🎙️ Good Morning Security Gang,
Cyber Pulse on a Monday: Breaking Through the Hype and Headlines
Kicking off the week strong, host James Azar returned with a deeply analytical CyberHub Podcast, cutting through the noise surrounding Coinbase’s recent incident and spotlighting urgent cyber developments across the globe.
From government-level breaches in the UK to Japan’s bold cyber defense law and new malware tactics in ransomware campaigns, this episode navigates through misinformation, regulatory questions, and meaningful progress—while always keeping the practitioner’s perspective front and center.
🪙 Coinbase’s “Breach” Wasn’t What It Seemed—But It’s Still Serious
Coinbase confirmed an incident involving less than 1% of users, where attackers bribed offshore support contractors to access customer identity data—names, contact details, and partial SSNs. No passwords or crypto keys were accessed. The attackers sought a $20M ransom, which Coinbase refused in a “Mel Gibson in Ransom” style move. This was a case of social engineering meets insider risk, not a system compromise. Coinbase’s CISO clarified that the threat actor did not gain persistent access, and the attack did not meet typical "breach" definitions. The podcast emphasized the need to rethink what qualifies as a breach and questioned whether publicly available data like names and addresses should still trigger notification requirements.
🧾 UK Ministry of Justice Breach Exposes Legal Aid Applicant Data
The UK government confirmed a breach at its Legal Aid Agency that affects potentially every applicant since 2010. Data exposed includes names, criminal histories, national ID numbers, addresses, and financial information. Hackers are threatening to leak data from over 2 million individuals, many of whom have sealed criminal records. James criticized the government’s data retention practices, pointing out that such legacy data should not be live or accessible via hot storage.
🐍 Ransomware Gangs Adopt SkitNet Malware for Post-Exploitation
Prodaft researchers revealed that ransomware groups like BlackBasta and Cactus are using the SkitNet malware, first spotted in 2024. SkitNet uses DNS-based reverse shells and Rust-based loaders to maintain stealth access on infected machines, evading standard detection tools. It supports commands like AnyDesk installation and AV enumeration, giving attackers full control after the initial breach.
🇯🇵 Japan Passes Law Enabling Preemptive Cyber Strikes
In a dramatic policy shift, Japan enacted an Active Cyber Defense Law allowing law enforcement and defense forces to hack and neutralize hostile servers before an attack occurs. This proactive stance mimics Article 9 reinterpretations and reflects Japan’s intention to match Western cyber capabilities. James praised the move and called for similar legislation in the U.S.
🌐 CISA Warns of Chrome Zero-Day Now Under Exploitation
CISA issued an alert for CVE-2025-4664, a high-severity Chrome browser vulnerability now under active exploitation. The flaw allows remote code execution and is already being leveraged in targeted attacks. Agencies and enterprises were urged to update browsers immediately.
🧠 Pwn2Own Berlin: Researchers Exploit Zero-Days for $435K
At Pwn2Own Berlin, researchers earned $435,000 by uncovering and demonstrating zero-day exploits in products like VMware ESXi, SharePoint, VirtualBox, Firefox, and Red Hat Linux. The standout exploit was a SharePoint chain combining an auth bypass with insecure deserialization for $100K.
🎭 FBI Warns of Deepfake Campaign Targeting Ex-U.S. Officials
A sophisticated campaign is using AI-generated voice deepfakes and spoofed SMS to impersonate senior U.S. officials, targeting retired government personnel with phishing and malware. The FBI warns that the campaign transitions victims to messaging apps where credentials are harvested and accounts compromised.
💸 Massive Crypto Fraud Ring Busted in $230M Laundering Scheme
Twelve suspects were charged under RICO statutes for laundering over $230 million in crypto stolen via impersonation and SIM swap attacks. Victims were misled by spoofed Google and Gemini support numbers. The FBI, with help from crypto investigator ZachXBT, tracked the movement of 4,100 stolen BTC.
🇮🇱 Israel Arrests American-Israeli Hacker in $190M DeFi Exploit
Alexander Gervich was arrested in Israel and will be extradited to the U.S. for his role in the Nomad Bridge hack, one of the largest DeFi heists ever. Gervich allegedly exploited smart contracts to siphon off $190M. TRM Labs assisted with critical intelligence for law enforcement.
📉 Hacker Sentenced for Taking Over SEC’s X Account
Eric “Ronan” Council Jr. was sentenced to 14 months in prison for hijacking the U.S. SEC’s official X (formerly Twitter) account to falsely pump Bitcoin prices. The court also ordered forfeiture of $50K and three years of supervised release.
✅ Action List for Practitioners and Decision-Makers
Update Chrome Immediately: Patch against CVE-2025-4664 due to confirmed active exploitation.
Review Insider Risk Protocols: Examine offshore contractor access and reinforce insider risk programs with behavioral analytics.
Redefine Breach Classifications: Revisit breach disclosure thresholds for publicly available vs. sensitive data.
Monitor for SkitNet Activity: Deploy threat hunting for Rust-based loaders and DNS shell activity in post-exploitation chains.
Segment and Archive Data: Follow best practices in data retention—hot vs. cold storage—to prevent legacy data exposure like in the UK breach.
Implement Browser Extension Security: Control and audit Chrome extensions to avoid MFA bypass and cookie theft.
Track AI Deepfake Threats: Educate users, especially high-profile targets, about deepfake phishing risks and multi-channel impersonation tactics.
Support Offensive Cyber Legislation: Encourage proactive cyber defense laws in democratic nations mirroring Japan’s example.
🔚 That’s a wrap for today’s episode. Be sure to check out CyberHubPodcast.com to get the full article and story breakdowns in your inbox. Until next time—stay informed, stay caffeinated, and most importantly, stay cyber safe.
✅ Story Links:
https://www.cyberhubpodcast.com/p/coinbases-insider-breach-what-actually
https://therecord.media/uk-legal-aid-agency-data-breach
https://therecord.media/japan-enacts-new-law-allowing-offensive-cyber-operations
https://www.securityweek.com/fbi-warns-of-deepfake-messages-impersonating-senior-officials/
https://www.securityweek.com/prison-sentence-for-man-involved-in-sec-x-account-hack/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post