inc. (UNFI)—the primary distributor for Whole Foods and tens of thousands of retailers across North America—suffered a major cyberattack that halted deliveries, emptied shelves, and forced core operations offline.The financial damage? Between $350 and $400 million in net sales lost, and up to $60 million in reduced income for fiscal year 2025.In this episode, we break down:What happened during the UNFI cyberattackHow ordering, shipping, and receiving systems were taken downWhy this wasn’t just a business disruption—but a critical infrastructure failureThe pattern of attacks across the food sector, from JBS to Dole to Sam’s ClubThe national security implications of digitally compromised supply chainsWhere cyber insurance, contingency planning, and regulation fall shortWe also compare this incident with the 2020 SolarWinds breach, showing how both attacks exploited software vulnerabilities and disrupted essential services on a massive scale.UNFI’s recovery may be underway, but the larger question remains: Is the U.S. food supply chain prepared for the next attack?
--------
23:30
--------
23:30
Zuckerberg on Trial: The $8 Billion Data Privacy Reckoning
More than five years after the Cambridge Analytica scandal, the legal and financial consequences are still playing out—this time in Delaware’s Chancery Court, where Mark Zuckerberg and Meta executives are being sued by investors seeking over $8 billion in damages.This landmark class-action lawsuit argues that Meta’s leadership knowingly violated a 2012 FTC consent order, misled users and regulators, and failed to prevent the improper sharing of personal data—culminating in the largest privacy fine in U.S. history.In this episode, we explore:The core allegations against Zuckerberg, Sandberg, and othersHow the FTC's 2012 and 2019 orders shaped Meta's legal obligationsWhy investors believe Meta’s disclosures were fraudulentWhat former insiders, including Jeffrey Zients and Yul Kwon, are saying on the standThe broader implications for data privacy governance and board-level accountabilityHow the Supreme Court’s dismissal of Meta’s appeal revived the caseAnd why this trial could redefine what “fiduciary duty” means in the digital ageFrom API loopholes to insider warnings, stock sales, and alleged cover-ups, this case is a referendum on corporate responsibility in the age of surveillance capitalism—and a signal that executive leadership can be held personally liable for privacy failures.
--------
21:28
--------
21:28
Operation Eastwood: Inside the Takedown of NoName057(16)
A major Europol-led crackdown—Operation Eastwood—has disrupted one of the most active pro-Russian hacktivist collectives in Europe: NoName057(16). Known for a relentless barrage of DDoS attacks targeting NATO allies and Ukraine-supporting nations, this ideologically driven group ran a global network powered by gamified recruitment, cryptocurrency incentives, and Telegram coordination.In this episode, we unpack:Who NoName057(16) is—and how their DDoS-for-crypto campaign operatedThe gamification of cyberwarfare, where young sympathizers earn crypto and badges for attacking government targetsHow Operation Eastwood led to arrests, infrastructure takedowns, and international arrest warrantsWhy DDoS remains a go-to weapon for hacktivists and state-aligned cyber actorsThe role of crypto on both sides of the Russia-Ukraine cyber conflict, from donations to evasion to digital mercenariesWhy hacktivist groups are blurring the lines between ideology and cybercrime, and how they're increasingly operating like decentralized ransomware gangsWe also explore the long-term implications:Can law enforcement really stop these groups?What happens when attackers are shielded by national borders or political alignment?And how should defenders prepare for digitally mobilized ideological threats with state-level reach?This is cyberwar by proxy—crowdsourced, monetized, and harder than ever to pin down.
--------
21:17
--------
21:17
Phished and Exposed: What the Co-op Hack Reveals About Retail Cybersecurity
In April 2025, The Co-op—one of the UK’s largest retailers—confirmed a data breach that exposed the personal information of 6.5 million members. No financial data was taken, but the attack hit at the core of trust, with CEO Shirine Khoury-Haq calling it a “personal attack on our members and colleagues.”This wasn’t just a technical failure—it was a masterclass in social engineering, executed by attackers linked to Scattered Spider and DragonForce ransomware. By impersonating staff and manipulating the IT helpdesk, the attackers gained privileged access and exfiltrated password hashes, enabling lateral movement and data theft without ever breaching a firewall.In this episode:How the attackers bypassed defenses using psychological manipulation—not malwareThe role of DragonForce ransomware and why Scattered Spider keeps showing up in major breachesWhy social engineering remains the #1 cause of network compromiseWhat retailers like Co-op and M&S are learning the hard way about helpdesk security, privileged accounts, and digital trustArrests made by the UK’s National Crime Agency and their connection to the MGM Resorts breachWe also dive into the broader context:Why retail is an increasingly high-value targetThe compliance landscape for UK retailers (GDPR, PCI DSS, Cyber Essentials)Critical mitigation strategies: phishing-resistant MFA, ZTNA, PAM, and resilient incident response plansThis is not just about one breach—it’s about how an entire sector can fall to a single phone call.
--------
21:37
--------
21:37
FileFix Attacks Are Here: How Interlock’s Ransomware is Skipping Your Defenses
In this episode, we break down how Interlock, a fast-moving ransomware group launched in late 2024, has evolved from using web injectors and clipboard tricks (like ClickFix) to an even more covert social engineering technique that abuses Windows File Explorer’s address bar to execute malicious code without triggering security prompts or downloads.Key topics include:How FileFix works: The attacker tricks users into pasting a disguised PowerShell command into File Explorer, using a technique that removes the "Mark of the Web" (MOTW) and bypasses antivirus warnings.What makes it dangerous: Unlike traditional phishing, FileFix doesn’t rely on file execution or macros—just one paste and one Enter keystroke.The malware: The payload is a PHP-based Remote Access Trojan (RAT) that establishes persistence, gathers system information, and enables lateral movement and data exfiltration.The bigger picture: With FileFix confirmed in the wild and being actively adopted by Interlock, this attack method is poised to become a popular new vector for a variety of threat actors.We also cover how FileFix fits into a wider ransomware evolution:The shift to double extortion and Ransomware-as-a-Service (RaaS)The increasing use of EDR killers and lateral movement toolsThe importance of breakout time and why 1-10-60 detection rules matter more than everFinally, we close with a call to action: FileFix shows that endpoint compromise doesn’t always start with a download. Organizations must reassess how they handle clipboard input, browser content, and even basic UI trust. Email training is no longer enough—file paths can now be weapons.