CISO Talk by James Azar
CyberHub Podcast
Deepseek AI Cyber Attack & Disruption, MGM Settles Data Breach Lawsuit, Apple Zeroday Patched
0:00
Current time: 0:00 / Total time: -16:58
-16:58

Deepseek AI Cyber Attack & Disruption, MGM Settles Data Breach Lawsuit, Apple Zeroday Patched

AI Threats, Telecom Vulnerabilities, and Ransomware Emergencies: Today’s Cybersecurity Headlines with James Azar, a seasoned cybersecurity practitioner with real actions to address these challenges

From AI Threats to Cyber Breaches: A Deep Dive into Today’s Cybersecurity Landscape

Summary of CyberHub Podcast with James Azar

Good morning, Security Gang! James Azar here, broadcasting from the CyberHub bunker. Today's episode delves into major developments in cybersecurity, from emerging AI concerns to corporate settlements, ransomware, and even vulnerabilities in critical telecom infrastructure.

Here's the detailed rundown of every story discussed on the show.

Detailed Breakdown of Today’s Stories

DeepSeek AI and Its Controversies

DeepSeek AI, a new player in the AI market, has caused a stir with its beta release in the U.S. Despite impressive advancements in training models, there are serious security and ethical concerns:

  • Data Residency: All data resides in Chinese data centers, raising compliance red flags for businesses.

  • Propaganda Risks: The model is allegedly influenced by Chinese Communist Party propaganda, potentially manipulating search results and AI responses.

  • Cyber Disruption: The platform suffered a DDoS attack, hindering new user signups.

  • Security Vulnerabilities: Threat intelligence firm Kella uncovered exploits, allowing malicious outputs like ransomware creation, and privacy breaches revealing fake but sensitive employee information.

Takeaway: Businesses are urged to avoid using DeepSeek AI due to compliance, security, and ethical concerns.

TalkTalk UK Breach

The UK telecom giant TalkTalk faces a new cyber breach:

  • The Attack: Threat actors claim to have accessed data on 18.8 million customers, including names, emails, IP addresses, and phone numbers.

  • Response: TalkTalk is investigating the breach, a grim reminder of its 2015 cyberattack, which led to prison sentences for two individuals.

Key Insight: Persistent vulnerabilities in telecom highlight the importance of third-party vendor assessments.

Matagorda County, Texas, Declares Cyber Emergency

A ransomware attack paralyzed this small county’s systems, prompting a disaster declaration:

  • Scope of Impact: County systems were affected, but emergency services were operational.

  • Response: State and federal agencies, including the FBI, are assisting in mitigation.

Conclusion: Smaller counties are under-resourced for cybersecurity, making them prime ransomware targets.

MGM Settles $45 Million for Data Breaches

MGM Resorts has reached a $45 million settlement for data breaches in 2019 and 2023:

  • Details: Millions of customers had sensitive data exposed, including driver’s license and passport numbers.

  • Lessons Learned: The settlement underscores the importance of proactive cybersecurity measures for hospitality giants.

Apple Zero-Day Patch

Apple addressed its first major zero-day vulnerability of 2025:

  • The Threat: CVE-2025-24085, a use-after-free flaw in the Core Media component, allows privilege escalation.

  • Solution: Update iOS, iPadOS, and macOS immediately to ensure device security.

Share

Iranian Hackers Target Israeli Schools

Iranian cyber attackers infiltrated Israeli school emergency alert systems:

  • Impact: Systems broadcast pro-terror music and propaganda in Arabic.

  • Breach Details: Hackers compromised the Israeli electronics firm Magrotech, affecting kindergartens and schools.

This cyber event exemplifies the rising trend of geopolitically motivated cyberattacks targeting civilian infrastructure.

LTE/5G Infrastructure Vulnerabilities

Research revealed critical flaws in LTE/5G networks, exposing cities to potential communication blackouts:

  • The Findings: 119 vulnerabilities, including 93 with CVE identifiers, affect network cores.

  • The Risk: Persistent denial-of-service attacks could disrupt cellular connectivity in metro areas.

Actionable Insight: Telecom companies must prioritize security upgrades to prevent catastrophic service disruptions.

Ghost GPT: The Cybercriminal’s New Toy

Ghost GPT, a generative AI chatbot, is enabling cybercrime at just $50:

  • Capabilities: From crafting ransomware to creating phishing emails, this tool has no safeguards.

  • Examples: Convincing DocuSign phishing emails and malware development are just the beginning.

Call to Action: Organizations must adopt robust defense-in-depth strategies to counter AI-enhanced cyber threats.

Final Takeaways & Action List

  1. Stay Updated: Regularly patch software, especially for zero-day vulnerabilities like Apple’s recent updates.

  2. Assess Vendors: Vet third-party suppliers for security gaps to avoid breaches like TalkTalk’s.

  3. Avoid High-Risk Tools: Refrain from adopting AI tools like DeepSeek AI that present compliance and ethical risks.

  4. Enhance Defenses: Invest in ransomware mitigation and telecom security.

  5. Monitor Geopolitical Threats: Understand the implications of cyberattacks linked to nation-states like Iran and China.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

✅ Story Links:

https://www.securityweek.com/deepseek-blames-disruption-on-cyberattack-as-vulnerabilities-emerge/

https://therecord.media/texas-county-disaster-declaration-cyberattack

https://www.securityweek.com/talktalk-confirms-data-breach-downplays-impact/

https://www.wsj.com/articles/mgm-agrees-to-pay-45-million-to-settle-data-breach-lawsuit-e076c842?mod=cybersecurity_news_article_pos1

https://www.securityweek.com/apple-patches-first-exploited-ios-zero-day-of-2025/

https://therecord.media/hackers-hijack-sirens-iran-israel

https://www.securityweek.com/lte-5g-vulnerabilities-could-cut-entire-cities-from-cellular-connectivity/

https://www.darkreading.com/cloud-security/cyberattackers-ghostgpt-write-malicious-code

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this podcast