Good Morning Security Gang!

Welcome to another packed Monday episode of the CyberHub Podcast. Let me tell you—this week is already off to a strong start. I’m kicking things off with a double espresso here in Israel before I head out to Hacker Summer Camp next week in Vegas. Today’s episode is filled with major breach news, the latest geopolitical cyber threats, critical AI regulation updates, and some takedowns in ransomware land. So let’s not waste a second—let’s dive in.

☠ Allianz Life Breach Exposes 1.4 Million Records

We start with a significant breach from Allianz Life, impacting the PII of the majority of its 1.4 million customers, financial professionals, and select employees. The breach, which involved advanced social engineering, was likely orchestrated by the threat group ShinyHunters—known for previous attacks on Ticketmaster, Neiman Marcus, and others. Notably, this was not a Snowflake-related incident, and it’s important we correct bad reporting in the space. Allianz is currently investigating and reaching out to affected individuals.

🏁 NASCAR Confirms March Cyber Attack Breached Customer Data

NASCAR has confirmed that the March cyber incident did, in fact, result in unauthorized access to customer data. The intrusion occurred between March 31 and April 3, with breach notifications being sent out on July 24. Victims are being offered a year of credit monitoring, though NASCAR hasn’t disclosed the full scope of the breach yet.

🧨 SharePoint “ToolShell” Exploit Leads to Warlock Ransomware Deployments

A Chinese threat actor, tracked as Storm-2603 by Microsoft, has been deploying Warlock and LockBit ransomware through the SharePoint ToolShell zero-day chain. Over 420 servers are still vulnerable. Once inside, attackers are leveraging Mimikatz and the Impacket toolkit to move laterally and spread ransomware. The Department of Education, Florida's Department of Revenue, and even European and Middle Eastern governments have been hit. Microsoft urges immediate patching and key rotations.

🔥 China-Backed “Fire Ant” Campaign Exploiting VMware and F5

Signia researchers uncovered a sophisticated Chinese espionage group exploiting VMware and F5 appliances to gain persistent access to segmented environments. By leveraging CVE-2022-1388 and other flaws, attackers moved from host to guest environments and tunneled through trusted systems. Their stealth, persistence, and segmentation bypass methods are especially concerning for critical infrastructure.

🤖 California Weakens AI Oversight While Trump Admin Launches National AI Action Plan

California’s Privacy Regulator approved diluted rules that reduce oversight of automated decision-making (ADMT), drawing criticism from privacy advocates. Meanwhile, President Trump’s team launched AI.gov and signed three new executive orders forming the "AI Action Plan"—focusing on infrastructure development, global AI exports, and a single federal regulatory standard. While I don’t usually dive into politics, I have to give credit where it’s due: this is a strategic win for national competitiveness and cybersecurity alignment.

Trump's AI Action Plan Goes Live

But here's where things get really interesting - the AI.gov website just went live with President Trump's AI action plan to win the AI race. Three executive orders were signed on July 23rd, including promoting the export of American AI technology stack, accelerating federal permitting of data center infrastructure to power AI, and preventing woke AI in federal government. I have to give credit where credit is due to the president here. He went on record saying, "We have to have a single federal standard, not fifty different states regulating this industry of the future. You can't have one state holding you up. You can't have three or four states holding you up."

This puts the responsibility on Congress - Speaker Michael Johnson and Senate Majority Leader John Thune - to draft a federal AI bill that supersedes all state bills. This is amazing news for cybersecurity practitioners. Could the appetite be to federalize data privacy alongside AI and data breach notification? Two bills with bipartisan support that have been sitting on the sidelines could be added to this concept. The president also indicated that Meta, Amazon, Google, and Microsoft are investing $320 billion or more in data centers and AI infrastructure, with NVIDIA committing $500 billion over the next four years.

💣 BlackSuit Ransomware Takedown in Joint International Operation

Law enforcement from over nine countries, led by HSI, seized the BlackSuit ransomware gang’s dark web domains and negotiation portals. The gang had extracted over $500 million in ransom demands. Their takedown is a big win in the fight against transnational ransomware.

🧑‍💻 North Korean IT Worker Infiltration Gets Arizona Woman 102 Months in Prison

Christina Marie Chapman was sentenced for operating a laptop farm that allowed North Korean developers to impersonate remote workers and gain access to 309 U.S. companies—including aerospace and defense. She worked with co-conspirators through Upwork and other platforms to launder money and support the DPRK’s illicit cyber operations.

🛠 Critical Patches for Mitel & LG

• Mitel: A critical auth bypass flaw (CVSS 9.4) in the MyVoice MX-One platform can allow admin takeover. Fixes are available and urgent.

• LG: Over 100,000 LG Inatek LNV5110R cameras are vulnerable to a CVE-2025-7742 auth bypass with no patch in sight. The devices are EOL—rip and replace them ASAP.

✅ Action Items

• 🔐 Patch all SharePoint servers and rotate machine keys immediately

• 🚨 Scan for CVEs affecting VMware (CVE-2022-1388) and F5 systems

• 🤝 Review insider threat procedures to prevent social engineering

• 🔄 Evaluate AI governance policies and prepare for federal standardization

• 🗑 Remove all vulnerable LG camera models from your networks

• 🧠 Ensure MFA is enforced across all cloud environments, including Snowflake

• 📢 Notify affected parties promptly when breaches are confirmed

🧠 James Azar’s CISO Take

There’s a stark theme today—residual risk from poor cyber hygiene and failed governance. From Allianz’s social engineering gap to NASCAR’s late disclosure, we see how even large institutions remain vulnerable. And don’t get me started on the continued SharePoint exploits. If you’re not segmenting your systems or monitoring authentication attempts, you’re flying blind.

The other takeaway here is the emerging clarity on AI governance. Whether you love or hate the political figure involved, a single federal standard for AI is a step in the right direction. We’ve got fragmented state-level laws and toothless oversight from California. It’s time we get serious. The cybersecurity world depends on aligning regulatory clarity with technological innovation, especially as AI touches everything from hiring to healthcare. Let’s hope this momentum carries over to data privacy and breach disclosure laws.

✅ Story Links:

https://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/

https://therecord.media/nascar-confirms-data-breach

https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-servers-also-targeted-in-ransomware-attacks/

https://www.securityweek.com/chinese-spies-target-networking-and-virtualization-flaws-to-breach-isolated-environments/

https://therecord.media/california-privacy-agency-approves-ai-rules

https://www.ai.gov/#home-services-anchor

https://therecord.media/blacksuit-ransomware-gang-website-takedown

https://www.bleepingcomputer.com/news/security/us-woman-sentenced-to-8-years-in-prison-for-running-laptop-farm-helping-north-koreans-infiltrate-300-firms/

https://www.securityweek.com/mitel-patches-critical-flaw-in-enterprise-communication-platform/

https://www.securityweek.com/no-patch-for-flaw-exposing-hundreds-of-lg-cameras-to-remote-hacking/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.