🎙️ Welcome Back to the Grind: A Global Cybersecurity Pulse Check
After a day back in the studio and positive feedback on last week's scripted deep dives, CyberHub Podcast host James Azar dove into a new week with a jam-packed rundown of evolving cyber threats across the globe.
From Japanese financial hacks to North Korean phishing via Zoom and legislative moves in Washington, the show covered both the tactical and strategic layers of modern cybersecurity warfare—reminding defenders everywhere why vigilance matters now more than ever.
💹 Japan FSA Warns of $700M in Unauthorized Trades from Account Hacks
Japan's Financial Services Agency (FSA) raised alarm over a surge in unauthorized trades totaling $700 million since March 2025, stemming from compromised login credentials. With trading accounts at six securities firms affected and credentials stolen via phishing and infostealers, the incident raised concerns about accountability between users and brokers. The attacks appear to have manipulated the stock market—possibly as a geopolitical maneuver amid ongoing trade tensions with China.
🛑 Ransomware Hits Abilene, Texas Amid Growing Statewide Threat
The city of Abilene, Texas, joined a growing list of municipalities paralyzed by cyberattacks. Following reports of unresponsive servers, officials shut down critical systems out of "an abundance of caution." While no financial fraud has yet been detected, government systems were forced into manual operations, disrupting public services. The incident follows a string of attacks across Dallas County, Fort Worth, Lubbock, and more—highlighting Texas' struggles with municipal cyber resilience.
🔐 NTLM Hash Vulnerability Exploited Weeks After Patch Release
Checkpoint reported exploitation of CVE-2025-24054, a medium-severity NTLM vulnerability patched in March. The flaw enables hash leaks through malicious .library-ms files bundled in ZIP archives. Once opened, Windows Explorer triggers an SMB authentication request, leaking NTLM hashes without user interaction. Exploits were spotted in Poland and Romania, emphasizing the need for rapid patch deployment and better NTLM protections across organizations.
🪞 North Korea Exploits Years-Old RDP and Office Bugs in ‘Larva24005’ Campaign
A new campaign dubbed Larva24005 by North Korean hackers is using ancient vulnerabilities to gain initial access to networks—including CVE-2019-0708 (BlueKeep) and CVE-2017-11882 (Equation Editor). South Korean intelligence confirmed that even nine-year-old bugs are still being weaponized, underscoring the critical importance of patching legacy systems and maintaining airtight vulnerability management practices.
📞 Zoom Phishing Lures Used to Infect Crypto Traders in Sophisticated NK Campaign
In a parallel campaign, North Korean actors posed as venture capitalists to lure crypto traders and investors into Zoom calls. Once on the call, targets were prompted to share screens and unknowingly granted remote access via Zoom's built-in features. This enabled attackers to deploy info-stealer malware under the guise of a legitimate system prompt. Experts warn users to disable remote control options on Zoom unless absolutely necessary.
🌏 UN: Cybercrime Slavery in Southeast Asia Has Global Implications
A UN report shed light on the growing "pig butchering" cyber fraud industry rooted in Myanmar and run by Chinese crime syndicates. Despite some forced-labor camps being shut down under Chinese pressure, thousands remain trafficked and enslaved. The fraud campaigns are expanding into Africa, further decentralizing the infrastructure of global cybercrime. The humanitarian, geopolitical, and financial implications make this more than just a cybersecurity issue—it’s an international crisis.
🔎 Proton Bulletproof Hosting Linked to Global Credential Stuffing and Scanning
Trustwave SpiderLabs revealed a mass scanning and brute-force credential attack campaign originating from IPs belonging to Russian bulletproof hosting provider Proton-XXVI. The campaign began in January 2025, exploiting vulnerabilities such as Palo Alto’s CVE-2025-0108. Many IPs had previously been inactive or undiscovered. Connections to underground forums and infrastructure-as-a-service providers like BearHost were confirmed.
🏛️ Bipartisan Bill Proposes Extension of Critical Cyber Threat-Sharing Law
Senators Gary Peters and Mike Rounds introduced a bipartisan bill to extend the 2015 Cybersecurity Information Sharing Act, which is set to expire this September. The law enables and protects information sharing between private companies and the federal government—a crucial element of proactive threat intelligence. Lawmakers are optimistic about bipartisan support for its continuation.
⚠️ Lantronix Export Vulnerability Threatens Global Critical Infrastructure
A newly disclosed vulnerability in the Lantronix ‘xPort’ device used in critical infrastructure globally could enable remote unauthorized access. CISA warned that this missing-authentication flaw could affect sectors from manufacturing and transportation to energy and water systems. Over 1,400 instances are exposed online, with hundreds tied to gas station management systems. Patch deployment is urgent to prevent exploitation.
✅ Action List for Security Leaders & Practitioners
Patch Immediately: Address CVE-2025-24054 (NTLM leak) and CVE-2025-0108 (PAN-OS) if not already remediated.
Audit Legacy Systems: Look for exposure to CVEs as old as 2017 (e.g., Equation Editor) and BlueKeep (2019).
Disable Zoom Remote Access: Enforce Zoom settings that restrict remote desktop control in enterprise environments.
Review Financial Fraud Controls: Reevaluate risk models for retail and institutional investors given credential-stealing malware threats.
Protect Critical Infrastructure: Scan for and patch Lantronix xPort vulnerabilities, especially in utilities and transportation.
Block Malicious IPs: Monitor for brute-force attacks from Proton-related IP blocks and implement geofencing or blocking rules.
Update Threat-Sharing Agreements: Ensure your organization is engaged with ISACs or other sharing forums, and prepare for updates in federal collaboration laws.
Train Employees on Business Scams: Elevate social engineering and phishing awareness in VC, crypto, and startup sectors especially vulnerable to spear phishing.
🔚 Stay informed and stay cyber safe. For written summaries, sources, and links, visit CyberHubPodcast.com. Subscribe on YouTube, Spotify, Apple, or your favorite podcast platform—and join the conversation on social media. See y’all tomorrow at 9 AM EST.
✅ Story Links:
https://thecyberexpress.com/japan-warns-of-hacked-trading-accounts/
https://therecord.media/texas-abilene-offline-cyberattack-systems
https://www.securityweek.com/fresh-windows-ntlm-vulnerability-exploited-in-attacks/
https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html
https://therecord.media/southeast-asia-cyber-fraud-at-inflection-point
https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post