Canary Trap’s Bi-Weekly Cyber Roundup

This bi-weekly roundup covers multiple active cyber threats and related policy guidance: a targeted campaign against Ukraine exploiting CVE-2017-8570 via malicious PPSX to deliver Cobalt Strike, large-scale USPS-themed phishing domains that saw traffic comparable to the legitimate site, CISA guidance for AI in critical infrastructure, the UK’s PSTI Act to curb weak default passwords, Google Privacy Sandbox regulatory concerns, and Honeywell’s report on increasingly sophisticated USB-borne malware targeting industrial/OT environments.