Inside the SOC: Summer’s Not Over, But the Threats Never Took a Break

From our seat monitoring consoles, threat feeds, and incident queues, this summer has been a steady reminder that cybercriminals don’t take vacations. Whether it’s a ransomware actor exploiting a zero-day or a phishing scheme targeting public sector helpdesks, the heat has been turned up across the U.S.—and not just because it’s August.

Here’s what stood out the most in our threat landscape this summer—and what we at InfoSight’s SOC think you should be doing next.

The City of St. Paul Gets Digitally Blitzed

The attack began on July 25, 2025 and was described by officials as a "deliberate, coordinated, digital attack." Public Wi‑Fi, library services, and many city systems were taken offline. Minnesota’s National Guard Cyber Protection Team was activated to assist recovery and defense.

Allianz Life: Data Breach via Third-Party Vendor

On July 16, 2025, a malicious actor accessed a third-party cloud-based CRM, exposing PII of the majority of Allianz Life’s ~1.4 million U.S. customers, including SSNs, names, addresses, and dates of birth. Allianz confirmed that its internal systems were not compromised. The FBI was notified, and identity protection services were offered.

Ransomware Hits Schools in Ridgefield, CT

On July 24, 2025, the Ridgefield Public Schools network detected ransomware activity. As a precaution, the entire network was taken offline and investigators (including law enforcement) were engaged. It remains under investigation whether any personal data was compromised

SharePoint Zero‑Day Exploited by “Warlock” Ransomware Gang

A China-based threat group is actively deploying Warlock ransomware by exploiting vulnerable Microsoft SharePoint servers through the recently patched ToolShell zero-day exploit chain.

In today’s SOC, the biggest threat isn’t just malware—it’s impersonation. When attackers pose as employees to bypass helpdesks and reset credentials, they’re already past your gates. And this summer made one thing painfully clear: across every sector—government, healthcare, education, insurance—threat actors are exploiting people and systems simultaneously.

Cybersecurity is not a “set it and forget it” function. It’s a continuous, high-stakes battle that demands more than just firewalls and patching. It requires layered defenses, vigilant processes, accountable partners, and a workforce that knows what to look for.

“We don’t have the budget” won’t stop a threat actor who doesn’t need your permission—or your funding—to take you offline.

At InfoSight, we’ve got eyes on the wire 24/7. If you need clarity on your risk exposure, help validating controls, or someone to walk you through next steps, we’re here.

Let’s go into fall with tighter defenses, stronger awareness, and fewer surprises.

See you inside the SOC!