Good Morning Security Gang!
It’s Thursday, September 18th, 2025, and welcome back to the CyberHub Podcast. I’m broadcasting from New York City this morning out of my usual studio setup but still locked in with today’s lineup.
We’re covering a cyber shockwave rocking the UK’s auto sector as Jaguar Land Rover remains paralyzed, ShinyHunters boasting about stealing 1.5 billion Salesforce records, a SonicWall breach forcing customers into resets, China-linked phishing campaigns, North Korea abusing ChatGPT, a UK blackmail scandal, Meta’s legal troubles, and a big $65M funding round for Remedio. Let’s get into it.
🚗 Jaguar Land Rover Cyber Shockwave
Jaguar Land Rover’s cyberattack continues to send shockwaves through the UK economy, now entering day 18 of halted production. JLR accounts for 4% of the UK’s GDP, but when you factor in suppliers and small businesses tied to the auto giant, the real impact is closer to 10–15% of the economy. Suppliers are sitting on unsellable inventory and watching cash flows evaporate as production remains frozen.
"Their cash can run out in as little as ten days. Let that sink in and understand. So if your cash can run out in as little as ten days and you're on day eighteen, now you still have to pay your employees just because you're not getting your big customer buying from you that maybe accounts for eighty percent of your revenue." James Azar
🕵 ShinyHunters Claim 1.5B Salesforce Records
Threat group ShinyHunters claims they stole 1.5 billion Salesforce records from 760 companies by abusing the compromised SalesLoft Drift OAuth tokens. Data includes accounts, contacts, opportunities, users, and case records. That last category—support ticket data—is especially concerning, as it often contains sensitive customer details.
ShinyHunters say they’re retiring, but we’ve heard that before. As I said: this is less retirement and more a pyramid scheme shuffle.
“Cybercrime is a pyramid scheme—the bosses make millions while everyone else scraps for leftovers.” James Azar
🔐 SonicWall Breach Exposes Firewall Configurations
SonicWall confirmed attackers accessed firewall configuration backups stored in MySonicWall accounts. These backups could make exploitation of customer firewalls easier, so SonicWall is urging all customers to reset credentials, tokens, and reconfigure compromised secrets. They’ve issued guidance for detecting possible activity tied to the breach. This is one of those “don’t wait” moments—fix it now or regret it later. Essential credential reset.
🇨🇳 China’s Wicked Panda Phishing Campaign
APT41, also known as Wicked Panda, is running a phishing campaign spoofing the US-China Business Council and even U.S. lawmakers like John Mulliner. The emails lure recipients into opening archives with LMK files that set up persistence via VS Code Remote Tunnel—avoiding traditional malware detection. This is advanced tradecraft, exploiting the very dev tools CISOs are trying to secure.
🇰🇵 North Korea Using ChatGPT for Fake IDs
APT43, the North Korean “Comiskey” group, is now using ChatGPT to forge military ID cards in phishing lures. The fake IDs were embedded in emails posing as official communications from South Korea’s defense agencies. This is a clear example of how AI lowers the cost of deception, giving attackers scalable ways to craft believable pretexts.
🇬🇧 UK Politician Charged in Honey Trap Scandal
Former UK Labour councillor Oliver Steedman has been charged with blackmail in a honey trap scheme that targeted politicians, journalists, and officials in Westminster. He allegedly demanded contact numbers while sending indecent images. It’s a reminder that social engineering and blackmail are not just cyber tactics—they’re political weapons too.
⚖ Meta Loses Bid to Overturn Flow Privacy Verdict
A judge rejected Meta’s attempt to overturn a privacy verdict tied to data collected from the Flow period-tracking app. Meta argued it was “second-hand” data not covered by California’s wiretap laws, but the court disagreed. This case could escalate to higher courts—or even the U.S. Supreme Court—given the lack of a federal privacy standard. Once again, the absence of national legislation leaves companies and users caught in legal gray zones.
💼 Remedio Raises $65M
Remedio (formerly GetPull), a remediation-focused security startup, raised $65 million in funding led by Bessemer Ventures. Founded in 2019, the company has scaled to 60 employees without outside funding until now. This investment underscores growing interest in automated remediation platforms as CISOs struggle to bridge the detection-response gap.
🧠 James Azar’s CISO Take
The JLR incident illustrates the brutal truth: cybersecurity is business security. We often talk about resilience in abstract terms, but here it is in practice—factories stopped, suppliers unpaid, exports stalled, GDP rattled. When cash flow dries up in 10 days and your customer is offline for 18, the dominoes fall fast. CISOs must understand these business realities and align strategies not to just patch systems, but to keep companies alive during a crisis.
The second theme is the weaponization of trust—OAuth tokens, firewall backups, developer tools, even AI models like ChatGPT. Attackers aren’t just finding zero-days; they’re exploiting the systems we trust the most. That’s a governance problem as much as a technical one. CISOs need to prioritize identity, integration monitoring, and third-party visibility. Otherwise, as we’re seeing, attackers will happily turn our own trusted systems into weapons against us.
✅ Action Items
🚗 Segment IT/OT systems—manufacturers must reduce blast radius of ransomware.
🔐 Reset SonicWall credentials and tokens; reconfigure potentially exposed secrets.
📊 Audit OAuth token use in Salesforce and connected apps.
🕵 Monitor for phishing campaigns leveraging VS Code Remote Tunnel persistence.
🤖 Train teams to expect AI-crafted lures—assume deception is flawless.
⚖ Track privacy rulings—prepare for escalation in Meta/Flow case.
💼 Watch automated remediation startups like Remedio; evaluate fit for SOC ops.
That's it for today's show. We'll be back Monday at 9 AM Eastern live with all the latest cybersecurity news. Tomorrow we'll have our weekend summary of everything you missed, and Saturday I'll have my article on leadership and cybersecurity exclusively available here.
Stay cyber safe, everyone.
