Good morning, security gang,
Welcome to the Tuesday edition of the CyberHub Podcast for June 3, 2025. It’s hard to believe it’s June already, but as James Azar says, the coffee’s hot, the crema’s rich, and the stories are packed.
CyberHub Podcast Recap – Tuesday, June 3, 2025
On today’s show, we’re diving into massive breaches in the retail and banking sectors, Google’s critical security patches, the rise of advanced phishing campaigns, and a showdown over spyware in court.
And don’t forget—legendary cyber expert Roger Grimes joins James LIVE later today to share a bold plan to fix the internet.
💎 Cartier Data Breach Hits Luxury Retail
Iconic French jeweler Cartier has disclosed a data breach involving names, emails, and countries of residence of select clients. The company emphasized that no passwords, financial data, or sensitive payment details were exposed. This attack follows a recent string of retailer breaches (Adidas, Victoria’s Secret, Marks & Spencer), highlighting a troubling trend targeting consumer brands.
🏦 Main Street Bank Suffers Vendor Breach
Main Street Bank reported a cyberattack via a third-party vendor that exposed personal data for roughly 5% of its customers. While it didn’t materially impact operations, the bank ceased all activity with the provider. Details remain vague—it's unclear if the contract termination is permanent. The incident follows increasing scrutiny on supply chain risks in the financial sector.
🧥 Credential Stuffing Hits The North Face
The North Face, owned by VF Corporation (which also owns Vans and Timberland), confirmed a credential stuffing attack led to a breach of user data including full names, birthdates, email addresses, phone numbers, and purchase histories. No passwords or payment info were stolen. The incident underscores the importance of multi-factor authentication (MFA), especially when payment data is stored.
☕ Bonus Brew: Coffee Talk
James takes a moment to answer audience questions about his elite Turkish roast Nespresso capsules, sharing his love for Tel Aviv’s coffee culture and espresso-making techniques. A well-foamed crema, he says, is an art—and a great excuse to fuel cyber conversation.
👨💻 Roger Grimes Joins Live at 11AM
Roger Grimes, famed author of Hacking MFA and Data-Driven Defense, joins CyberHub Podcast live at 11AM ET to share how to “fix the internet” and combat malware and ransomware with systemic changes. Don’t miss it—Roger will be answering questions in real time.
📱 Android and Chrome Zero-Days Patched
Google patched over 30 Android vulnerabilities, including CVE-2025-26443, a local privilege escalation flaw not requiring user interaction.
In Chrome, Google issued an emergency update for CVE-2025-5419, a JavaScript engine zero-day exploited in the wild. The patch is live for all platforms. Users are urged to update to the latest Chrome version immediately.
🎮 Qualcomm GPU Flaws Exploited in the Wild
Qualcomm disclosed three zero-day vulnerabilities in its Adreno GPU drivers, affecting dozens of chipsets. Two of the flaws can cause memory corruption through unauthorized GPU commands. The third, CVE-2025-27038, involves a use-after-free error. All issues have been patched, and users are advised to check for OEM firmware updates.
🐼 Microsoft & CrowdStrike Launch Threat Actor Naming Initiative
Finally, sanity! Microsoft and CrowdStrike are leading an industry-wide push to unify threat actor naming, helping analysts avoid the chaos of 1,700+ conflicting names for the same groups. James playfully proposes naming conventions: bears for Russians, pandas for Chinese, cats for Iranians. Whatever the names, it’s a much-needed step toward clarity.
⚠️ SentinelOne Outage Explained
SentinelOne faced a 7-hour global service disruption last Thursday due to a software flaw triggered during a cloud migration. The issue delayed threat data reporting, though customer endpoints remained protected. SentinelOne has launched a post-incident review and is transitioning to a fully IaC-based cloud infrastructure.
🇲🇾 Malaysian Minister’s WhatsApp Hacked
Malaysia’s Home Minister had his WhatsApp account compromised, used to send phishing links. While no victims reported financial losses, the breach follows similar hacks of officials’ Telegram, Signal, and even social media accounts. SIM swapping and mobile phishing remain top vectors in these cases.
🕵️ NSO Appeals $168M Judgment in WhatsApp Case
Israeli surveillance company NSO Group is appealing the $168 million judgment awarded to WhatsApp in a California court. The suit alleged NSO helped governments infect users’ phones via zero-click spyware Pegasus. NSO claims the court unfairly barred them from presenting evidence of lawful use cases like counter-terrorism. James calls out Citizen Lab for bias in their reporting, arguing they ignore Chinese and Russian spyware while selectively targeting Israeli firms.
✅ Action List for Security Leaders
🛑 Retailers: Assess data handling practices and customer account security—add CAPTCHA, enforce MFA, and monitor for credential stuffing.
🔍 Financial institutions: Rigorously vet vendors and publish clear incident response expectations when supply chain events occur.
🔐 Patch immediately: Android, Chrome, and Qualcomm devices are exposed to high-severity flaws currently exploited in the wild.
☕ Join the Roger Grimes live session at 11AM ET and bring your questions—he’s proposing real change.
🧠 Push for unified threat actor naming in your threat intel feeds to reduce confusion and improve situational awareness.
📱 Use app-specific passwords or security keys to protect sensitive messaging apps like WhatsApp and Signal.
⚖️ Track legal and regulatory developments in spyware and surveillance—future precedent could shape lawful cyber ops.
That’s it for today’s CyberHub Podcast. Tune in LIVE later this morning for Roger Grimes' exclusive interview on reshaping cybersecurity. Like, share, and subscribe—and don’t forget to check out CyberHubPodcast.com for all the latest updates.
Until next time—stay tuned, stay vigilant, and most importantly… stay cyber safe.
✅ Story Links:
https://therecord.media/Main-street-cyber-incident-bank
https://www.securityweek.com/over-30-vulnerabilities-patched-in-android/
https://www.securityweek.com/microsoft-crowdstrike-lead-effort-to-map-threat-actor-names/
https://therecord.media/malaysia-hack-scam-whatsapp-minister
https://therecord.media/nso-group-appeals-jury-award-168million-
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post