In this episode of the CyberHub Podcast, broadcasting from the CyberTech event in Israel, the host spotlights multiple high-severity security threats and new policy developments.
Topics include Google’s emergency fix for a Chrome sandbox escape, Microsoft zero-days linked to a ransomware-as-a-service group, critical vulnerabilities in CrushFTP and VMware Tools, malicious phishing campaigns hitting Counter-Strike 2 players, and cyber resilience lessons from Malaysia’s airport outage.
Google Patches Chrome Sandbox Escape
Researchers at Kaspersky detected a targeted drive-by download exploit (CVE-2025-2783) allowing attackers to execute remote code once the victim clicked a malicious link in a Chrome browser. The espionage campaign—nicknamed Operation Forum Troll—primarily aimed at Russian organizations, signaling a likely state-sponsored threat. Google rushed out a patch, urging users to update immediately.
Microsoft Management Console Zero-Day Exploited by EncryptHub
A Windows zero-day (CVE-2025-26633) in the Microsoft Management Console (MMC) has been actively exploited by the Encrypt Hub ransomware-as-a-service gang. The flaw bypasses file reputation checks, letting attackers deploy malicious .msc files without warning prompts. Researchers identified multiple payloads linked to the group, including data-stealing Trojans and backdoors, reinforcing the need to apply Microsoft’s patch as soon as possible.
Critical CrushFTP Vulnerability
CrushFTP warned users about a newly discovered HTTP port access flaw that provides unauthorized attackers with direct server access if exposed to the internet. Affecting all versions of CrushFTP v11, the vulnerability allows remote compromise of unpatched servers running HTTP/HTTPS. Administrators are urged to update immediately to avoid exploit attempts.
VMware Tools for Windows Security Defect
VMware released urgent updates for a high-risk authentication bypass flaw (CVE-2025-2332) in VMware Tools for Windows. Attackers leveraging this vulnerability could potentially compromise guest virtual machines. VMware Tools version 12.5.1 contains the necessary patch, and organizations should prioritize remediation to maintain secure virtual environments.
Phishing Campaign Targets Counter-Strike 2 Players
A new browser-in-the-browser phishing scam tricks Counter-Strike 2 gamers with realistic pop-up login pages mimicking Steam. Attackers entice victims through eSports-themed websites and YouTube videos, prompting logins that harvest credentials and bypass multi-factor authentication. Security experts advise verifying URLs and adopting password managers to detect suspicious forms.
Malaysia Airport Cyber Attack and $10 Million Ransom Demand
The Kuala Lumpur International Airport’s operator suffered an IT disruption, forcing staff to revert to manual processes. Prime Minister Anwar Ibrahim confirmed a $10 million ransom demand, though the airline services themselves remained operational. Despite criticism for limited public disclosure, the quick fallback to pen-and-paper highlights the importance of business continuity planning under duress.
Ransomware Attack Trends and Payments Decline
Research from multiple cybersecurity analysts indicates ransomware attacks are on the rise, yet overall ransom payments dipped from previous years. While fewer victims opted to pay, adversaries showed intensifying efforts to infiltrate industrial IoT and OT networks. Experts underscore robust patching and strategic resiliency measures as keys to fending off these ever-evolving threats.
Pentagon Cyber Policy Appointment
Catherine Sutton, currently Chief Technology Advisor at U.S. Cyber Command, has been nominated for the role of Assistant Secretary of Defense for Cyber Policy. Her confirmation will provide a dedicated civilian leader responsible for comprehensive cybersecurity oversight at the Department of Defense—filling a role created to bolster digital security coordination across the agency.
Action List
Update Chrome: Apply the latest patch to protect against the newly exploited sandbox escape vulnerability.
Patch Microsoft Systems: Install fixes for CVE-2025-26633 in the Microsoft Management Console to block ransomware threats.
Secure CrushFTP Servers: Upgrade to the latest v11 release to remediate unauthorized HTTP port access exploits.
Deploy VMware Tools Update: Implement the version 12.5.1 patch to prevent authentication bypass vulnerabilities.
Verify Steam Logins: Warn gamers about fake browser windows and encourage password managers for better credential security.
Exercise Business Continuity Plans: Prepare manual fallback processes to keep operations running during cyber incidents.
Harden OT/IoT Environments: Prioritize frequent patching and segmentation in industrial settings to mitigate evolving ransomware threats.
Stay Informed on Policy: Track leadership changes within national defense entities for potential shifts in cyber strategy.
✅ Story Links:
https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
https://www.securityweek.com/vmware-patches-authentication-bypass-flaw-in-windows-tools-suite/
https://therecord.media/malaysia-pm-says-country-rejected-ransom-demand-airport-cyberattack
https://therecord.media/katherine-sutton-nominee-assistant-secretary-defense-cyber-policy
Level Zero Conference Discount Code: L020RESPOND at www.levelzeroconference.com
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post