Good Morning Security Gang!
Welcome back to the CyberHub Podcast, coming to you this Tuesday, October 21st, 2025. Your daily double-espresso companion — bringing you the latest and most critical stories shaping cybersecurity today.
We’ve got a packed lineup: from a massive AWS outage that rippled across the internet, to a foreign hack of a U.S. nuclear facility through a SharePoint flaw, ransomware hitting Japanese retailer Muji, tens of thousands of WatchGuard firewalls still exposed to RCE, and CISA adding new Microsoft and Oracle exploits to the KEV catalog. We’ll even close with the bizarre world of global scam centers in Myanmar and South Korea finally facing justice.
Let’s jump right into it — coffee cup cheers! ☕
☁ AWS Outage Knocks Out Major Services Worldwide
If you noticed half the internet acting up yesterday — you weren’t alone. AWS suffered a massive outage that took down or degraded key services including Amazon Prime Video, Snapchat, Canva, and even impacted banks and airlines.
Initial reports point to an internal DNS issue cascading into DynamoDB failures, causing authentication and routing disruptions. AWS says services were restored within hours, with a root cause analysis pending.
I said it on the show — and I’ll say it again:
“This isn’t a cyberattack; it’s a reminder that resilience drills matter. If your entire business halts when AWS sneezes, you’ve built your castle on rented sand.”
CISOs should use this as a tabletop exercise opportunity: test failover plans, DNS redundancy, and cloud dependency mapping.
☢ U.S. Nuclear Weapons Plant Breached via SharePoint Flaw
A foreign actor — possibly China or Russia — exploited an on-prem SharePoint zero-day to infiltrate the NSA’s Kansas City National Security Campus, part of the U.S. nuclear weapons manufacturing chain.
While OT systems were segmented and unaffected, the attack highlights the IT-OT adjacency risk in critical infrastructure.
The flaw, patched back in July 2025, allowed remote code execution and spoofing.
As I warned, “Vulnerability management isn’t optional — it’s existential.” Attackers now scan within 20 minutes of new CVEs dropping and actively exploit within 24 hours.
Mitigations:
Patch and monitor on-prem SharePoint immediately.
Disable legacy authentication.
Watch for web shells or unexpected service account activity.
Validate OT segmentation with adversary emulation.
🛍 Muji Halts Online Sales After Supplier Ransomware Attack
Japanese retailer Muji halted all online sales after its logistics supplier Askul was hit by ransomware. Stores outside Japan remain operational, but domestic order fulfillment is halted, impacting revenue and customer confidence.
This is yet another case of supply chain single-point failure. I emphasized, “If your business stops when one vendor breaks, that’s not a cyber problem — that’s a business continuity failure.”
Companies need redundant logistics providers and defined RTO/RPO SLAs to survive disruptions.
“As security practitioners, we’re in the business of risk and business enablement. When we see stuff like this, the question should always be: do we have a backup? Does the backup cost us money? And if it does, how much? When you don’t, you become single-threaded. Single-threaded is a huge risk.” James Azar
🧈 Dairy Farmers of America Confirms Ransomware Data Leak
The Dairy Farmers of America (DFA) confirmed a June ransomware attack led to data exposure for 4,546 individuals, including Social Security numbers, bank accounts, and Medicare data.
The Play ransomware group claimed responsibility, with DFA now facing federal scrutiny over supply chain vulnerabilities.
Food and agriculture remain high-risk sectors for nation-state targeting. As I put it, “A cyberattack that stops milk production isn’t just a breach — it’s a food security incident.”
🎧 Dolby Digital Plus Zero-Click Audio Exploit
Project Zero researchers discovered a zero-click vulnerability in Dolby Digital Plus audio decoders, affecting Android media pipelines.
A malicious .ec3 or .mp4 file can trigger an out-of-bounds write and enable code execution without user interaction.
Mitigation steps include:
Restrict auto-download and autoplay for media in messaging apps.
Deploy EDR rules for suspicious media process crashes.
Use MDM to block vulnerable builds where possible.
This attack vector is particularly dangerous due to its no-click nature and reach across consumer devices.
🔥 75,000 WatchGuard Firewalls Vulnerable to Critical RCE
The Shadowserver Foundation reported nearly 76,000 Firebox and WatchGuard appliances still exposed to CVE-2025-90242, a critical RCE flaw exploitable via IKEv2 crafted packets.
Affected firmware spans versions 11.10.2 to 12.31.3, with fixes available in the 12.11.4 and 12.31.1_u3 builds.
Attackers could gain full device takeover, manipulate VPNs, and tamper firewall policies.
Recommended actions:
Patch immediately.
Disable dynamic IKEv2 peers if not needed.
Remove public management access.
Enforce geo-IP allowlists for admin connections.
🧠 CISA Adds New Microsoft, Oracle, and Apple Exploits to KEV
CISA’s essential staff — even during the government shutdown — added a wave of new vulnerabilities to the Known Exploited Vulnerabilities catalog, including:
Microsoft SharePoint CVE-2024-38058 – privilege escalation.
Oracle CVE-2024-20918 – auth bypass.
Apple CVE-2022-48503 – web content code execution.
All are actively exploited in the wild and must be patched by both government agencies and private companies under SLA alignment.
🇨🇳 China Accuses NSA of Hacking National Time Center
In what looks like a propaganda escalation, China’s MSS accused the U.S. National Security Agency (NSA) of hacking its National Time Service Center using “42 advanced cyber tools.”
Beijing alleges the NSA forged certificates, hijacked credentials, and launched precision attacks on timing infrastructure.
My take: “When China accuses you of hacking, it’s usually a projection. They just don’t like when someone plays their game better.”
Regardless, the story underscores how time synchronization networks are strategic cyber targets.
🇰🇭 Myanmar Raids Cyber Scam Compounds
Myanmar’s military finally raided major scam compounds near the Thai border, detaining over 2,000 workers and seizing Starlink terminals.
These scam centers were linked to global romance and investment fraud rings, many run by organized crime groups using forced labor.
Meanwhile, South Korea has begun arresting 58 nationals repatriated from Cambodia for running similar scam centers.
This crackdown, though overdue, signals growing recognition that cybercrime slavery is a global humanitarian issue.
🧠 James Azar’s CISO Take
Today’s show highlights one theme: resilience over perfection. Outages like AWS remind us that dependence on single-cloud environments isn’t a cyber issue — it’s a business fragility issue. Every CISO should be testing resilience as often as they test detection. A failover plan isn’t just a checkbox; it’s the difference between a bad day and a bankruptcy headline.
Second, we’re seeing how supply chain risk, from Muji to WatchGuard, continues to define modern security. You can’t control every vendor, but you can control how fast you detect, respond, and isolate their failures. The new world of cybersecurity isn’t about firewalls or patches — it’s about business continuity, verification, and accountability.
✅ Action Items
☁ Review AWS dependency architecture; test DNS and failover recovery.
☢ Patch on-prem SharePoint and validate OT segmentation.
🛍 Conduct supplier cyber risk assessments; add redundancy in logistics.
🧈 Enforce ransomware tabletop drills for food/agricultural operations.
🎧 Disable auto-download media on mobile; update Android security builds.
🔥 Patch WatchGuard firmware immediately; remove public admin access.
🧠 Validate KEV items in your patch management queue.
🇨🇳 Audit critical infrastructure for time sync spoofing risks.
🌏 Review vendor ethics — especially for offshore service providers.
And that’s a wrap for today’s show, Security Gang — patch fast, think business-first, and as always, stay cyber safe! ☕👊
