Good Morning Security Gang!

Welcome to the final CyberHub Podcast for July and we've got a mega-pack of stories to close the month out strong. I’m coming to you fresh from Tel Aviv, where I spent the day near Palo Alto’s local office—and wouldn’t you know it, the cybersecurity world is abuzz over their shocking $25 billion acquisition of CyberArk. But that’s just the tip of the cyber iceberg.

We’ve got record breach costs from IBM, ransomware shaking Ingram Micro, Chinese cyber patent revelations, zero-days from Apple and Google, and a phishing campaign targeting Salesforce users. So pour your espresso and let’s get rolling.

💸 IBM Report: U.S. Breach Costs Near $10M

IBM’s latest data breach report reveals the average global cost of a breach dropped 10% to $4.4M, but in the U.S., that number nearly doubled to $9.9M. Why? Legal fees and fragmented data breach laws. Regulatory filings across 50 states and the rising cost of forensics, notifications, and restoration are driving these costs sky-high. Healthcare remains the most impacted industry at $7.42M per breach. It’s a stark reminder to review your cyber insurance coverage and prepare for long-term legal fallout.

"What most people don't know is 60% of the cost of a data breach is primarily legal – you've got to notify fifty different U.S. states, a whole bunch of territories... it's complex." James Azar

🐍 ShinyHunters Hit Salesforce Environments via Voice Phishing

Google’s Threat Intelligence Group uncovered a campaign by ShinyHunters (UNC6040) targeting Salesforce CRM instances. The group impersonates IT staff via phone to lure employees into connecting malicious OAuth apps to Salesforce, granting full access. In some cases, the apps were disguised as “My Ticket Portal” or similar to appear trustworthy. MFA tokens and credentials were also stolen using fake Okta login pages. It’s a masterclass in social engineering—and a red alert for customer data teams everywhere.

🔓 Ingram Micro Ransomware Attack: 35TB Under Threat

SafeBase ransomware gang claims responsibility for a massive cyberattack on Ingram Micro, alleging they exfiltrated 3.5 terabytes of data. The July 5th attack caused a global outage, VPN downtime, and forced an MFA reset across the company. SafeBase is now threatening to leak the data unless a ransom is paid. With over 260 victims on their leak site, SafeBase is filling the void left by BlackCat and LockBit’s decline. All signs point to failed negotiations and an impending leak.

🛒 Dollar Tree Denies Breach—Blames Defunct 99 Cents Only Stores

Threat actors claimed to have breached Dollar Tree, but the data was traced to the now-defunct 99 Cents Only Stores, which closed last year due to inflation. Dollar Tree clarified it had only acquired real estate—not IT systems or data—from 99 Cents. The confusion highlights the risks in data attribution during M&A and bankruptcy proceedings.

🧠 China’s Offensive Cyber Patent Trail Exposed

SentinelLabs linked patent filings from Chinese company Shanghai Fire Tech—allegedly tied to Silk Typhoon and China’s MSS—to cyber weapons, including smart home surveillance and network intelligence platforms. The Justice Department previously named the company in the 2021 Hafnium attacks. These patents offer a rare look into China’s public-private cyber partnership, revealing the scope of their offensive cyber R&D. It’s a wake-up call to diversify tech supply chains and decouple from Chinese manufacturing dependencies.

🧪 Python Devs Targeted by Fake PyPi Login Phishing

The Python Software Foundation warned of a phishing campaign using a spoofed PyPi login site to steal developer credentials. Once compromised, attackers attempt to inject backdoors into legitimate Python libraries. While PyPi itself wasn’t breached, this is part of a broader supply chain threat aimed at open-source ecosystems. If you're publishing Python packages, double-check URLs and enable MFA immediately.

🍎 Apple & Google Patch Joint Zero-Day Exploited in WebKit & Chrome

A critical zero-day tracked as CVE-2025-6558 was patched by Apple and Google. The flaw involved incorrect validation in ANGLE, a graphics abstraction layer used in WebKit and Chrome. Discovered by Google's TAG team, the vulnerability was being actively exploited in the wild. Apple issued patches across macOS Sequoia, iOS 18.6, iPadOS, tvOS, visionOS, and watchOS. Patch now.

🤯 Palo Alto Buys CyberArk for $25B—Overvalued?

In what might be the most eyebrow-raising deal of the year, Palo Alto Networks announced the acquisition of CyberArk for $25 billion. With CyberArk’s P/E ratio sitting at a staggering -235, many in the industry (myself included) question whether this was a drastic overpayment. Palo Alto has made recent moves into legacy tools like QRadar, and now CyberArk—whose identity platform has seen slow innovation. CyberArk shareholders get $45 cash and 2.2 shares of PANW per share. Someone at PANW knows something we don’t—or they just wrote a massive check on blind faith.

"I honestly don't think CyberArk is worth $25 billion... their P.E. ratio varies from N.A. to negative N.A. Palo Alto overpaid, I'm going to just say they overpaid significantly." James Azar

🇺🇸 CISA’s New Director Clears Senate Committee

Sean Planky’s nomination as the new Director of CISA passed the Senate Homeland Security Committee with a 9–6 vote. He’ll head to the full Senate next. Planky promises to restore nonpartisan trust in CISA and rebuild its workforce. A step in the right direction for the beleaguered federal agency.

🧠 James Azar’s CISO Take

The IBM breach report should be a wake-up call for every American organization. Ten million dollars per breach isn’t just a headline—it’s a financial reality. Legal fees, state filings, class action suits—they’re all part of the game now. Our fragmented regulatory landscape is driving breach costs through the roof. One unified federal standard could halve those legal costs and make IR operations much more efficient. We’ve got to get this done—especially with the rise in sophisticated phishing and ransomware campaigns.

Speaking of complexity, Palo Alto’s CyberArk deal shows just how much consolidation we’re seeing in the identity space. But paying $25 billion for a company with negative earnings? That raises red flags for anyone paying attention. Meanwhile, adversaries like SafeBase and ShinyHunters continue evolving with better social engineering and deeper integration into enterprise platforms. We need to remember that tech doesn’t solve process failures—people and procedures do. If we don’t reinforce those now, we’ll be staring down more $10 million breaches.

✅ Action Items

• 💰 Review your cyber insurance policy—does $10M still cut it?

• 🧑‍💻 Train staff to verify help desk identity before performing any credential actions

• 🔒 Patch Apple devices (iOS/macOS/WebKit) and Google Chrome for CVE-2025-6558

• 🛡 Review Salesforce app integrations and OAuth security posture

• 🧬 If you use Python packages, verify all PyPi login URLs and enable MFA

• 💾 Prepare for potential data leaks if you partner with or resell Ingram Micro

• 🌐 Monitor China-based vendors and tech stacks for risk in supply chain software

• 👥 Ensure your identity workflows don’t rely on legacy IAM systems without oversight

Stay cyber safe.

✅ Story Links:

https://therecord.media/ibm-data-breach-report-us-losses

https://www.bleepingcomputer.com/news/security/safepay-ransomware-threatens-to-leak-35tb-of-ingram-micro-data/

https://therecord.media/dollar-tree-discount-stolen-data

https://www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/

https://therecord.media/patents-silk-typhoon-company-beijing

https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/

https://www.securityweek.com/palo-alto-networks-to-acquire-cyberark-for-25-billion/

https://www.bleepingcomputer.com/news/security/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/

https://therecord.media/plankey-advances-cisa-nomination

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.