Good Morning Security Gang!
Happy Wednesday from Hacker Summer Camp here in sweltering Las Vegas, Nevada! It's August 6, 2025, and yes—your favorite pre-dawn podcast host is firing on all cylinders after accidentally turning a 15-minute Navy SEAL nap into a full-on, 12-hour blackout.
But I’m back, I’m caffeinated, and I’ve got a jam-packed show with stories ranging from voice phishing attacks on Cisco and Pandora, a fresh PBS data leak, to some very nasty vulnerabilities across Dell, Trend Micro, Adobe, and even the spyware ecosystem.
So grab your coffee—double espresso if you’re like me—and let’s get into today’s cyber headlines.
🛜 Cisco Confirms Voice Phishing Breach of CRM System
Cisco disclosed a breach affecting a third-party customer relationship management (CRM) system. Threat actors used voice phishing (vishing) to steal basic profile data from users registered on Cisco.com, including names, phone numbers, and email addresses. No Cisco products or internal systems were impacted, but this is the latest reminder that social engineering is evolving, and attackers are now using voice calls to bypass traditional phishing defenses.
"They're no longer doing the phishing emails. It's phishing. It's voice phishing, folks. They're calling, they're pretending to be someone, they're authenticating, and they're making it work." - James Azar On the evolution of social engineering attacks
💍 Pandora Confirms Customer Data Breach in Salesforce Attack
Pandora, the global jewelry brand, has confirmed it was impacted by the ongoing Salesforce-related breaches. ShinyHunters claimed responsibility, stealing names, birthdates, and email addresses of U.S.-based customers. While financial information wasn’t leaked, the company joins a long list of Salesforce-linked victims including Adidas, Dior, Tiffany, and more. This is another Snowflake-style misconfiguration exploit—no MFA, weak logins, and user-side errors, not Salesforce’s fault.
🩺 DaVita Ransomware Attack Exposes Nearly 1M Patient Records
DaVita, one of the largest kidney care providers in the U.S., reported that nearly 952,000 Americans were impacted by an April ransomware attack. Stolen data includes full PII, social security numbers, insurance info, health conditions, and even images of checks written to DaVita. The Interlock ransomware gang is behind the breach. This one’s serious—these are records you can't rotate or change.
"This is where I agree with this reporting... because take away names and addresses, DOBs, SSNs, health insurance information - that's all really, really usable information that's information you cannot change." - James Azar on the DaVita breach significance and proper breach classification
📺 PBS Employee Contact Data Leaked on Discord
A leak circulating on Discord exposed contact information for nearly 4,000 PBS employees and affiliates. The JSON file includes names, emails, job titles, locations, and even hobbies—yep, hobbies. While it wasn’t leaked to the dark web, the origin appears to be an internal PBS service. It’s a small but telling example of how insider access and simple exports can go public unintentionally.
🤖 Google’s BigSleep AI Uncovers 20+ Real-World Vulnerabilities
Google’s new BigSleep initiative—a collaboration between DeepMind and Project Zero—identified 20 vulnerabilities in real-world open-source projects. Though exact details remain under wraps to prevent early exploitation, we now know BigSleep is more than hype. It’s already influencing vendor patch cycles.
💻 Dell BIOS Flaws Impact 100+ Models
Cisco Talos discovered five serious vulnerabilities in Dell's ControlVault firmware impacting more than 100 Latitude and Precision models. Attackers with physical access can bypass Windows login, implant persistent malware, or modify firmware without admin privileges. All five CVEs are live, patches are out, and if you use a Dell, get moving.
🛡 Trend Micro Apex One Exploit Under Active Attack
A remote code execution vulnerability (CVE-2025-54904 & -54987) in Trend Micro’s Apex One endpoint security is being exploited in the wild. The flaw allows pre-authenticated attackers to execute arbitrary code. No full patch is out yet, but mitigation tools are available. If you run Apex One, apply them now.
⚠ Adobe Experience Manager Gets Emergency Patch
Adobe issued an emergency patch for two high-severity CVEs (2025-54253 and -54254) affecting AEM Forms and Java Enterprise Edition. One of them scored a perfect 10.0 CVSS and already has public exploit code. If you use Adobe in your enterprise stack, patch immediately.
🕵️♂️ Candiru Spyware Infrastructure Exposed
Recorded Future’s Insikt Group uncovered infrastructure linked to spyware vendor Candiru, used to deploy the “Devil’s Tongue” malware. Active clusters were tied to Hungary, Saudi Arabia, and Indonesia. The infrastructure enables deployment and C2 communication for targets ranging from dissidents to journalists. This isn’t a zero-day issue—it’s a zero-morality one.
🧠 James Azar’s CISO Take
This week has been another reminder that cybersecurity risk lives not just in your code, but in your people, your processes, and your partners. From Cisco’s vishing attack to DaVita’s ransomware breach, we’re seeing attackers target the weakest link—humans and misconfigurations. And when third-party platforms like Salesforce or Apex One get misused, the brand reputation of global companies like Pandora or PBS takes the hit. MFA, SSO hygiene, and endpoint protection can’t be optional anymore—they have to be foundational.
What also stood out to me is how fast AI and spyware are evolving. BigSleep shows us what AI can do for defense—but Candiru reminds us what it can do for surveillance. The industry needs to stop thinking of spyware as “intelligence tools” and start treating them as cyber weapons. With Dell firmware flaws and Adobe 10.0 CVEs in the wild, CISOs need to shift focus from passive alerting to proactive hardening. Don’t wait for the breach—you’re already on the board.
✅ Action Items
☎️ Train staff on voice phishing; implement phishing-resistant MFA
🔐 Patch all Dell Precision/Latitude BIOS vulnerabilities immediately
🚨 Apply Trend Micro Apex One mitigation tools if patches aren’t available
🧱 Patch Adobe AEM Forms and JEEs for CVEs 2025-54253/54254
📊 Review Salesforce & cloud platform MFA policies for third-party apps
🧠 Monitor Google’s BigSleep disclosures for follow-up patch releases
🧾 Review how “non-sensitive” employee data is stored and accessed internally
🛰 Evaluate endpoint visibility against spyware and nation-state implants
Stay Cyber Safe.
✅ Story Links:
https://www.securityweek.com/cisco-says-user-data-stolen-in-crm-hack/
https://therecord.media/davita-dialysis-company-ransomware-attack-data-breach-notifications
https://thecyberexpress.com/google-big-sleep-finds-20-vulnerabilities/
https://www.securityweek.com/flaws-expose-100-dell-laptop-models-to-implants-windows-login-bypass/
https://therecord.media/candiru-spyware-active-infrastructure-hungary-saudi-arabia
👀 SHOW Supporters:
Today's episode is supported by our friends at Threat Locker. https://www.threatlocker.com/cyberhub
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post