Cyber Tech Cafe

This is why we talk about "pattern recognition" more than we talk about "alerts."

In 2015, security researchers found thousands of gas station tank gauges exposed to the internet—no passwords, no firewalls, just sitting there. We flagged it. Talked about it. Moved on.

Last week? Iranian hackers hit those exact same systems. It took us minutes to recognize it because we'd been tracking the landscape for a decade.

Staying invested in this stuff matters. Full post here:

Pattern Recognition: How Staying Invested Turned a Decade-Old Warning Into Actionable Intelligence – Cyber Tech Cafe Pattern Recognition: How Staying Invested Turned a Decade-Old Warning Into Actionable Intelligence Jun, Thu, 2026 nathan Industry News , IT Nightmare , Tech news In January 2015, Rapid7 published research on a vulnerability that now reads like prophecy—unless you were paying attention then. HD Moo...

A city’s water system was hacked this week. Not by fancy malware or zero-days—but because a former employee's account was still active months after they left.

"Zombie accounts" are more common than you think. Most businesses don't have a formal offboarding process. They have a sticky note that says "tell IT sometime."

At CTC, we work with our clients to understand and document their onboarding and offboarding processes so that, when the time comes, all the client has to remember is to submit the request and we handle and document all of the details behind the scenes. Not only is the work done, it's done consistently each time and it's documented.

If your offboarding process lives in someone's memory instead of a system, let's talk.

Source: The Register — "Zombie user account let hackers control the city's water"

Zombie user account let hackers control the city’s water Failing to disable a former employee’s account was a huge mistake

1️⃣ "Reaper" macOS Malware
A new stealer targets Mac users—harvests passwords, crypto wallets, and installs backdoors. Clever twist: it spoofs Apple, Microsoft, and Google domains to look legit.

2️⃣ npm Supply Chain Attacks
The "Shai-Hulud" worm is poisoning JavaScript libraries through compromised GitHub Actions caches. Popular dev tools like TanStack are getting hit.

The Pattern? Both exploit trust in familiar brands and automated update systems.

🔗 Sources:
- The Register (Reaper): https://www.theregister.com/security/2026/05/19/do-fear-the-reaper-stealer-swipers-macos-users-passwords-wallets-then-backdoors-them/
- The Register (Shai-Hulud): https://www.theregister.com/cyber-crime/2026/05/18/shai-hulud-copycat-hits-another-npm-package/

How MyIT Helps:
Proactive patch management isn't just about Windows updates anymore. We monitor hundreds of third party applications, drivers, MacOS security configs, and supply chain risks before they hit your endpoints.

---

Send a message to learn more