Good Morning Security Gang!
Broadcasting from Tel Aviv with the ocean breeze behind me and the sound dialed in better than yesterday’s tunnel echo, we’re bringing you a jam-packed Wednesday, July 16th, 2025 episode of the CyberHub Podcast.
From China’s multi-pronged cyber espionage campaigns, to AI doing something incredibly cool (and finally useful), to ransomware crews being taken down, today's show is all about what’s hitting us, what’s working, and where we’re finally punching back.
Grab your coffee. Let’s get right into it.
🧨 Main Stories
"China is a significant geopolitical threat to the United States and Western civilization as a whole - any denial of that is pure idiocracy at this point. It's ignoring a significant threat facing you... They believe in exporting their communism through TikTok and other means, dumbing down the population significantly." - James Azar On China's strategic threat to Western civilization
🇨🇳 China’s Volt Typhoon Fails, But Shows Intent
NSA and FBI officials confirmed that Volt oTyphoon, a Chinese APT group, tried to infiltrate U.S. critical infrastructure (with an eye on Guam) to pre-position themselves for a cyber strike tied to a potential Taiwan conflict. Their attempt failed. They were detected, flushed out, and now their playbook is public. Huge win for U.S. cyber defenders, but also a stark reminder: the CCP has long-term strategic intent, and their cyber operations are all greenlit from the top.
“We’re not dismantling the CCP’s cyber ops, but we did wreck their surprise party plans.” Kristin Walter NSA
🛰️ Salt Typhoon Breached the U.S. National Guard for 9 Months
While Volt was flushed out, Salt Typhoon got through. Targeting Cisco and Palo Alto edge devices with CVEs going back to 2018, the group breached multiple National Guard units. This means access to U.S. state-level cyber defense posture data, PII of security personnel, and critical comms. That’s…not great. Even worse? A senator is still holding up the appointment of the next CISA director. Great timing.
🤖 AI vs. Zero-Day: Google’s Big Sleep Makes History
In a cyber first, Google’s Big Sleep AI detected a zero-day vulnerability in SQLite before attackers could exploit it. It flagged early indicators passed from Google’s Threat Intelligence team and successfully identified the bug — CVE-2025-69065 — before it went live. If you needed proof that AI can be more than buzzword soup, this is it.
“Don’t fear AI — train it, deploy it, and make it your threat hunting sidekick.” James Azar
🌐 Cloudflare Sees Massive Spike in DDoS Attacks
DDoS attacks are back in force. In fact, the first half of 2025 has already surpassed all of 2024. China, Brazil, and Germany top the list of most-targeted nations. Surprise entry: agriculture, which jumped from 38th to 8th place. Indonesia is now the top origin country. Reminder: if you think DDoS is dead, you’re dead wrong.
🐍 North Korean NPM Malware Targets Developers
North Korea is back to its old tricks — this time using malicious NPM packages to drop malware on developer machines. Over 17,000 downloads were tracked across dozens of packages designed to install backdoors and steal credentials. DevSecOps and SBOMs aren’t optional anymore, they’re existential.
🌐 Chrome’s New Zero-Day – Patch Now
CVE-2025-6558 — a zero-day in Chrome’s ANGLE graphics engine — is being actively exploited in the wild. The flaw allows attackers to break out of the browser sandbox with crafted HTML. Google pushed out an emergency patch. If you haven’t deployed it, you’re burning daylight.
💾 Synology NAS Ransomware Gang Busted
Europol and Romanian police took down DiskStation, a ransomware gang targeting NAS devices globally. Their attacks began in 2021 and used various names like “Umbrella Security” and “Seven Even Security.” Ransom demands ranged from $10K to six figures. Their arrest is a win, but also a reminder: NAS devices on the internet are soft targets unless hardened properly.
🇦🇺 Australia Finally Gets OT Standard
After years of lagging, Australia adopted IEC 62443 as their official OT cybersecurity standard. It breaks down protections into three layers — asset owners, service providers, and product suppliers. It’s a much-needed step in securing power, water, and other ICS sectors Down Under. About time.
🎖️ Ex-Soldier Hacks AT&T, Leaks Presidential Call Logs
In an almost unbelievable twist, a former U.S. Army soldier — under the alias Kyber Phantom — pled guilty to hacking into AT&T and Verizon, exfiltrating high-level call logs (including presidential). He and his Canadian co-conspirator sold data on dark forums and tried extorting companies for over $1M. Lesson: Don’t leave your Snowflake instances without MFA, folks.
✅ Action List for Security Teams:
🔒 Patch Chrome ASAP – CVE-2025-6558 is in the wild.
🛡️ Audit and segment edge devices (especially Cisco/Palo Alto).
🤖 Explore AI threat hunting — Bixleap is proof it can work.
📦 Validate developer dependencies — NPM supply chain threats persist.
🌍 Test DDoS mitigation regularly – attack volumes are spiking.
🔐 Harden NAS systems if publicly accessible.
📞 Monitor telecom-related logs for suspicious access or data leaks.
⚙️ Review OT/ICS environments in light of IEC 62443 (especially if global).
🧠 James Azar's CISO Take:
This week felt like one massive tug-of-war between resilience and recklessness. On one hand, we see Google AI finding zero-days before threat actors weaponize them. On the other, the U.S. National Guard gets breached because of unpatched devices going back six years. We’re not losing the cyber war — but we are leaking strategy points in the form of forgotten CVEs, low-effort MFA gaps, and neglected asset hygiene.
We’ve proven we can outsmart, outpace, and out-defend even top-tier nation-state actors when public and private sector collaborate. But it’s still a race where the margin of error is thin. You can’t out-AI a zero-day if your firewall is still on version 2018. You can’t stop espionage if your political leaders stall leadership appointments. This isn’t a resource problem — it’s a priority problem. And until we fix that, expect more salt in the cyber wounds.
🎙️ That’s a wrap for today. I’ll see you tomorrow at 9AM Eastern — from Tel Aviv to your screens. Subscribe, share, and most importantly...
Stay cyber safe.
✅ Story Links:
https://therecord.media/china-typhoon-hackers-nsa-fbi-response
https://www.securityweek.com/chinas-salt-typhoon-hacked-us-national-guard/
https://therecord.media/google-big-sleep-ai-tool-found-bug
https://www.securityweek.com/ddos-attacks-blocked-by-cloudflare-in-2025-already-surpass-2024-total/
https://www.securityweek.com/chrome-update-patches-fifth-zero-day-of-2025/
https://thecyberexpress.com/australia-adopts-ot-cybersecurity-standards/
https://www.securityweek.com/former-us-soldier-who-hacked-att-and-verizon-pleads-guilty/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post