Good Morning Security Gang,
Episode 914 of the CyberHub Podcast arrived with a flood of stories reflecting the dynamic state of global cybersecurity.
🎙️ Midweek Mayhem: Hacks, Lawsuits, and Legislative Overhauls
Host James Azar, energized by elite Israeli espresso, delivered a detailed update on recent cyber incidents ranging from Coinbase’s swift breach response to a shocking multi-year intrusion at SK Telecom, all while tackling the latest Avanti exploit chain, data privacy debates, legislative movements in Europe, and deep-dive incident forensics.
It’s a packed show with lessons for CISOs, SOCs, risk leaders, and policymakers alike.
🪙 Coinbase Breach Impacts Nearly 70K, But IR Game Is Strong
Coinbase disclosed details from its recent data breach, confirming the impact on 69,461 users. The breach was traced to offshore support contractors who improperly accessed PII, including names, masked bank details, dates of birth, emails, and partial SSNs—but no passwords or crypto keys were stolen. The response has been swift and coordinated, and the estimated remediation cost may range between $180M–$400M. James raises critical questions about redefining PII standards in an era where addresses and phone numbers are no longer inherently private.
📶 Cellcom Cyber Attack Shuts Down Telecom Services Across Wisconsin
Cellcom, a regional U.S. telecom provider, confirmed a cyber incident caused widespread outages in Wisconsin and upper Michigan. Though the root cause is still under investigation, the outage exemplifies the risk posed by integrated IT/OT systems in telecom—where disruptions cascade across both network management and core services.
🇷🇺 Massive DDoS Attack Disrupts Russian Government Services
Russian services—including tax systems, secure document platforms, and internet infrastructure—suffered outages due to what the Kremlin claims was a foreign DDoS campaign. These events mirror an intensifying cyber battlefront between Russia and Ukraine, where both sides engage in offensive cyber ops as part of hybrid warfare.
🛒 Marks & Spencer Projects $402M Loss from Cyberattack
British retailer Marks & Spencer revealed that the Easter cyberattack could cost up to £300M (~$402M) in lost operating profit due to disrupted food sales, logistics inefficiencies, and prolonged manual operations. The company is using the event to fast-track its infrastructure modernization while seeking to recover £100M via cyber insurance.
📱 SK Telecom: Attackers Were Inside for Nearly Three Years
South Korea’s largest mobile carrier SK Telecom revealed that malware discovered in April had been inside its systems since June 2022, affecting over 27 million customers. Forensic analysis revealed a lack of logging, a failure to detect payload deployment across 23 servers, and exposed critical telecom infrastructure for years—demonstrating catastrophic security visibility failures.
🏥 NRS Data Breach Spills Healthcare Data from Multiple Clients
Debt collection firm Nationwide Recovery Service (NRS) continues to notify victims of a breach impacting hundreds of thousands of individuals across the Harbin Clinic, VirtuOven Health, and others. This attack further underscores the supply chain risk associated with third-party processors in healthcare.
⚖️ Alabama Court System Restored After Cyber Incident
The State of Alabama confirmed its court system was hit by a cybersecurity incident on May 9, taking systems offline. Services are now back online, and while officials deny data exfiltration, few details have been released. It’s another sign that state-level digital justice infrastructure remains a top target.
🔐 Ivanti’s EPMM Hit with Critical RCE Chain Again
Wiz Security disclosed new technical details about an authentication bypass and RCE chain in Ivanti’s Endpoint Mobile Manager (EPMM) software. The vulnerabilities stem from misconfigured Spring Framework security settings and unsafe input handling. Attackers were observed deploying beacon payloads connecting to known C2 infrastructure also used against Palo Alto’s PAN-OS.
✉️ OpenPGP.js Spoofing Bug Could Forge Message Signatures
Researchers from Codean Labs found a critical flaw in OpenPGP.js that could allow attackers to spoof message signature verification. Affected versions include 5 and 6. The vulnerability (CVE-2025-47934) has been patched, but projects like FlowCrypt, PGPAnywhere, and Passbolt using the library must update immediately.
👩⚖️ Delta Airlines Lawsuit Against CrowdStrike Moves Forward
A Georgia judge has allowed Delta’s negligence claim against CrowdStrike to proceed following the airline’s claim that the cybersecurity firm failed in its contractual obligations. Fraud claims were dismissed, but the case signals a broader trend where cyber vendors may face growing legal exposure for breach-related performance.
🇳🇱 Netherlands Criminalizes Cyber Espionage with New Law
Dutch lawmakers passed a sweeping law expanding espionage criminality to include cyber operations, foreign influence campaigns, and the leaking of sensitive non-classified information. Offenders could face 8–12 years in prison. This aligns with Europe’s rising push to close legal gaps exploited by nation-state actors and foreign proxies.
🎓 Massachusetts Teen Pleads Guilty to Hacking PowerSchool and Telecom
Nineteen-year-old Matthew D. Lane pled guilty to hacking two U.S. companies, allegedly including PowerSchool, to extort ransom payments. He stole personal data of 60M+ students and 10M+ teachers, and demanded $2.85M in BTC. The breaches began when Lane was a minor, and his sentencing may consider that context.
✅ Action List for Security Leaders & Practitioners
Review PII Definitions Internally: Reevaluate breach response thresholds and reporting based on modern expectations of data exposure.
Reassess Logging and Visibility: Ensure all systems, including Linux servers, maintain logs that allow for full incident reconstruction.
Patch Avanti EPMM Immediately: Apply latest security updates and block known C2 IPs tied to beacon activity.
Enforce Vendor Monitoring: Monitor critical third-party processors (like debt collectors) for security hygiene and breach responsiveness.
Update OpenPGP Libraries: Check dependencies on OpenPGP.js and ensure you’re running at least version 5.11.3 or 6.1.1.
Simulate DDoS Resilience: Prepare for volumetric attacks targeting public infrastructure or private telecom providers.
Track Legal Trends in Vendor Liability: Follow the Delta–CrowdStrike case and assess your contractual protections in breach scenarios.
Follow Espionage Law Shifts: Multinational orgs operating in the EU should review new Dutch cybersecurity law impacts.
Segment OT and IT Networks: Especially in telecom and logistics, reduce shared attack surfaces across critical infrastructure.
🔚 That’s a wrap for today’s episode. Head to CyberHubPodcast.com for the full story breakdowns, breach summaries, and your free daily cyber briefing.
Until next time—coffee cup cheers, and most importantly, stay cyber safe.
✅ Story Links:
https://www.securityweek.com/cellcom-service-disruption-caused-by-cyberattack/
https://therecord.media/major-russian-state-services-disrupted-ddos
https://therecord.media/marks-spencer-cyberattack-hit-to-profits-300m
https://www.bankinfosecurity.com/debt-collector-hack-affects-long-list-clients-patients-a-28429
https://therecord.media/alabama-cyberattack-neutralized
https://www.securityweek.com/wiz-warns-of-ongoing-exploitation-of-recent-ivanti-vulnerabilities/
https://www.securityweek.com/critical-openpgp-js-vulnerability-allows-spoofing/
https://www.bankinfosecurity.com/judge-lets-delta-lawsuit-over-crowdstrike-outage-proceed-a-28443
https://therecord.media/netherlands-law-criminalizes-cyber-espionage
https://www.securityweek.com/us-student-to-plead-guilty-over-powerschool-hack/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post