Checklist 434: OS Updates and City Under Cyberattack

August 1, 2025 • 5 min read

St. Paul Hit by Coordinated Cyberattack

A major cyberattack has paralyzed key digital infrastructure across the City of St. Paul, affecting libraries, municipal services, and payment systems. The city declared a state of emergency following the attack, which Mayor Melvin Carter described as a “deliberate, coordinated digital attack” by a “sophisticated external actor.”

The disruption was first noticed earlier this week, reportedly before any national outlets picked it up — thanks to a firsthand account from a librarian on the ground in St. Paul. Since the onset of the incident, all 13 city libraries and a mobile library have been without internet, computers, scanning, printing, or access to electronic catalogs. This has rendered many core library functions inoperable.

The city’s website remains accessible, but displays a prominent warning banner reading: “The City of Saint Paul is responding to a digital security incident.” While emergency services, including 911, remain operational, the city’s online payment systems for services such as water and sewer have been taken offline. The city assured residents that “no late fees will be assessed during this period.”

Beyond libraries, the outage extends to municipal buildings, including City Hall, recreation centers, and various departments relying on computer systems. According to the Minnesota Star Tribune, the scope of the incident includes:

No Wi-Fi or internet access at City Hall
Disabled online payment systems
Shutdown of many internal city systems to contain the damage

While the city has not disclosed whether a ransom was demanded, Mayor Carter confirmed that the FBI is leading the investigation. The city is also working with state agencies and two private cybersecurity firms. In an unusual but increasingly necessary move, Governor Tim Walz deployed the Minnesota National Guard’s cyber forces to assist in response efforts.

“We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,” said Governor Walz. “The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts.”

Concerns over compromised data remain. Mayor Carter warned city employees that their personal information may have been exposed, advising them to change both work and personal account passwords. Officials have said they don’t believe much resident data is at risk, noting that the city stores relatively little personal information. Still, no definitive statement has been made.

The city has no timeline for restoring online services, according to the Star Tribune. State cybersecurity officials are using the incident as a teachable moment, emphasizing the importance of strong, unique passwords and multifactor authentication.

“Cybersecurity breaches are not a matter of if, but when…”

For now, St. Paul residents are left dealing with the fallout — from offline services to potentially compromised data — while investigators work to determine the source and full scope of the attack.

iOS 26 Message Filtering Sparks Political Backlash Amid Major Apple Security Updates

Apple’s upcoming iOS 26 has ignited political tensions over a new spam-filtering feature aimed at reducing smishing scams — but one U.S. political party claims it could also cost them hundreds of millions in lost donations.

According to reporting from AppleInsider, the new Messages app in iOS 26 introduces categories like Messages, Unknown Senders, Spam, and Recently Deleted. Messages from unknown senders, including those from political fundraising organizations, will be routed to the “Unknown” inbox without notifications or badges — effectively silencing many political text campaigns.

A letter shared by Punchbowl News and highlighted by Daring Fireball, originating from one political party’s fundraising arm, claims the change could result in $500 million in lost fundraising revenue. The letter reads:

“Unless that person has already replied, our message is silently sent to the ‘Unknown’ inbox. No ping, no badge, just buried in an inbox few people ever check.”

While the concern focuses on fundraising disruption, Apple’s intent appears centered on consumer protection. As discussed on the SecureMac podcast, unsolicited messages — a primary vector for phishing attacks — are a major cybersecurity threat. SecureMac CTO Israel Torres described such messaging as “a dangerous playground that should be avoided at all costs.”

Apple is not preventing users from receiving political texts; rather, message categorization is enabled by default, but can be disabled manually. Still, the political fundraiser is urging its allies to “push back” before iOS 26 rolls out in under two months. So far, Apple has not responded to these appeals.

“Saying that the change in iOS 26 is a problem to be fought, when the real fight is against scammers?”… “I thought politicians were supposed to serve the public, not serve them up.”

Apple Releases Security-Heavy Updates Across All Platforms

While political pushback brews over iOS 26, Apple has already rolled out a wave of updates to current operating systems focused on security, stability, and EU compliance. According to MacRumors, the following updates were released:

iOS & iPadOS 18.6 – 24 security fixes, including a Photos bug preventing memory movie sharing
macOS Sequoia 15.6 – A staggering 81 security patches
watchOS 11.6 – 17 security fixes
tvOS 18.6 – 19 security fixes
visionOS 2.6 – 19 security fixes
HomePod Firmware Update – Delivered alongside tvOS update

Notably, iOS and iPadOS 18.6 also bring compliance changes for EU users, including new interfaces for installing alternative app marketplaces or apps from developers’ websites.

Older systems also received updates, including: