Good Morning Security Gang!
Welcome to a very special Hacker Summer Camp edition of the CyberHub Podcast. I’m James Azar coming to you not-so-live from Las Vegas, where the sun’s still blazing and the conversations are hotter. Even though I’m pre-recording today’s show, the energy here is electric. I’ve run into half of cybersecurity Twitter just walking from cab to conference room.

And while I’m still locked out of a Black Hat media badge (which honestly doesn’t matter anymore), I’m staying focused on what matters most—bringing y’all the real stories driving our industry this week. From Chanel’s Salesforce-related breach to the biggest crypto hack in history and a stealthy SonicWall zero-day under ransomware attack, this is one of those episodes that reminds us why we do what we do. So let’s get into it.

🇺🇦 Ukrainian Hackers Uncover Russian Child Deportation Records

In one of the most impactful cyber ops we’ve seen in a while, Ukraine’s military intelligence services hacked Russian servers in Crimea and uncovered official documentation of nearly 20,000 Ukrainian children forcibly deported to Russian families. These files include names, guardian records, and addresses—confirming long-suspected crimes. The op was reportedly supported by a group called Typer Corpus and marks a cyberattack used for humanitarian justice. As a father, this one hit me hard. This isn’t just a breach—it’s a rescue mission.

"Twenty thousand Ukrainian children. As a father, it just boils my blood." - James Azar on the scope of Russian child trafficking exposed through cyber operations

👜 Chanel Becomes Latest Salesforce Breach Victim

Chanel confirmed a breach affecting U.S. customer data after attackers accessed a Salesforce-hosted database. Exposed info includes names, emails, mailing addresses, and phone numbers of customers who contacted Chanel’s client care center. While no sensitive PII or payment data was compromised, this adds Chanel to a growing list of Salesforce-related breach victims including Adidas, Louis Vuitton, Tiffany, Dior, and Allianz Life. Salesforce insists their platform wasn’t breached—it’s all about customer responsibility.

💰 The Biggest Crypto Hack Ever: $14.5 Billion Still Unmoved

A record-setting Bitcoin theft has been uncovered months after the fact. Attackers drained 127,000 BTC from Chinese mining pool Lubian in December 2023—worth $3.5B then, now valued at $14.5B. The funds remain dormant. Researchers say Lubian didn’t even disclose the breach. This could be a nation-state move meant to destabilize the crypto market, or just the quietest mega-heist in history. Either way, someone’s sitting on more wealth than most countries—and they haven’t touched a dime.

🔓 SonicWall Zero-Day Actively Exploited by Akira Ransomware

Security researchers from Arctic Wolf and Google are sounding the alarm: Akira ransomware is actively exploiting a zero-day in SonicWall Gen 7 firewalls. At least 20 confirmed attacks have been recorded. SonicWall customers are urged to take devices offline immediately. Despite repeated inquiries, SonicWall was slow to respond, only issuing a partial blog update. If you’re still running these devices—rip and replace. Today.

🧬 Nvidia AI Server Vulnerabilities Could Lead to Total Compromise

Wiz researchers discovered three high-severity vulnerabilities in Nvidia’s Triton Inference Server (CVEs: 2025-23319, -23320, -23334) that can be chained for full RCE and system compromise. These flaws impact AI workloads across Windows and Linux. This is especially relevant as Nvidia becomes the backbone of AI development worldwide. The issue starts with a minor leak, but snowballs into complete takeover.

🇨🇳 China Questions Nvidia’s AI Chips Over “Backdoor” Concerns

Just as Nvidia deals with the Triton CVEs, China’s cybersecurity agency is summoning the company over alleged backdoors in its H20 AI chips. China’s now demanding documentation and security assurances as tensions around AI infrastructure escalate. Irony alert: the masters of backdooring are now pointing fingers.

