CISO Talk by James Azar
CyberHub Podcast
AI is Turbocharging Cyber Crime, Wiz Scores $32B from Google, China Disclosing Data Breaches Now, What gives? GitHub Struggles with Attacks
0:00
Current time: 0:00 / Total time: -19:56
-19:56

AI is Turbocharging Cyber Crime, Wiz Scores $32B from Google, China Disclosing Data Breaches Now, What gives? GitHub Struggles with Attacks

Breaking Down Major Acquisitions, Global Threats, and Emerging Cyber Risks

Good morning and welcome to a special edition of the CyberHub Podcast, originally broadcast live at nine a.m. Eastern. This episode delivers crucial cybersecurity updates and insights in under twenty minutes.

Whether you’re a security practitioner, a Chief Information Security Officer, or simply someone interested in the ever-changing landscape of cyber threats, this podcast offers actionable information from both business and technical perspectives. The show begins with a lighthearted espresso demonstration, underscoring the passion, camaraderie, and culture that fuel the cybersecurity community—proving that even a quick coffee lesson can find its place alongside breaking news.

Google Acquires Wiz for $32 Billion

The episode opens with a blockbuster announcement: Google has acquired the cloud security startup Wiz in a staggering $32 billion all-cash deal. This comes after Wiz walked away from an initial $23 billion offer in July and explored an IPO route. By integrating Wiz’s advanced threat detection and cloud security solutions, Google strengthens its position in the cybersecurity market, especially within Google Cloud Platform.

The move follows Google’s earlier acquisition of Mandiant and highlights the tech giant’s strategic pivot to bolster profitability outside its traditional ad-based revenue model. The host underscores how significant this is for the Israeli tech ecosystem, with Wiz’s founders achieving a hallmark success that any startup dreams of.

EU Warns That AI Is Turbocharging Organized Crime

Europol’s latest four-year review warns that AI has become a game-changer for criminal organizations and state-sponsored threat actors. Criminal groups are using AI to enhance precision in cyberattacks, blending profit motives with destabilization campaigns. The EU report also references the risk that overregulation might hamper legitimate innovation while failing to deter criminal use of AI. The host stresses the importance of implementing security-by-design principles and actual deterrence measures. The overarching message: while regulation is often the EU’s first step, technology-savvy criminals aren’t bound by legislation, and more proactive defense strategies and meaningful punishments are necessary.

GitHub Supply Chain Attacks—Again

GitHub finds itself in the headlines for the second time in just a few days. A supply chain attack on TJ actions’ changed files compromised personal access tokens, potentially affecting twenty-three thousand repositories. Subsequent research traced the compromise to a cascading supply chain incident stemming from the “ReviewDog/action-setup” GitHub Action.

Attackers injected code designed to dump CI/CD secrets to log files, revealing the vulnerabilities in software dependencies.

Apart from the reviewdog/action-setup@v1 tag that has been confirmed as breached, the following actions may also be impacted:

  • reviewdog/action-shellcheck

  • reviewdog/action-composite-template

  • reviewdog/action-staticcheck

  • reviewdog/action-ast-grep

  • reviewdog/action-typos

GitHub has since been alerted, and the broader development community is urged to inspect their workflows, remove or update vulnerable actions, and rotate any possibly exposed credentials.

China Accuses Taiwan of Cyberattacks Amid Global Tensions

China’s state security ministry accuses Taiwan’s military of orchestrating cyber espionage, calling out four named individuals allegedly linked to Taiwan’s Information, Communication, and Electronic Force Command. Taiwan firmly denies the allegations, framing them as part of a larger Chinese narrative to justify more aggressive stances toward the island.

The host contextualizes the accusations within the larger landscape of Chinese cyber strategy, pointing out that China often deflects by naming and shaming foreign entities while continuing to launch its own advanced persistent threats worldwide. This move also resonates with China’s broader ambition to control key technology supply chains—especially as AI hardware manufacturing becomes a linchpin of global technological dominance.

