Good Morning Security Gang,
Today’s show is a rollercoaster of global cyber incidents—from a record-speed disclosure by Qantas and a devastating $40 million crypto heist to AI deepfake impersonation campaigns and escalating nation-state attacks from Iran and Russia. As always, we break it down with a practitioner’s eye and a CISO’s mindset. Let’s get into it—coffee cup cheers y’all!
✈️ Qantas Moves Fast on Massive Breach Disclosure
Qantas has confirmed that 5.7 million customer records were accessed in a data breach, with varying levels of sensitivity—from basic email and name combos to full PII including addresses, DOBs, and even meal preferences. Hats off to the Qantas security and executive team for their rapid, transparent response. They identified the breach, analyzed the data impact, and began outreach to affected users—all within 8 days. That’s what mature data classification and IR capabilities look like.
“You ordered the kosher meal? Totally gonna social engineer you now… thanks regulators.” James Azar on Qantas Disclosure
💸 $40M Drained from GMX Crypto Exchange
Decentralized exchange GMX has confirmed an exploit drained $43 million in funds. Despite claiming robust third-party audits, the platform was clearly unprepared for the exploit that allowed attackers to launder Ethereum, USDC, and DAI through the system. GMX is now offering a 10% bounty if the attacker returns the other 90% within 48 hours. With TRM Labs reporting over $2.1 billion stolen from exchanges in 2025, it’s another stark reminder: crypto security is nowhere near institutional-grade.
🏧 Bitcoin Depot Data Breach Delayed by the Feds
Bitcoin Depot—a major Bitcoin ATM operator—revealed a data breach from June 2023 impacting 27,000 customers. The breach included PII like names, licenses, phone numbers, and birth dates. Public disclosure was delayed until now at the request of federal investigators, showing that coordination with law enforcement can sometimes delay transparency. Security teams must plan for these scenarios.
🇯🇵 Nippon Steel Hit by Zero-Day Exploit
Nippon Steel’s IT division (NS Solutions) disclosed a breach resulting from a zero-day exploit. Customer, partner, and employee data was compromised, but James questioned why basic info like names and email addresses should even be reportable. The attackers were linked to the defunct BienLian ransomware group, which has since gone dark.
🧠 AI Deepfake Targets Marco Rubio via Signal
An impersonation attempt using AI-generated content on Signal targeted Secretary of State Marco Rubio. The scam included mimicked voice and writing, triggering a State Department investigation. The episode raises urgent concerns about the ease of spoofing public figures and how platforms must improve identity verification. James emphasized the need for human training and company accountability in the AI age.
“If you’re getting a Signal message from the Secretary of State, and you’re not verifying it through diplomatic channels—what are you doing?” James Azar
🧰 Critical CVE in ServiceNow’s Platform
A newly disclosed vulnerability (CVE-2025-3648) in ServiceNow’s platform, dubbed “Counter Strike,” could allow unauthorized data access through ACL misconfigurations. Whether authenticated or not, users could exploit range query requests to infer sensitive data. Patch it now if you rely on ServiceNow!
👮♂️ UK Nabs 4 Ransomware Suspects
The UK’s National Crime Agency arrested four young individuals suspected of launching ransomware attacks on Marks & Spencer, Co-op, and Harrods. Charges include computer misuse, blackmail, and laundering. A win for law enforcement—and a clear warning to threat actors that they’re being hunted, even across digital borders.
🇮🇷 Iran Escalates Cyber Attacks on U.S. Infrastructure
Threat groups linked to Iran’s government, including MuddyWater and APT-33, have ramped up attacks on U.S. critical infrastructure post-Iran-Israel conflict. A total of 28 attacks were recorded in May–June compared to just 12 in March–April. The focus: transportation and manufacturing. CyberAvengers, another Iranian-backed group, targets only the U.S., Israel, and Ukraine. The line between geopolitical tension and cyber warfare continues to blur.
🇷🇺 Russia’s Hybrid War: Espionage, Influence & Sabotage
France’s top intelligence official warned of Russia’s evolving hybrid threat campaign. These include physical operations like planting fake coffins with anti-Ukraine propaganda and information warfare aimed at disrupting civil trust. With 50 Russian agents expelled since 2022, Europe faces an existential cyber and physical threat from Moscow’s playbook.
🚘 PerfektBlue: Bluetooth Stack Bug Threatens Millions of Vehicles
Researchers have exposed critical vulnerabilities in a Bluetooth SDK used in millions of vehicles. Dubbed “PerfektBlue,” the exploit allows remote hacking of infotainment systems, enabling location tracking, audio recording, and data theft. Cars from Mercedes-Benz, Skoda, and Volkswagen were confirmed affected. Multiple CVEs have been issued, but patching remains inconsistent across OEMs.
🔒 Action Items for Today’s Security Leaders
✅ Ensure ServiceNow CVE-2025-3648 is patched immediately
🔐 Audit Bluetooth stack components in connected vehicle systems if you're in automotive
🧠 Initiate AI impersonation awareness training for execs and comms teams
📢 Review crypto exposure and platform security if you're holding or trading assets
📄 Revise data classification policies to address modern definitions of PII
🛰 Monitor Iranian APT activity targeting transportation and manufacturing sectors
🧑⚖️ Engage with law enforcement early during breaches to balance transparency and investigation timelines
🎯 James Azar’s CISO Take
Today’s stories show the spectrum of security maturity. On one end, Qantas demonstrated how a mature IR program, strong data classification, and real-time visibility allow for rapid and clear breach disclosures. On the other, GMX and Bitcoin Depot’s incidents highlight ongoing gaps in preparedness, communications, and regulatory handling. The disparity in response times and transparency will become more of a litmus test for security programs as regulators sharpen scrutiny and the public becomes more aware.
The other critical thread is AI impersonation and deepfakes. The Rubio case is a wake-up call. These threats are no longer theoretical. We must pressure platforms to act and begin implementing technical guardrails, while also building a culture of human skepticism—especially when messages claim to come from authority figures. The future of cyber risk isn’t just code—it’s trust, and trust is now a target.
🗓 See y’all tomorrow for the weekly recap, and don’t forget—
Stay cyber safe.
✅ Story Links:
https://therecord.media/gmx-exchange-cryptocurrency-stolen
https://www.securityweek.com/nippon-steel-subsidiary-blames-data-breach-on-zero-day-attack/
https://www.bankinfosecurity.com/ai-rubio-hoax-further-exposes-white-house-security-gaps-a-28930
https://www.securityweek.com/millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/
https://thehackernews.com/2025/07/servicenow-flaw-cve-2025-3648-could.html
https://therecord.media/uk-arrests-four-ransomware-ms-harrods-co-op
https://therecord.media/french-intelligence-chief-russia-threat
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post