Good morning, Security Gang!
Broadcasting from Tel Aviv today—afternoon espresso swapped for some Mediterranean sun and a bomb shelter on standby (yes, really). After a quick travel detour Monday, we're back and rolling into a packed Tuesday, July 15th episode that’s equal parts infuriating and fascinating. Let's dig in:
🧠 James Azar's CISO Take:
So many of today’s stories echo one big theme — we keep trusting broken systems. Whether it's a chatbot login secured by “123456,” or train signaling tech that hasn’t been patched in over a decade, we’re letting legacy negligence compound risk. Security isn’t just about tech; it’s about expectations. We assume people will patch. We assume vendors build secure defaults. We assume AI understands our intent. Reality check: They don’t.
And here’s the kicker — threat actors aren’t inventing magic. They’re walking through open doors. From FTP flaws to fake journalists, most of today’s exploits rely on abusing trust. That’s the real battlefield. And the companies who will thrive in this new era? They’re the ones who start treating trust like a vulnerability — and design their defenses accordingly.
🔧 NVIDIA GPU Rowhammer Warning
NVIDIA users beware: new research out of the University of Toronto shows Rowhammer attacks can now target GDDR6 memory in high-end GPUs like the RTX A6000. The attackers can induce bit flips and degrade ML model accuracy—yes, you read that right: flipping bits to sabotage AI. Mitigation guidance is now available at cyberhubpodcast.com.
“This is where hardware vulnerabilities and AI sabotage collide — and it’s not theoretical anymore.” James Azar
🛍️ Belk Breach: DragonForce Strikes Again
Department store chain Belk confirmed a ransomware attack from DragonForce. The breach (May 7–11) exposed Social Security numbers and PII. DragonForce posted Belk on its leak site, suggesting ransom negotiations failed. Credit monitoring and identity theft insurance (for a year) were offered — but good luck making that payout stick after 12 months.
👜 Louis Vuitton Breach Across Borders
The luxury brand notified customers in Turkey, the UK, and South Korea of a breach. Contact info and customer details were compromised, but no financial data. The delay in detecting the breach (a month) means attackers had plenty of time to browse designer data.
🍟 123456—The McDonald’s Chatbot Breach
Researchers found a jaw-dropping vulnerability in McHire, McDonald’s chatbot platform powered by Paradox.ai. A test franchise was using “123456” as both the username and password. That led to the exposure of chat transcripts from 64 million applicants. The flaw: insecure direct object reference (IDOR). The fix? Basic authentication hygiene. Oof.
“One, two, three, four, five, six — comes to catch you all over again.” James Azar
💰 GMX Crypto Heist Ends with a Bounty
GMX was robbed of $42M — but the attacker returned the funds in exchange for a $5M “thank you” bounty and a promise not to pursue charges. Sound familiar? Mango Markets tried the same with Abraham Eisenberg, who was still prosecuted anyway. Lesson: don’t count on legal immunity when it comes to bounty negotiations.
📂 Wing FTP 0-Day Under Active Exploit
CISA added a CVE to its KEV list involving Wing FTP with a 10.0 CVSS score. Used by the Air Force, Reuters, and others, it allows full compromise. Huntress observed live exploitation on July 1. CISA has ordered all agencies to patch by August 4. If Jamie Levy says patch it, PATCH IT.
✉️ Gemini AI Summarizer Becomes an Attack Vector
Researchers exploited Google’s Gemini to summarize emails using invisible HTML/CSS instructions. This “indirect prompt injection” makes Gemini generate phishing content in plain sight — without a link or attachment. Invisible ink is back, now in zero-font.
🚂 Train Brake CVE Could Derail Systems
A 13-year-old protocol vulnerability (CVE-2025-1727) lets attackers remotely trigger train braking systems. Originally disclosed at DEF CON 2018, it’s still unpatched, and replacement systems won’t be ready until 2027. Reruns of Ohio 2023, anyone?
"Mind you, this was discovered in 2018, presented at DEF CON in 2018, and they may have discovered the flaw in 2012 - it's 2025 and they say 2027 at the earliest. We all know what happened in Ohio with train derailments and the damage to communities." - James Azar on the 13-year-old train vulnerability timeline
🪓 Interlock RAT Uses New ‘FileFix’ Attack
Interlock is evolving — shifting to a ‘FileFix’ variation of the infamous click-fix technique. A fake CAPTCHA loads a malicious PowerShell script that delivers a Node.js-based RAT. Prevention beats detection here. Controls over signatures.
🇷🇺 Russia’s Fake Journalist Disinfo Campaign
Storm-1516, a Russia-linked group, is impersonating real European journalists to spread fake stories — including radioactive waste smuggling and USAID embezzlement. The fake news is spreading via spoofed websites and viral social media. It’s psychological warfare dressed as a press release.
🧾 Hill Associates Fined $14.75M for Cyber Fraud
The federal contractor lied about cybersecurity practices, experience, and billing — and now owes Uncle Sam nearly $15 million. They’ll also pay 2.5% of revenue through 2030. The case fell under the False Claims Act. When you fake your security creds, the DOJ collects.
✅ Action List:
Patch Wing FTP: CVE-2025-47812 is under active exploitation.
Audit API Auth: Especially if you use third-party chatbots (looking at you, McHire).
Restrict AI Summary Use: Apply sandboxing on AI-generated summaries.
Train Awareness: AI prompt injection isn’t theoretical—educate your teams.
Review Access to IoT/OT Protocols: Legacy radio signaling on trains? Fix that before a derailment does.
Monitor Disinformation: Especially during elections or political unrest.
Don’t Trust the Bounty: Law enforcement doesn’t care about your side deals.
✅ Story Links:
https://www.securityweek.com/ransomware-group-claims-attack-on-belk/
https://www.securityweek.com/louis-vuitton-data-breach-hits-customers-in-several-countries/
https://therecord.media/hacker-returns-stolen-gmx-bounty
https://therecord.media/exploited-file-transfer-bug-cisa
https://therecord.media/russia-group-spoofing-journalists-disinfo
https://therecord.media/federal-it-contractor-fined-over-cyber-fraud-allegations
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post