Good Morning Security Gang!

It’s Monday, September 29th, 2025, and welcome back to the CyberHub Podcast. What a weekend - lots of cyber chaos to unpack and a historic first for our industry: a government-backed cybersecurity bailout. I’ve got my double espresso in hand, and we’re diving into the UK’s $1.5B loan to keep Jaguar Land Rover afloat, ransomware continuing to disrupt aviation and counties here in the U.S., Cisco firewalls being exploited by Chinese espionage groups, Akira ransomware going after SonicWall VPNs, teenage hackers recruited on Telegram, TikTok restructuring, and much more.

Let’s get into it.

🚗 UK’s $1.5B Cybersecurity Bailout for Jaguar Land Rover

The UK government approved a £1.5 billion ($2B) loan guarantee for Jaguar Land Rover (JLR) after ransomware crippled its operations. JLR is on day 29 of downtime, putting suppliers—who operate on 15–30 day cash reserves—at existential risk. The bailout ensures JLR can pay its supply chain, preventing broader collapse. Some argue bailouts encourage more attacks, but as I said: “If law enforcement doesn’t hunt these guys down, you better believe criminals will read this as an invitation.”

🛒 Co-op Loses $275M From April Cyberattack

UK retailer Co-op revealed its April ransomware attack shaved $275M off revenue, largely from food business disruptions and empty shelves. Data theft was also confirmed. CEO Shirin Kauri-Hack said staff worked “day and night” to recover, but the blow was severe.

👜 Harrods Data Breach Confirmed

Luxury retailer Harrods is notifying customers after a third-party system provider breach exposed names and contact details. This follows a May incident where Harrods restricted internet access to stop another attempted intrusion. Authorities have arrested four suspects tied to attacks on Harrods, Marks & Spencer, and Co-op.

🛫 RTX/Muse Boarding Software Ransomware

RTX confirmed that its Muse boarding system, used by airlines for check-in, boarding, and baggage tracking, was hit by ransomware. A man in his 40s was arrested under the UK’s Computer Misuse Act. While RTX clarified the Muse system runs on customer-specific networks, this attack still disrupted airports in London, Brussels, Berlin, and Dublin.

“These are the talking points as cyber practitioners we ought to use. These are the talking points that resonate with the board. These are the use cases that we can use to drive understanding and adoption of cybersecurity within our organizations. This is it. This very moment we’ve been waiting for for over a decade or two.” James Azar

🏛 Union County, Ohio Ransomware

Union County (pop. 71,000) disclosed that ransomware in May compromised 45,487 residents’ SSNs and financial data. Local governments remain soft targets despite years of warnings.

🔥 Cisco Firewall Zero-Days Exploited by China

Cisco warned of two zero-days (CVE-2025-20333 & CVE-2025-20362) in ASA and Secure Firewall Threat Defense software. Exploited in the ArcaneDoor espionage campaign by China, attackers used root access to disable logging, intercept CLI commands, and crash devices to block forensics. These flaws were first seen in May against government agencies.

🍏 Apple Zero-Day Bypass Technique

Google’s Project Zero published a bypass for Apple’s address space layout randomization (ASLR) using flaws in NSKeyed archiver/unarchiver serialization. While Apple patched, this shows how legacy frameworks create persistent attack vectors.

🔐 Akira Ransomware Targets SonicWall VPNs

Researchers say Akira ransomware is exploiting SonicWall SSL VPNs, bypassing OTP-based MFA—possibly with stolen OTP seeds. While CVE-2024-40766 was patched in August, attackers are still compromising devices.

👦 Dutch Teens Recruited by Pro-Russian Hackers

Two 17-year-olds were arrested in the Netherlands for spying on embassies and Europol with Wi-Fi sniffers after being recruited on Telegram by pro-Russian hackers. Parents reportedly dismissed their son’s hacking interest as “just gaming.” As I said: “Either we give these kids pathways into white-hat hacking, or foreign states will recruit them for espionage.”

🎵 TikTok Restructuring Under U.S. Oversight

President Trump approved a deal to restructure TikTok’s U.S. operations:

• 80% ownership by U.S. investors (Oracle, Silver Lake, a16z).

• 20% Chinese equity stake remains.

• U.S.-only user data storage with Oracle oversight.

• Security partners on the algorithm and monitoring committees.
  If enforced properly, this could be the strongest national security framework for a major social platform to date.

🧠 James Azar’s CISO Take

Today’s headlines show how cyber has moved from IT risk to systemic economic risk. JLR’s bailout wasn’t about one company—it was about saving hundreds of suppliers and jobs. The UK now has its “NotPetya moment,” but instead of shipping, it’s autos. For boards and governments, cyber isn’t about “downtime costs” anymore—it’s about GDP and industrial security.

The second big theme is trust in vendors and talent pipelines. From Cisco zero-days to SonicWall VPNs, attackers are hitting the systems we trust the most. And with kids being lured on Telegram into espionage, we can’t ignore the human side of recruitment. For CISOs, this means double-down on vendor governance, layered defenses, and investing in your workforce—including the next generation.

Leave a comment

✅ Action Items

• 🚗 Treat ransomware resilience as economic security—segment IT/OT networks.

• 🛒 Review supplier dependencies—ensure continuity beyond 30 days.

• 🔐 Patch Cisco ASA/FTD firewalls for CVE-2025-20333/20362.

• 🍏 Update Apple endpoints—track serialization-based exploits.

• 🔑 Audit SonicWall VPNs—rotate MFA seeds, enforce layered security.

• 👦 Mentor young talent into white-hat pathways—preempt hostile recruitment.

• 🎵 Track TikTok restructuring—consider platform exposure in enterprise risk.

That’s it for our show this morning. We’ll be back tomorrow at 9 AM Eastern live with all the latest.

Until then, have a great rest of your day, y’all, and most importantly, stay cyber safe!