On this Thursday morning, March 13, 2025—just ahead of St. Patrick’s Day—the CyberHub Podcast host returns to the studio, celebrating not just the holiday atmosphere but also the joy of a perfectly made espresso.
In this episode, multiple cybersecurity threats take center stage, particularly from Chinese state-backed threat actors targeting critical US infrastructure. Additional highlights include significant ransomware developments, newly revealed vulnerabilities in widely used platforms, and a positive note on cybersecurity education funding.
Below is a detailed rundown of each major story discussed in the podcast.
Volt Typhoon Targeting the U.S. Electric Grid
A Chinese threat group known as Volt Typhoon has been identified infiltrating the U.S. electric grid, with Dragos publishing a study focusing on its attack against the Littleton Electric Light and Water Department in Massachusetts. The attackers maintained persistent access for nearly 300 days, exfiltrating operational technology (OT) data and mapping out grid infrastructure. According to analysis, their end goal could be to disrupt power transmission—potentially causing blackouts and hindering a U.S. military response in the event of larger geopolitical tensions, such as a conflict over Taiwan.
Chinese Attackers Targeting Juniper Routers
Researchers at Mandiant uncovered a separate Chinese state-backed group, UNC-3886, deploying custom backdoors on Juniper network devices. Their activity showed deep technical knowledge of end-of-life hardware and software, allowing stealthy persistence. This development underscores the urgency of securing critical hardware supply chains, especially when many networking components are manufactured overseas and could conceal malicious implants at a very fundamental level.
Medusa Ransomware Hits Over 300 U.S. Critical Infrastructure Entities
A joint advisory by the FBI and MSI SAC highlights the Medusa ransomware group compromising more than 300 organizations tied to critical infrastructure in the United States. The gang primarily targets sectors such as healthcare, education, legal services, insurance, technology, and manufacturing. Authorities recommend prompt patching of systems and rigorous segmentation of internal networks to reduce the lateral movement potential. Sharing IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures) with security partners is equally emphasized.
Microsoft Patch Tuesday and a Long-Standing Zero-Day
Microsoft’s latest Patch Tuesday addressed six zero-day vulnerabilities, including one in the Windows Win32k kernel subsystem (CVE-2025-24983) exploited in the wild since March 2023. ESET researchers traced the flaw back nearly two years, underscoring how long it can take to address dangerous software gaps. U.S. federal agencies are mandated to patch these vulnerabilities by April 1, signaling their severity and the urgency for organizations to follow suit.
Surge in SSRF Exploitation
Security firm GrayNoise has detected a coordinated spike in Server-Side Request Forgery (SSRF) exploits across multiple platforms, including .NET Nuke, Zimbra Collaboration Suite, VMware vCenter, GitLab CE/EE, and more. Attackers use SSRF to gain unauthorized access to internal systems, stressing the need for timely patching and rigorous network segmentation.
CVE-2017-0929 (CVSS score: 7.5) - DotNetNuke
CVE-2020-7796 (CVSS score: 9.8) - Zimbra Collaboration Suite
CVE-2021-21973 (CVSS score: 5.3) - VMware vCenter
CVE-2021-22054 (CVSS score: 7.5) - VMware Workspace ONE UEM
CVE-2021-22175 (CVSS score: 9.8) - GitLab CE/EE
CVE-2021-22214 (CVSS score: 8.6) - GitLab CE/EE
CVE-2021-39935 (CVSS score: 7.5) - GitLab CE/EE
CVE-2023-5830 (CVSS score: 9.8) - ColumbiaSoft DocumentLocator
CVE-2024-6587 (CVSS score: 7.5) - BerriAI LiteLLM
CVE-2024-21893 (CVSS score: 8.2) - Ivanti Connect Secure
FreeType and Zoom Vulnerabilities
Two additional vulnerability disclosures emerged:
FreeType (CVE-2025-27363) allows arbitrary code execution if left unpatched. FreeType is a widely used font-rendering library found in Linux distributions, Android, game engines, and various GUI frameworks.
Zoom patched three vulnerabilities impacting Zoom Workplaces, Zoom Room Controls, and Zoom Meeting SDK in versions before 6.3.0. Users and organizations are urged to update promptly to avoid risks of session hijacking or data exposure.
University of South Florida’s Cyber & AI College
On a brighter note, cybersecurity education gains momentum with a historic $40 million donation to the University of South Florida (USF). Philanthropists Arnie and Lauren Bellini are funding the Bellini College of Artificial Intelligence, Cybersecurity, and Computing, merging cyber and AI instruction under one roof. This marks a significant push to prepare the next generation of security and AI professionals, addressing a critical skills gap in the industry.
Upcoming Israel CyberTech Conference
James Azar also teases an upcoming trip to Cybertech in Israel, where discussions will center on Iran, geopolitical cyber threats, and global defense strategies. The show will be broadcast live daily from the conference, featuring panels with esteemed defense and cybersecurity leaders.
Action Items
Review and Patch
Apply the latest security patches for Windows zero-day vulnerabilities.
Update FreeType to version 2.13.0 or higher.
Upgrade Zoom to version 6.3.0 or above.
Harden Network Devices
Replace or upgrade end-of-life routers and firewalls, especially if they run outdated Juniper OS.
Enforce proper hardware inspection policies to minimize the risk of concealed implants.
Improve OT Security
Segment OT systems from enterprise networks and regularly monitor for unusual data exfiltration.
Collaborate with your IR team to map TTPs of threats like Vault Typhoon and Medusa.
Strengthen Ransomware Defenses
Implement robust backups, practice frequent restoration drills, and adopt zero-trust principles.
Verify threat intelligence on emerging ransomware families and share relevant indicators.
Support Cyber Education
Explore university and community programs, like USF’s new Bellini College, to address talent shortages.
Encourage cross-disciplinary learning between cybersecurity, AI, and operational technologies.
✅ Story Links:
https://www.securityweek.com/chinas-volt-typhoon-hackers-dwelled-in-us-electric-grid-for-300-days/
https://therecord.media/china-continues-attacks-routers-juniper
https://thehackernews.com/2025/03/over-400-ips-exploiting-multiple-ssrf.html
https://thecyberexpress.com/multiple-zoom-vulnerabilities-detected/
Level Zero Conference Discount Code: L020RESPOND at www.levelzeroconference.com
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post