🛡 New Linux Malware “Plague” Bypasses SSH Authentication for a Year

Researchers at Nextron Systems have uncovered “Plague,” a stealthy PAM-based Linux malware that’s evaded detection for over 12 months. It features anti-debugging, obfuscated strings, hardcoded passwords, and even hides session artifacts. This one’s sophisticated, persistent, and a serious concern for high-availability environments using SSH.

🏭 Honeywell ICS Systems Vulnerable to Critical RCE Flaws

CISA released an advisory detailing six vulnerabilities—some critical—affecting Honeywell’s Experion Process Knowledge System. These ICS/SCADA systems are core to industrial control environments. Honeywell has issued patches, and if you rely on Experion for plant or process automation, it’s time to upgrade.

📊 Meta Found Guilty of Invasion of Privacy Over Health Data

In a rare jury verdict, Meta was found to have violated the California Invasion of Privacy Act by collecting and using health-related data from the period-tracking app Flow for targeted ads. This is a major warning shot for tech companies. Jury verdicts set precedent—and this one could pave the way for stronger enforcement of digital privacy rights.

🧠 CrowdStrike: Voice Phishing Set to Double, AI Abuse Rising

CrowdStrike’s latest threat hunting report confirms what many of us are seeing: adversaries are increasingly abusing AI, targeting the cloud, and using voice phishing (vishing) to bypass MFA. The North Koreans and groups like Scattered Spider are leading the charge. If you haven’t yet implemented vishing-resistant MFA or trained your staff on social engineering—this is your wake-up call.

🧠 James Azar’s CISO Take

There’s a reason this episode hit different for me. We usually talk about numbers, vectors, exploits. But this time, cybersecurity is being used to reunite families and expose crimes against humanity. That’s a powerful reminder of the moral dimension of what we do. Cyber isn't just risk mitigation—it can be justice, protection, even salvation.

At the same time, we’ve got the usual chaos: another Salesforce breach, the crypto equivalent of Fort Knox being robbed, and SonicWall becoming ransomware bait. Plus, Nvidia is caught between innovation and international paranoia. The lesson? Defenders can’t blink. We have to understand the ecosystem—from open-source packages to AI servers to hardware firewalls—and build for resiliency, not just detection.

✅ Action Items

• 🔐 Patch Nvidia Triton servers to close RCE vulnerabilities

• 🚨 Disconnect SonicWall Gen 7 devices immediately if still in production

• 🧠 Prepare AI systems for compliance reviews and security audits

• 💬 Train teams on voice phishing—volume is set to double this year

• 🧾 Revisit app privacy practices, especially in regulated sectors

• 💸 Monitor wallet activity linked to large dormant Bitcoin holdings

• 🧬 Scan for PAM-based malware like Plague on SSH-enabled Linux systems

• 🏭 Patch Honeywell Experion ICS installations immediately

Stay Cyber Safe

✅ Story Links:

https://therecord.media/hacked-crimean-servers-abducted-children

https://www.bleepingcomputer.com/news/security/fashion-giant-chanel-hit-in-wave-of-salesforce-data-theft-attacks/

https://therecord.media/jury-verdict-meta-flo-app-data-privacy-case

https://therecord.media/sonicwall-possible-zero-day-gen-7-firewalls-ssl-vpn

https://beincrypto.com/biggest-crypto-hack-ever-chinese-bitcoin-mining-pool/

https://www.securityweek.com/nvidia-triton-vulnerabilities-pose-big-risk-to-ai-models/

https://securityaffairs.com/180694/intelligence/china-presses-nvidia-over-alleged-backdoors-in-h20-chips-amid-tech-tensions.html

https://www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/

https://www.securityweek.com/honeywell-experion-pks-flaws-allow-manipulation-of-industrial-processes/

https://www.crowdstrike.com/en-us/blog/crowdstrike-2025-threat-hunting-report-ai-weapon-target/

👀 SHOW Supporters:

Today's episode is supported by our friends at Threat Locker. https://www.threatlocker.com/cyberhub

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.