Good Morning Security Gang!

Happy Wednesday, and welcome to another packed episode of the CyberHub Podcast. I’ve got my double espresso here—it’s still piping hot, nearly burning my fingers—but we’ve got a huge slate of stories to dive into today.

From a ransomware attack hitting a U.S. drug research company, to TPG Telecom in Australia dealing with a breach, to SharePoint zero-days hammering UK organizations, and even researchers finding gaping security holes in Intel systems.

On top of that, we’ve got vulnerability news from Chrome, Firefox, and WinRAR, a wild case of attackers patching systems after exploiting them, and even the DOJ nabbing a botnet operator. Let’s break it down story by story.

💊 Indiana-Based Drug Research Firm Inotive Hit by Ransomware

Indiana-based Inotive, a drug research company working on oncology, neuroscience, and medical devices, reported a ransomware attack to the SEC. The Qillin ransomware gang claimed responsibility, leaking 176GB of stolen research data spanning a decade. The company has been offline for nearly two weeks, relying on offline alternatives but facing major business disruption. With $500M annual revenue, limited cyber insurance, and no restoration timeline, this attack is likely to have material financial impact.

📡 Australia’s TPG Telecom Breached

Australia’s telecom sector is once again under fire. TPG Telecom, one of the country’s largest mobile and broadband providers, confirmed a breach of its iiNet management system. Roughly 280,000 active email addresses and 20,000 landline phone numbers were exfiltrated. While no payment or ID documents were stored in the affected system, the breach underscores the relentless targeting of Australian telcos this year.

🇬🇧 UK SharePoint Breaches

The SharePoint zero-day campaign continues to unfold, this time hitting three unidentified British organizations. Attackers exploited newly discovered vulnerabilities in on-premises SharePoint servers, compromising personal data. Despite Microsoft’s warnings, many orgs are still running legacy, on-prem systems instead of shifting to cloud-hosted services like Microsoft 365, leaving them highly exposed.

💻 Intel Employee Data Exposed via Researcher Discovery

Security researcher Eaton Zveare uncovered a series of vulnerabilities in Intel’s internal systems that could have exposed the data of 270,000 Intel employees worldwide. Hard-coded credentials, authentication bypasses, and unsecured employee directory sites were identified. Intel confirmed no actual breach occurred—it was responsibly disclosed under bug bounty—but the flaws showed how dangerously close attackers could have come to exfiltrating sensitive employee and supplier data.*

🛡 Elastic EDR Zero-Day Claim Rejected

Security firm AshES Cybersecurity claimed it had found a zero-day in Elastic Defend EDR, but Elastic rejected the report after internal investigation. The researchers refused to share proof of concept, raising suspicions of attention-seeking rather than responsible disclosure. As I said on the show—responsible disclosure is a cornerstone of our community. Without it, credibility is lost, and Elastic should seriously consider legal options against baseless claims.

🌐 Chrome & Firefox Patch AI-Discovered Bugs

Both Google Chrome and Mozilla Firefox rolled out critical patches. Chrome’s update addressed a high-severity V8 JavaScript engine bug (CVE-2025-90132) discovered by Google’s Big Sleep AI agent, showing how AI is accelerating vulnerability discovery. Mozilla patched nine flaws, five rated high severity, including memory corruption and sandbox escape issues. Update your browsers immediately.

🐧 Attackers Exploit Apache ActiveMQ—Then Patch It

Red Canary researchers found attackers exploiting a two-year-old Apache ActiveMQ flaw (CVE-2023-46604), gaining persistence in cloud Linux systems and deploying a new malware dubbed DripDropper. The twist? After initial exploitation, attackers patched the vulnerability themselves—blocking others from using it while maintaining covert access. This bizarre tactic shows just how far adversaries will go to protect their footholds.

🪟 WinRAR Exploited by Paper Werewolf APT

The Paper Werewolf threat group (aka Gofie) has been exploiting WinRAR vulnerabilities, including a new zero-day leveraging alternate data streams to drop payloads. Highly targeted phishing campaigns against Russian institutions used malicious archives to establish persistence.

"If you're still teaching people to look for spelling mistakes, we're going to lose this game. It's really, really sophisticated, and you've got to have defense in depth here." James Azar

With AI-powered phishing sophistication, traditional “spot the spelling mistake” training simply won’t cut it anymore—defense in depth is a must.

👮 DOJ Charges U.S. RapperBot Admin

The DOJ charged Ethan Foltz of Oregon for running RapperBot, Eleven Eleven Botnet, and CowBot, which infected up to 95,000 IoT devices. His botnets launched 370,000 DDoS attacks in 80 countries, peaking at 6Tbps. Foltz faces up to 10 years in prison. While law enforcement seized admin access and disrupted the botnet, history shows another actor will quickly fill the void.

🧠 James Azar’s CISO Take

What ties these stories together is the urgency of patching and resilience planning. From SharePoint zero-days to Apache ActiveMQ and WinRAR, the vulnerabilities are out there, and attackers are chaining them for persistence. We talk a lot about advanced threats, but the reality is most compromises start with something simple: an unpatched system or an unmanaged identity. The “time to patch, time to mitigate” metric is everything—it’s how we measure true operational maturity.

The second theme is evolution in attacker sophistication. Whether it’s adversaries patching systems to protect their own access or AI supercharging phishing campaigns, the game is moving fast. CISOs must accept that defenses rooted in user awareness alone are obsolete. It’s time for layered defenses, active monitoring, and treating every new exploit as tomorrow’s ransomware enabler.

✅ Action Items

• 🔐 Patch all SharePoint servers—assume compromise if still on-prem.

• 🛡 Update Chrome and Firefox to latest versions immediately.

• 💻 Audit internal systems for hard-coded credentials and auth bypass flaws.

• 🐧 Apply fixes for Apache ActiveMQ CVE-2023-46604, and scan for persistence.

• 🪟 Monitor WinRAR usage, enforce patching, and train users against malicious archives.

• 📡 Monitor telco and cloud environments for exfiltration attempts.

• 👮 Review resilience plans for ransomware disruptions—especially in healthcare and pharma.

• 📶 Harden IoT/edge devices to block botnet enrollment.

✅ Story Links:

https://www.securityweek.com/intel-employee-data-exposed-by-vulnerabilities/

https://therecord.media/drug-development-innotiv-ransomware-sec

https://www.securityweek.com/australias-tpg-telecom-investigating-iinet-hack/

https://therecord.media/organizations-united-kingdom-sharepoint

https://www.bleepingcomputer.com/news/security/elastic-rejects-claims-of-a-zero-day-rce-flaw-in-defend-edr/

https://www.securityweek.com/high-severity-vulnerabilities-patched-in-chrome-firefox/

https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html

https://cybersecuritynews.com/paper-werewolf-exploiting-winrar-zero%E2%80%91day/

https://www.securityweek.com/rapperbot-botnet-disrupted-american-administrator-indicted/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news..

*Story was edited at 11:30 to remove any mention of a bug bounty reward to the security researcher.