Good Morning Security Gang,

James Azar returned live this May 1st, 2025, with an action-packed CyberHub Podcast episode. After a phenomenal RSA-themed discussion yesterday with Andy Ellis and Alan Alford, today’s show dove into a jam-packed set of cybersecurity developments impacting industries from healthcare to logistics to energy.

From sophisticated AI-driven influence operations to major vulnerabilities in critical infrastructure and fresh warnings about the politicization of cybersecurity agencies, the cybersecurity landscape continues to evolve at breakneck speed.

🔥 Detailed Story Summaries

⚕️ Ascension Health Systems Breach Impacts 114,000+ Individuals

Ascension Health disclosed that personal, insurance, and sensitive medical details were compromised via a third-party data breach connected to the Clio hack from December 2024. Beyond PII, exposed diagnosis and insurance information could lead to rampant claims fraud—a severe financial threat to both patients and insurers.

🛒 Co-op UK Supermarket Suffers IT Shutdown After Intrusion

British retailer Co-op took critical IT systems offline after detecting unauthorized access. Despite official claims of "attempted intrusion," the drastic shutdown hints at a deeper breach. James highlights: “No one shuts down critical systems for simple access attempts”—hinting this was more serious than Co-op admits.

🧑‍💻 North Korean IT Worker Fraud Infiltrates Top Global Firms

Mandiant and Google revealed that hundreds of North Korean operatives posed as IT workers, successfully penetrating Fortune 500 companies’ remote workforces. Many CISOs admitted hiring at least one or several North Korean operatives. These infiltrators aim to funnel money to the Pyongyang regime—and steal valuable corporate data.

🛡️ SentinelOne Targeted by Fake IT Worker and Ransomware Campaigns

SentinelOne detailed repeated targeting by fake North Korean applicants and ransomware groups. 360+ fake personas and over 1,000 fake applications were detected. James emphasized: "Cybersecurity vendors must be scrutinized like any vendor—expertise in solving cybersecurity problems doesn’t mean expertise in defending an enterprise."

🤖 AI-Powered Influence Operations Exploit Claude AI

Anthropic disclosed that bad actors abused Claude AI to coordinate sophisticated influence networks across Facebook and X, pushing political narratives supporting UAE, Iran, Kenya, and more. Using AI for narrative shaping marks a disturbing evolution in influence operations—demonstrating AI’s potential weaponization at scale.

🕵️ NSO Group Faces Massive Financial Penalty in WhatsApp Spyware Lawsuit

Following its loss in the lawsuit brought by WhatsApp, NSO Group now faces potential tens of millions of dollars in punitive damages. The case centers on spyware deployed through WhatsApp—highlighting ongoing battles between tech giants and cyber-mercenary firms.

🧑‍💻 Russia’s DarkWatchman Malware Targets Domestic Companies

Russian cybersecurity firm F.A.C.C. identified a large phishing campaign deploying the DarkWatchman RAT malware. The campaign targets Russian industries spanning energy, telecom, and manufacturing—likely a financially motivated threat group, Hive0117. Cyber warfare between Ukraine and Russia is bleeding into criminal operations globally.

🌐 SonicWall Warns of Two Critical Secure Mobile Access Vulnerabilities

SonicWall issued urgent patches for vulnerabilities CVE-2023-44221 (OS command injection, CVSS 7.2) and CVE-2024-38475 (path traversal, CVSS 9.8). Remote exploitation risks without authentication make patching these flaws absolutely critical for organizations relying on SonicWall's SMA appliances.

📜 Tech Giants Push for Standardized End-of-Life (EOL) Notification Framework

Cisco, Microsoft, Dell, Oracle, IBM, and Red Hat released a proposed open standard for end-of-life software announcements. A machine-readable format will improve customer awareness of when products become vulnerable—supporting better patch management and procurement practices.

🇺🇸 DHS Secretary Kristi Noem Calls for Refocusing CISA at RSA

In a surprise RSA keynote, DHS Secretary Kristi Noem pledged to return CISA to its original mission: defending critical infrastructure and combating cyber threats—not engaging in broader political activities. She also backed the Secure by Design initiative, promising stronger procurement guidelines for secure software.

✅ Practitioner Action List

• 🔧 Patch SonicWall appliances immediately against CVE-2023-44221 and CVE-2024-38475.

• 🛡️ Review hiring pipelines for signs of North Korean IT worker fraud.

• 🧠 Update insider threat programs to account for remote identity fraud tactics.

• 🏥 Prepare for surge in healthcare claims fraud post-breach events.

• 🤖 Monitor use of AI platforms internally and externally to detect influence campaigns.

• 🔍 Audit vendors, including cybersecurity vendors, for actual program maturity—not just brand name.

• 🌍 Stay informed on geopolitical cyber trends influencing supply chain and critical infrastructure risks.

• 🛑 Participate in EOL standards discussions to improve organizational visibility on software risk.

🎯 Final Note

James wrapped the episode by wishing a heartfelt congratulations to Israel on its 77th Independence Day and thanking the Security Gang community for its loyalty, support, and vigilance.

The next live show returns Monday at 9:00 AM EST with even more cutting-edge cybersecurity updates.
Until then — Stay Cyber Safe!

✅ Story Links:

https://www.securityweek.com/ascension-discloses-data-breach-potentially-linked-to-cleo-hack/

https://www.bleepingcomputer.com/news/security/uk-retailer-co-op-shuts-down-some-it-systems-after-hack-attempt/

https://cyberscoop.com/north-korea-workers-infiltrate-fortune-500/

https://www.securityweek.com/sentinelone-targeted-by-north-korean-it-workers-ransomware-groups-chinese-hackers/

https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html

https://therecord.media/nso-whatsapp-damages-spyware-case

https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html

https://www.securityweek.com/sonicwall-flags-two-vulnerabilities-as-exploited/

https://www.securityweek.com/tech-giants-propose-standard-for-end-of-life-security-disclosures/

https://www.cybersecuritydive.com/news/dhs-secretary-vows-to-refocus-cisa-saying-it-strayed-from-mission/746739/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.