Good Morning Security Gang!

Happy Thursday, and welcome to another episode of the CyberHub Podcast. I’ve got my double espresso in hand, and we’ve got a loaded show today with major stories coming out of Europe, Apple scrambling to patch a new zero-day, North Korea abusing GitHub for espionage, Russia escalating cyberattacks on critical infrastructure, and cybercriminals hijacking password managers through clickjacking. Let’s dive in.

📱 Belgian Telecom Orange Breach Hits 850K Customers

Orange Belgium confirmed a breach impacting 850,000 customer accounts. While the company insisted “no critical data” like passwords or financials were stolen, attackers did grab names, phone numbers, SIM card IDs, tariff plans, and PUK codes—a goldmine for telecom fraud. With PUK codes, attackers can unlock blocked SIMs, clone phones, and add fraudulent lines to customer accounts. This isn’t just identity theft—it’s a multi-million-euro fraud risk for customers and Orange alike.

🍏 Apple Zero-Day Exploited in Sophisticated Spyware Attack

Apple pushed an emergency patch for CVE-2025-43300, a flaw in ImageIO that allowed out-of-bounds writes leading to potential remote code execution. The bug was already actively exploited, most likely by spyware operators. Updates were released across iOS, iPadOS, macOS Sequoia, Ventura, and Sonoma. Anytime Apple calls an exploit “sophisticated,” read between the lines: it’s being used in nation-state surveillance operations. Patch now.

🇰🇵 North Korean Espionage via GitHub & Dropbox

North Korea’s Kimsuky group ran a campaign between March and July targeting South Korean embassies and foreign ministry staff. Using GitHub as a covert C2 channel and trusted platforms like Dropbox, attackers delivered a variant of the open-source RAT XenoRAT via spear-phishing emails disguised as official government invites. This is a clear example of threat actors abusing legitimate cloud services to bypass defenses and blend in with normal traffic.

🌊 Russia Escalates Attacks on European Water Utilities

Russia-linked groups have escalated cyberattacks against European water utilities, striking small hydro plants in Poland and Norway, with at least one confirmed incident where attackers opened a dam valve. Poland reported triple the number of Russian cyberattacks compared to last year. These attacks are less about destruction and more about sending political messages: “we can disrupt you if we want.” Analysts warn U.S. water utilities could be next—DEF CON volunteers recently launched free programs to help safeguard them.

🛰 Russia’s “Static Tundra” Exploiting Cisco Devices

The FSB-linked Static Tundra group has been exploiting CVE-2018-0171 in end-of-life Cisco devices for persistent access across telecom, higher education, and manufacturing sectors.

This seven-year-old bug remains unpatched in many environments, leaving organizations wide open. Cisco Talos has released scripts to detect the “Sinful Knock” malware implant, but the bigger issue is legacy devices still running in production without updates.

💻 Russia’s Own Breaches and UK Sanctions on Kyrgyzstan

Pro-Ukrainian hackers Cyber Anarchy Squad claimed a major breach of Russia’s Investment Project platform, leaking databases and internal docs. Meanwhile, the UK sanctioned financial networks in Kyrgyzstan accused of laundering money for Russia’s war and ransomware ecosystem. Sanctions may freeze assets, but history shows actors often shift funds long before penalties kick in, limiting impact.

🌐 Criminals Abuse AI Website Builder “Lovable”

Cybercriminals are now abusing AI-powered web builders like Lovable to mass-produce phishing and malware sites. Fraudsters create convincing fake portals impersonating major brands, complete with CAPTCHA filtering to evade takedowns. While Lovable claims to have anti-abuse measures, scaling defenses against AI-automated cybercrime will require fraud-detection strategies similar to those in banking.

"The next two to three years, just buckle up. Let's have this conversation at episode 1,200 and 1,500 to see where we are." James Azar

🔑 Password Managers Hijacked with Clickjacking

Researcher Marek Toth revealed a flaw in 11 major password managers (including 1Password, iCloud Keychain, Bitwarden, and LastPass) where attackers can use clickjacking on malicious sites to steal autofilled credentials, including MFA tokens. By hiding invisible login forms under popups or banners, a single click can trigger autofill and send creds to a remote server. No patches are available yet, leaving users exposed.

🧠 James Azar’s CISO Take

Today’s stories highlight a recurring theme: the fragility of core infrastructure and trusted systems. From water plants to telecoms to Cisco routers, adversaries are going after foundational systems that are often overlooked, poorly patched, or running on legacy hardware. It’s a wake-up call for CISOs—your weak points aren’t just your apps or cloud tenants; they’re the systems your business can’t run without.

The second takeaway is the evolution of cybercrime via AI and cloud abuse. Whether it’s Lovable phishing sites, GitHub C2 channels, or clickjacking password managers, attackers are blending into legitimate ecosystems. The line between “normal” and “malicious” traffic is thinner than ever. Defense has to move beyond awareness training—it’s about behavioral monitoring, rapid patching, and resilience-first planning.

✅ Action Items

• 🔐 Patch Apple devices immediately for CVE-2025-43300.

• 📡 Scan for Cisco end-of-life devices and apply Talos detection scripts.

• 🌊 Review water/utility security controls; segment OT networks.

• 📱 Watch for SIM fraud indicators—Orange breach data is highly abusable.

• 💻 Audit password manager use; educate teams on clickjacking risk.

• 🌐 Harden defenses against phishing—monitor for AI-generated sites.

• 🛰 Monitor GitHub/Dropbox traffic for covert C2 activity.

✅ Story Links:

https://therecord.media/belgian-telecom-says-cyberattack-compromised-data-on-850000

https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/

https://thehackernews.com/2025/08/north-korea-uses-github-in-diplomat.html

https://www.bankinfosecurity.com/russian-hackers-accused-in-wave-water-sector-cyberattacks-a-29264

https://therecord.media/russia-cisco-fsb-static-tundra

https://therecord.media/russia-cyberattack-investment-platform-ukraine

https://therecord.media/britain-targets-kyrgyz-crypto

https://www.bleepingcomputer.com/news/security/ai-website-builder-lovable-increasingly-abused-for-malicious-activity/

https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.