🎙️ CyberHub on the Road: Global Cybersecurity Threats in Focus
Good Morning Cyber Gang,
Broadcasting from New York this morning, CyberHub Podcast host James Azar served up another potent mix of cybersecurity news from around the world.
Despite being away from the espresso comforts of home, the headlines kept flowing—ranging from major retail and telecom breaches to session hijacking techniques, Russian cyber sabotage, and Microsoft’s self-proclaimed largest security overhaul. With new threats emerging daily, the show emphasized the evolving complexity of cyber risks across industries and borders.
🛍️ Marks & Spencer Scrambles After Easter Cyber Incident
Iconic British retailer Marks & Spencer faced operational disruptions after a cybersecurity incident hit its systems over the Easter holiday. While online services remained active, some store operations, particularly the click-and-collect function, were affected. Though details remain scarce, ransomware is suspected, either directly impacting M&S or via a supply chain partner.
📱 SK Telecom Breach Exposes Customer Data
South Korea's largest telecom provider, SK Telecom, confirmed a breach in which malware was deployed to steal customer data. The attack, detected in April, is under investigation, but early signs suggest the data could be used for SIM-swapping attacks—a hallmark of Chinese and North Korean threat actors. This breach adds to regional concerns about state-sponsored destabilization efforts.
🚗 Lemonade Discloses Data Exposure of 190,000 Users
Insurance provider Lemonade reported a data exposure impacting approximately 190,000 users after a technical issue allowed unencrypted transmission of driver’s license numbers. The flaw, found in the company's car insurance application API, persisted from April 2023 to March 2024. Although no other sensitive data was compromised, regulatory notifications have been triggered.
🏫 Baltimore Schools Reveal Ransomware Fallout
Baltimore City public schools confirmed that February’s ransomware attack compromised sensitive data belonging to staff, volunteers, contractors, and about 1.5% of students (around 1,150). The breach exposed internal documents, though full details remain undisclosed. This marks another example of the slow, painful disclosure process following public sector cyberattacks.
🛡️ Microsoft Touts Security Overhaul Under Secure Future Initiative
Microsoft announced significant progress on its Secure Future Initiative, launched after last year’s China-linked breach. Key milestones include migrating 90% of internal accounts to phishing-resistant MFA and relocating signing keys to Azure Confidential VMs. However, a concurrent session cookie hijacking attack ("Cookie Byte") against Azure's Entry ID shows lingering gaps, as stolen browser cookies can still bypass MFA protections.
🍪 "CookieBite" Attack Demonstrates MFA Bypass via Browser Extensions
Veronis Security researchers showcased CookieBite, a proof-of-concept attack using malicious browser extensions to steal session cookies from Azure Entry ID, bypassing MFA safeguards. While the attack method isn’t new, it highlights how MFA can be defeated at the session level. The best mitigation involves robust browser security controls and blocking risky extensions.
🛠️ SSL.com Fumbles Certificate Issuance Due to Domain Control Validation Flaw
SSL.com improperly issued nearly a dozen digital certificates due to a domain control validation vulnerability. This follows similar mishaps across the certificate industry, raising concerns about the reliability of web trust systems and the need for stronger certificate authority oversight.
🇷🇺 Russia Targets Dutch Critical Infrastructure in Cyber Sabotage Campaigns
The Dutch Military Intelligence Service reported that Russian state-sponsored hackers targeted Dutch critical infrastructure in 2023 and early 2024. While the impact was minimal, this marks a shift from espionage to direct sabotage efforts in Europe, aligning with broader Russian cyber aggression against NATO members amid the Ukraine conflict.
🎯 Russia Refines Phishing Techniques in Ukraine-Linked Campaigns
Russian hackers also evolved their phishing tactics, deploying one-on-one social engineering attacks against Ukraine-affiliated organizations. By convincing targets to provide OAuth codes for Microsoft 365 accounts, Russian adversaries are fine-tuning their tradecraft in ongoing espionage campaigns.
📧 ActiveMail Zero-Day Exploited in Japan’s Corporate Sector
A critical zero-day vulnerability (CVE-2025-4259) in ActiveMail, a popular Japanese webmail platform, is being actively exploited. Used by over 2,200 organizations in Japan, this buffer overflow flaw enables remote code execution. The vendor, Qualitea, has urged immediate patching, as the exploit targets major corporations, banks, and government entities.
🧩 MITRE Releases DefendCAT for Advanced Cyber Defense Modeling
MITRE introduced DefendCAT (Cyber Attack Tool) as part of its Defend 1.0 release. This structured knowledge framework allows security teams to build comprehensive, scenario-based defenses, moving beyond traditional PowerPoint or Visio models. The tool aims to enhance threat modeling and response planning.
✅ Action List for Security Leaders & Practitioners
Patch Immediately: Apply fixes for ActiveMail zero-day (CVE-2025-4259) and verify certificate chains following SSL.com’s mishap.
Reassess Browser Security: Implement strict controls on browser extensions to mitigate session hijacking (e.g., Cookie Byte).
Audit MFA Effectiveness: Recognize that MFA alone isn’t enough; deploy endpoint and browser protections against session theft.
Monitor Telecom Threats: Watch for SIM-swapping or data misuse tied to the SK Telecom breach, especially in high-risk regions.
Evaluate Supply Chain Resilience: Review third-party risks as potential ransomware vectors (highlighted by Marks & Spencer's incident).
Engage with DefendCAT: Explore MITRE's new tool to improve cyber defense modeling and scenario testing.
Stay Alert for Russian Threats: Monitor potential sabotage or espionage linked to Russian APTs targeting NATO infrastructure and Ukraine-related entities.
Strengthen Cloud Identity Protections: Apply zero trust principles and stronger token security in cloud environments like Azure.
🔚 That’s a wrap from the Big Apple! Subscribe for more insights, visit CyberHubPodcast.com, and join the conversation. Until tomorrow, stay cyber safe!
✅ Story Links:
https://www.securityweek.com/cyberattack-hits-british-retailer-marks-spencer/
https://www.securityweek.com/korean-telco-giant-sk-telecom-hacked/
https://www.cybersecuritydive.com/news/lemonade-drivers-license-exposed/745762/
https://therecord.media/baltimore-public-schools-data-breach-ransomware
https://www.securityweek.com/ssl-com-scrambles-to-patch-certificate-issuance-vulnerability/
https://therecord.media/dutch-mivd-report-russian-cyber-sabotage
https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html
https://thecyberexpress.com/mitre-launches-d3fend-cad-tool/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post