Good Morning Security Gang!
It’s great to be back in the CyberHub Podcast studio after a month on the road, from Israel to Hacker Summer Camp. I’ve missed the smell of my own espresso machine—and yes, I hauled back a carry-on stuffed with Nespresso capsules from Israel because they’re a fraction of the U.S. price.
Today’s show is a jam-packed return to home base, covering a sweeping set of stories from massive university breaches to U.S. federal judiciary hacks, ransomware evolutions, AI jailbreaks, and a zero-day making the rounds in WinRAR. Let’s dive right in.
🎓 Columbia University Breach Impacts 860,000+
Columbia University is notifying 868,969 individuals after a summer breach that caused outages on June 24 and July 1. Attackers accessed sensitive admissions, enrollment, and financial aid data, including SSNs, demographic data, academic history, insurance, and some PHI. Fortunately, patient records at Columbia’s Irving Medical Center were not impacted, thanks to proper network segmentation. Victims are receiving two years of credit monitoring and identity theft restoration.
📢 Google Ads Customers Caught in Salesforce Breach
Google confirmed its Salesforce instance was compromised by ShinyHunters, exposing contact info and account notes of Google Ads customers—myself included. No payment info was taken, but the group has demanded 20 BTC (~$2.3M) to keep the data private. ShinyHunters appears to be teaming up with Scattered Spider under a new “Spider Hunters” brand. My take: Too many egos in one crew usually leads to implosion.
⚖ U.S. Judiciary Case Management System Hacked
The U.S. federal judiciary acknowledged a cyberattack on its electronic case management system hosting confidential court filings.
A Politico report that claimed a breach had occurred exposing sensitive information including the identities of confidential informants - which would be horrible - and also probably unsealed indictments. If someone facing a grand jury indictment who doesn't know it's forthcoming has this information compromised, they could be given a heads up, leave the country, go to a non-extradition location, beef up their defense, or get rid of evidence. Bleeping Computer contacted the US Federal Judiciary and DOJ but were directed to the already published statement. The implications of this breach for ongoing federal cases and national security could be massive.
🇦🇺 Australian Watchdog Sues Optus Over 2022 Breach
Australia’s OAIC is suing Optus, alleging the telco failed to secure personal data for years leading up to its 2022 breach affecting nearly 10M customers. The breach included 1.2M government IDs and 17,000 Medicare numbers. With potential fines exceeding AUD $21 trillion if maximum penalties per person were applied, the case raises big questions about proportional punishment versus business viability.
"Is the government going after businesses to bankrupt them over fines? If that's the case, how do you have an economy?" - James Azar Questioning the $21.9 trillion potential fine against Optus in Australia
🇷🇺 RomCom Exploiting WinRAR Zero-Day
ESET discovered the Russian-linked RomCom group exploiting a WinRAR zero-day (CVE-2025-8088) via spear phishing. Malicious archives disguised as résumés are being used to extract files to attacker-controlled paths. The flaw abuses alternate data streams and is currently unpatched in many environments.
📧 29K Exchange Servers Still Unpatched
CVE-2025-53786 affects Microsoft Exchange Hybrid setups, allowing privilege escalation from on-prem to cloud without logging in M365. Despite CISA’s emergency directive, 29,000 servers remain unpatched, including 7,000 in the U.S. Agencies were ordered to patch by Monday morning—many likely missed the deadline.
🛠 Help Desk Fraud and Scattered Spider Tactics
Help desk exploitation remains a favorite move for Scattered Spider and associates—resetting accounts, moving laterally, and exfiltrating data. Arrests in the UK briefly slowed them, but decentralized crime groups quickly filled the gap. The only real solution? Train your help desk staff to validate identities rigorously.
"The threat actors are now referring to themselves as 'Spider Hunters'... I just want to say it didn't work out for LeBron, folks. Too many egos on one team tend to actually be the downfall of a team." - James Azar On the merger of Shiny Hunters and Scattered Spider
💰 Embargo Ransomware Emerges Post-BlackCat
Embargo has raked in $34M in just one year, possibly succeeding BlackCat/ALPHV. Operating as a RaaS, they’ve targeted healthcare, business services, and manufacturing, with ransom demands reaching $1.3M. The group is technically advanced, resource-rich, and expanding quickly.
🤖 GPT-5 Jailbroken in 24 Hours
Two separate research teams independently jailbroke GPT-5 within a day of release, bypassing safety filters without issuing explicit malicious prompts. Findings show model governance still focuses too narrowly on single-prompt checks rather than multi-turn conversation context—creating dangerous gaps for exploitation.
🧠 James Azar’s CISO Take
Coming back to the studio, I’m reminded that cyber defense is equal parts process, tech, and human vigilance. From Columbia’s segmentation success to the help desk failures exploited by Scattered Spider, the contrast is stark. Breaches don’t always mean a full collapse—segmentation, strong IAM, and staff training can make the difference between a targeted compromise and total organizational chaos.
The AI security findings around GPT-5 being jailbroken in 24 hours really crystallize my concerns about rushing AI deployment without adequate security frameworks. We're integrating these powerful tools into enterprise environments while researchers can easily manipulate them through multi-turn conversations that bypass single-prompt filters. Combined with the help desk fraud evolution and the massive scale of breaches like Columbia's 860,000+ individuals, it's clear we're in a period where traditional security controls are being outpaced by both AI capabilities and traditional attack methods.
✅ Action Items
🔐 Patch Exchange Hybrid CVE-2025-53786 immediately and reset service principal credentials
🛡 Train help desk teams on phishing-resistant identity verification and escalation protocols
📦 Audit WinRAR usage and restrict untrusted archive handling until CVE-2025-8088 is patched
💳 Review Salesforce CRM access policies, enforce MFA, and audit connected apps
🧠 Implement segmentation across sensitive data environments (academic, medical, legal)
📜 Monitor AI deployments for prompt injection and jailbreak vulnerabilities
🚨 Track ransomware ecosystem changes; update IR playbooks with Embargo TTPs
🇦🇺 Follow the Optus case for precedent-setting rulings on breach penalties
Stay Cyber Safe.
✅ Story Links:
https://www.securityweek.com/columbia-university-data-breach-impacts-860000/
https://www.bankinfosecurity.com/australian-privacy-regulator-sues-optus-over-2022-hack-a-29162
https://www.securityweek.com/russian-hackers-exploited-winrar-zero-day-in-attacks-on-europe-canada/
https://therecord.media/embargo-ransomware-gang-blackcat-alphv-successor
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post