MirrorFace and the Ongoing Chinese Cyber Operations

Further insights reveal new intelligence on “Mirror Face,” a Chinese-aligned threat actor group using a backdoor called “ANEL” to target EU diplomatic institutions. The group employs advanced spear-phishing campaigns, embedding specialized malware such as asyncRAT and other backdoors in targeted lures referencing international events (like the upcoming World Expo in Osaka, Japan).

Analysts label these operations as part of “Operation Ikai Rao,” with some overlap in tactics documented by Japanese authorities. The seamless integration of multiple malware tools illustrates China’s evolving espionage strategies.

LNK Files Exploited by Eleven State-Sponsored APTs

A separate but related trend is the rise in threat actors using malicious LNK (shortcut) files to deliver malware. Trend Micro’s Zero Day Initiative reports nearly a thousand malicious LNK files used by state-sponsored threat groups from North Korea, Iran, Russia, and China. These specially crafted shortcuts can covertly execute PowerShell scripts or command-line arguments that download and run payloads. Organizations are advised to evaluate the necessity of LNK files in daily operations and consider blocking them or applying stricter controls.

Municipalities Under Siege: Four States, Multiple Cyberattacks

Local governments in several U.S. states, including Kansas, New Hampshire, and Connecticut, are scrambling to restore systems following disruptive cyber incidents. Services have been limited or completely taken offline, reflecting how budget-constrained public institutions are prime ransomware targets. From city halls to police departments and school districts, the breadth of these attacks underscores the rising threat faced by smaller public-sector entities lacking robust cybersecurity resources.

Data Breach Hits California Cryobank

Rounding out the episode is a year-delayed breach disclosure from California Cryobank, one of the largest sperm banks in the U.S. Personal data—including financial and health information—was exposed following a suspicious network incident last April. Social Security numbers, driver’s license information, and payment card data were accessed, leading California Cryobank to offer credit monitoring services.

The host notes that while immediate response efforts may have contained the intrusion, it took nearly a year for an official notification to the public, raising questions about transparency and breach reporting timelines.

Action Items

  • Review Cloud Security Posture: In light of Google’s Wiz acquisition, assess your organization’s cloud security tools, ensuring multi-layered defenses and regular audits.

  • Strengthen AI Defenses: Develop or update AI security guidelines, considering the EU’s warning on AI-driven threats and potential for advanced adversarial tactics.

  • Monitor Supply Chains: Check GitHub Actions and dependencies for vulnerabilities. Rotate compromised or uncertain credentials and maintain a comprehensive software bill of materials.

  • Track Geopolitical Tensions: Understand that nation-state accusations (like China’s claim against Taiwan) often signal an escalation in cyber espionage. Foster strong threat intelligence capabilities.

  • Block or Audit LNK Files: Evaluate whether LNK files are necessary in your environment. Restrict or block them if possible, and reinforce endpoint monitoring.

  • Protect Public Sector Assets: For local governments, implement proactive security measures such as staff training, encryption, and robust backup protocols to mitigate ransomware attacks.

  • Verify Data Exposure: If you have any connection to California Cryobank, confirm if your information was part of the breach and enroll in offered monitoring services.


Stay informed with the latest cybersecurity developments and cultivate a culture of vigilance within your organization. Share these insights with colleagues, attend relevant conferences, and regularly update incident response plans. Subscribe to the CyberHub Podcast for daily, concise updates that help you stay ahead of emerging threats.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

✅ Story Links:

https://www.securityweek.com/google-to-acquire-cloud-security-giant-wiz-for-32-billion-in-cash/

https://www.securityweek.com/ai-is-turbocharging-organized-crime-eu-police-agency-warns/

https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/

https://therecord.media/china-taiwan-hacks-identify-cyber

https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html

https://www.securityweek.com/11-state-sponsored-apts-exploiting-lnk-files-for-espionage-data-theft/

https://therecord.media/municipalities-struggling-cyberattacks-services

https://www.bleepingcomputer.com/news/security/sperm-donation-giant-california-cryobank-warns-of-a-data-breach/

Level Zero Conference Discount Code: L020RESPOND at www.levelzeroconference.com

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this episode