Good Morning Security Gang,
On episode 913 of the CyberHub Podcast, host James Azar tackled a breadth of evolving cybersecurity threats with his signature espresso-fueled urgency. From ransomware threats disrupting Europe’s food supply to the latest exploit chain in Avanti’s software, and China’s espionage campaign in Saudi Arabia, this episode was a sobering reminder that critical infrastructure—whether it's milk or mobile—is under attack.
🎙️ From Farms to Firewalls: Cyber Threats Hit the Supply Chain, Healthcare, and More
With a practitioner’s eye and a sharp tongue, James breaks down where the cracks are forming in our digital ecosystem and what defenders can do next.
🧊 Ransomware Freezes European Food Supply Chain
UK-based refrigerated logistics company Peter Green Chilled suffered a cybersecurity incident affecting its ability to process orders for major supermarket chains like Aldi and Tesco. Though transportation operations continued, the IT systems needed to coordinate deliveries were offline. This echoes 2021's Colonial Pipeline incident, where the billing system—not the fuel lines—shut down supply due to cybersecurity risks.
🥛 Dairy Giant Arla Foods Halts Production After Cyber Attack
Denmark-based Arla Foods, a cooperative producing dairy across 39 countries, was forced to temporarily stop production at a German facility due to suspicious IT activity. This incident demonstrates how technology-driven efficiency in food production can become a vulnerability when security is not built in from the start.
🇬🇧 UK’s NHS Faces Mounting Risks from Repeated Cyber Incidents
FOIA-obtained data revealed that two cyberattacks on the UK National Health Service in 2023 led to delayed surgeries and compromised patient care. One of these attacks likely involved Synnovis, a major pathology service provider. The scale and frequency of attacks on healthcare and public institutions underscore the national security implications of insufficient cyber resilience.
📵 Ivanti: Yet Another Exploit—Are Customers Still Hanging On?
Security researchers confirmed exploitation of two new CVEs (2025-4427 and 2025-4428) in Ivanti’s Endpoint Mobile Manager platform. These allow unauthenticated remote code execution by chaining an auth bypass with an RCE vulnerability. Ivanti initially blamed an open-source library but was called out for misusing dangerous functions. With hundreds of instances still exposed online, James issued a call to action: “At what point do you rip and replace?” Leave a comment if you are a customer below and tell me why you still have Ivanti on your network.
🇸🇦 China’s ‘Unsolicited Booker’ Targets Saudi Entities with MarsSnake Malware
Chinese APT group Unsolicited Booker was observed targeting a Saudi organization with a novel backdoor called MarsSnake, disguised via phishing emails pretending to be from Saudi Airlines. The intrusion, documented by ESET, is part of China’s geopolitical interest in Saudi Arabia, tied to Belt and Road ambitions and global strategic positioning.
📞 UK’s O2 Network Leaked User Location via VoLTE
O2’s recent 4G voice-over-LTE rollout had a privacy flaw that leaked approximate user location through network responses. A network enthusiast discovered that data from call setups could be used to triangulate users—raising privacy concerns for VoLTE rollouts if not properly secured.
💀 Malicious Python Packages Abused TikTok and Instagram APIs
Security firm Socket uncovered three malicious PyPI packages—checker-sagaf, stein-lurks, and center-core—that validated stolen emails against TikTok and Instagram APIs. These were downloaded over 600,000 times before being pulled, reinforcing the growing abuse of developer ecosystems for account reconnaissance and exploitation.
🖨️ Printer Manufacturer Served Malware via USB and Website for Months
Printer brand ProColored unknowingly distributed malware through USB installation drives and downloads hosted on Mega.nz. The compromised software included CoinStealer malware to hijack clipboard wallet addresses and a Dolphin-based backdoor capable of keystroke logging, remote shells, and screenshot capture. The infection persisted undetected for nearly six months.
🌐 NATO’s Lock Shields 2025 Simulates Massive Cyber Defense Exercise
The 15th edition of Lock Shields, hosted in Estonia by NATO’s Cooperative Cyber Defense Center, saw over 4,000 participants from 41 nations defending against more than 8,000 simulated cyberattacks. This annual exercise helps member states hone their response to real-world scenarios involving telecom, military systems, and national infrastructure.
✅ Action List for Security Practitioners and Leaders
Segment IT and OT in Logistics: Ensure billing and operational systems are segmented to avoid total shutdowns in logistics or manufacturing.
Review Vendor Security Posture: Reassess reliance on vendors like Avanti that show repeated security failures. Initiate replacement discussions if needed.
Deploy Behavioral Analytics: Strengthen detection capabilities in sectors lacking large security teams—like food co-ops and farming operations.
Harden Healthcare Systems: Push for full network segmentation, endpoint security, and DR testing in public healthcare infrastructure.
Patch Avanti CVEs Immediately: Prioritize patching of CVE-2025-4427 and 4428 to prevent RCE risks, and validate against known misuse of libraries.
Detect Phishing Themes: Monitor phishing campaigns using aviation or logistics lures in industries targeted by Chinese APTs.
Audit Network Privacy Settings: Telecom providers should test VoLTE rollouts for metadata exposure before national launch.
Use Secure Developer Repos: Enforce dependency validation tools and scanning for malicious packages in dev pipelines.
Conduct USB and Web File Scans: Any third-party software or hardware installation should undergo malware sandboxing and endpoint protection checks.
Participate in Threat Exercises: Encourage regional or national participation in cyber drills like Lock Shields to strengthen collective defense.
🔚 That’s a wrap for today’s episode. Head over to CyberHubPodcast.com to read full story breakdowns, get your free daily email brief, and access our exclusive Saturday article series.
Until tomorrow at 9 a.m. EST—stay alert, stay caffeinated, and most importantly, stay cyber safe.
✅ Story Links:
https://therecord.media/peter-green-chilled-ransomware-uk-logistics-company
https://therecord.media/uk-nhs-data-two-cyberattacks-clinical-harm-2024
https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html
https://www.securityweek.com/o2-service-vulnerability-exposed-user-location/
https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html
https://www.securityweek.com/printer-company-procolored-served-infected-software-for-months/
https://www.securityweek.com/from-60-to-4000-natos-locked-shields-reflects-cyber-defense-growth/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post