Good morning, security gang,
Welcome to another episode of the CyberHub Podcast! It’s Wednesday, June 4, 2025, and we’ve got a packed lineup for you today. If you missed yesterday’s special with Roger Grimes on “Taming the Hacker Storm,” make sure to catch the replay.
CyberHub Podcast Recap – Wednesday, June 4, 2025
Now, with espresso in hand, James Azar dives into a deep round-up of security incidents across government, industry, and the open-source world—with ransomware surges, insider threats, and policy shifts leading the headlines.
🛑 Major Cyberattacks Disrupt U.S. Cities & Territories
Oklahoma, Ohio, and Puerto Rico are reeling from ransomware attacks that have crippled municipal services:
Durant, OK: Ransomware took down city systems and the police department’s network. Emergency services remain functional.
Lorain County, OH: Courts and public services were knocked offline, affecting over 315,000 residents. Restoration is underway.
Puerto Rico: A cyberattack hit the Department of Justice, forcing the suspension of criminal background check services.
These incidents highlight the chronic under-resourcing of municipal IT and the lack of segmentation still plaguing many government systems.
💸 Outsourcing Fallout: Coinbase Breach Blamed on Indian Vendor
TaskUs, an Indian outsourcing firm supporting Coinbase, admitted to a major insider breach involving bribed employees. One agent was caught taking pictures of sensitive customer data, leading to an internal investigation and multiple terminations.
Coinbase notified 70,000 affected customers, stating the attackers accessed:
Names, emails, partial SSNs, transaction history
ID document scans
This case raises deep questions about outsourcing culture gaps, policy enforcement, and data handling oversight.
🩺 Victoria’s Secret Delays Earnings After Cyberattack
Victoria’s Secret postponed its Q1 earnings release due to a cybersecurity incident that took down both its corporate systems and retail site. The breach occurred on May 26 and remains in recovery mode.
🧯 Honeywell Report: Ransomware Surging in Industrial Sector
Honeywell’s 2025 threat report revealed:
A 3,000% increase in Ramnit malware infections in Q4 2024
More than 1,800 unique malware threats detected in USB scans
Ransomware incidents are increasingly impacting OT systems indirectly via IT system disruptions
Even when malware doesn't target OT directly, the convergence of IT/OT often forces full production shutdowns.
🧬 Lumma Stealer Returns Despite Takedown
Though Lumma was disrupted in an international law enforcement operation, it quickly resurfaced online, showing the resilience of decentralized cybercrime. James emphasized that without stronger global cooperation—especially from Russia, China, and Iran—malware-as-a-service will remain a persistent threat.
🧪 Supply Chain Threats: Malicious Packages on NPM, PyPI, and Ruby
Checkmarx, ReversingLabs, and others uncovered packages that:
Drain crypto wallets
Delete entire codebases
Exfiltrate Telegram API tokens
Socket noted that the two malicious gems were published by a threat actor under the aliases Bùi nam, buidanhnam, and si_mobile merely days after Vietnam ordered a nationwide ban on the Telegram messaging app late last month for allegedly not cooperating with the government to tackle illicit activities related to fraud, drug trafficking, and terrorism.
Another set of malicious npm packages – pancake_uniswap_validators_utils_snipe, pancakeswap-oracle-prediction, ethereum-smart-contract, and env-process – have been found to steal anywhere between 80 to 85% of the funds present in a victim's Ethereum or BSC wallet using obfuscated JavaScript code and transfer them to an attacker-controlled wallet.
These malicious libraries are downloaded hundreds of thousands of times, once again showing the dangers of unchecked open-source dependencies.
🖥 HPE StoreOnce Hit With Critical Vulnerabilities
Hewlett Packard Enterprise disclosed eight vulnerabilities in its StoreOnce backup platform, including:
A critical authentication bypass (CVSS 9.8)
CVE-2025-37089 – Remote Code Execution
CVE-2025-37090 – Server-Side Request Forgery
CVE-2025-37091 – Remote Code Execution
CVE-2025-37092 – Remote Code Execution
CVE-2025-37093 – Authentication Bypass
CVE-2025-37094 – Directory Traversal Arbitrary File Deletion
CVE-2025-37095 – Directory Traversal Information Disclosure
CVE-2025-37096 – Remote Code Execution
Remote code execution and SSRF flaws
Admins are urged to upgrade to version 4.3.11 immediately.
🇩🇪 Vodafone Fined $51M for GDPR Violations
Germany fined Vodafone $51.2M for:
Letting third-party agents engage in fraudulent customer contracts
Having insecure customer authentication on its portal and hotline
The fine includes €15M for lax oversight and €30M for technical security deficiencies.
🇬🇧 UK Embraces Cyber War Strategy in Defense Review
The UK’s Strategic Defense Review unveiled plans to integrate offensive cyber capabilities across all military branches in collaboration with intelligence agencies (MI5, MI6, GCHQ). The country is publicly acknowledging a shift toward active digital warfare, breaking past norms of secrecy around cyber operations.
🧑💼 CISA Leadership Update: Industry Backs Trump Nominees
Two coalitions of cybersecurity experts have endorsed:
Sean Planky as CISA Director
Sean Cairncross as National Cyber Director
James urges the Senate to confirm the nominees quickly, emphasizing the need for strong leadership at a time of mounting threats.
✅ Action List for Cybersecurity Professionals
🔐 Segment your networks to prevent full-service disruptions from ransomware in local government and public agencies.
🌍 Audit outsourcing partners—especially those handling sensitive data—and implement strict device use and culture reinforcement policies.
🛑 Apply least privilege principles and mobile device restrictions in customer service environments.
🚨 Update systems with Honeywell, Chrome, Android, and HPE patches as high-severity threats are actively exploited.
🧪 Lock down open-source dependencies and verify package integrity before implementation in production.
📉 Use the Vodafone case to review partner management, contract auditing, and customer authentication flows.
🎖 Advocate for clear and proactive national cyber defense strategies that include both offensive and defensive capabilities.
📣 Support leadership confirmations at CISA and the White House—vacancies are strategic vulnerabilities.
That wraps up today’s CyberHub Podcast. For more in-depth coverage, follow us on CyberHelpPodcast.com, where this episode and more insights from the Roger Grimes interview are now available. And don’t forget—like, share, subscribe, and comment with your coffee choices or cyber questions.
Until tomorrow at 9AM Eastern—stay tuned, stay caffeinated, and most importantly… stay cyber safe.
✅ Story Links:
https://therecord.media/thousands-impacted-by-cyberattacks-states-puerto-rico
https://www.securityweek.com/ramnit-malware-infections-spike-in-ot-as-evidence-suggests-ics-shift/
https://www.bankinfosecurity.com/lumma-stealer-malware-resurgence-challenges-global-takedown-a-28579
https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html
https://therecord.media/germany-privacy-regulator-fines-vodafone
https://www.securityweek.com/the-uk-brings-cyberwarfare-out-of-the-closet/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post