Good Morning Security Gang!
Welcome to the CyberHub Podcast for Wednesday, July 9th, 2025. I’m James Azar, and today’s episode is a Patch Tuesday deep dive with some added threat intelligence—from North Korean hackers fooling American companies to an Iranian ransomware affiliate surge and the real story behind the Marks & Spencer breach.

Buckle up for a ride through today’s most important security updates. I've got my double espresso powering me through—coffee cup cheers, y’all!

🚨 Microsoft Patch Tuesday: 137 Flaws Including SQL Server 0-Day

Microsoft’s July Patch Tuesday came in with a bang—137 vulnerabilities patched, including a critical zero-day in Microsoft SQL Server (CVE-2025-49719). This vulnerability allows remote, unauthenticated attackers to read data from uninitialized memory due to improper input validation. Fourteen of the patched flaws were critical, ten of them enabling remote code execution. Other categories include elevation of privilege (53), information disclosure (18), and denial-of-service (6). Admins should prioritize patching Microsoft SQL Server and updating the OLEDB driver.

“We’ve all decided to drop all the vulnerabilities in the world on one day and just say, ‘Good luck.’” – James Azar

🧨 Adobe Fixes 58 Bugs in 13 Products

Adobe rolled out updates for 58 flaws, including critical bugs in Adobe Connect, ColdFusion, and Experience Manager Forms. The most severe (CVE-2025-49053, CVSS 9.8) could allow arbitrary code execution due to deserialization of untrusted data. While none are currently exploited in the wild, James warned that could change rapidly. Most Adobe patches can be safely auto-deployed, especially if the systems are used internally. If you haven’t patched yet—do it now.

🛠️ Ivanti, Fortinet, and Splunk Join the Patch Party

• Ivanti: Patched 11 bugs across Connect Secure and Endpoint Manager Mobile, mostly requiring authentication but still dangerous given the rising ease of credential theft.

• Fortinet: Released 8 advisories. One SQL injection flaw (CVE-2025-25257, CVSS 9.6) in FortiWeb allows unauthenticated exploitation via crafted HTTP/S requests.

• Splunk: Issued 12 advisories to resolve long-standing vulnerabilities—some dating back to 2013—highlighting the challenges in legacy patching.

Also included were Siemens, Schneider Electric, Phoenix Contact, ABB, and Mitsubishi Electric, each addressing high-risk OT flaws.

🧑‍💼 Marks & Spencer Ransomware Attack: Social Engineering at Its Core

Marks & Spencer confirmed the DragonForce ransomware attack was triggered via impersonation. Chairman Archie Norman called it a “sophisticated impersonation,” but James broke it down bluntly—it was social engineering at the help desk. The attacker tricked a third party into resetting an employee password by pretending to be an internal staffer. The real issue? A lack of multifactor authentication and inadequate support structure to protect identity verification processes.

“What you need to do, Archie, is build a resilient business, Bubba.” – James Azar

🇮🇷 Iranian Ransomware Group Offers Bigger Affiliate Cuts

The Iranian Pay2Key.itup group (believed to be tied to Fox Kitten) has shifted to a Ransomware-as-a-Service (RaaS) model, promising affiliates an 80% cut for targeting enemies like Israel, the U.S., UAE, and Azerbaijan. They've already claimed over $4 million in ransom earnings. James connected the increased aggression to geopolitical retaliation over nuclear facility airstrikes and warned of more attacks to come.

🧬 China’s Hack-for-Hire Network Exposed

Leaked datasets analyzed by SpyCloud revealed Salt Typhoon, a Chinese APT operated by private firms contracting with CCP agencies. The data includes IPs, employee names, contracts with PLA suppliers, and transaction details. This highlights the seamless collaboration between Chinese private entities and intelligence—emphasizing how China’s cyberwarfare apparatus is state-coordinated but commercially operated.

⚖️ U.S. Sanctions North Korean Hacker Behind IT Worker Fraud

The U.S. Treasury and OFAC sanctioned Sung Kum Haik, a North Korean national who used stolen American identities to create fake personas and infiltrate companies via remote IT job fraud. This crackdown builds on law enforcement efforts to disrupt North Korea's shadowy gig-economy-funded cybercrime strategy that has defrauded numerous U.S. businesses.

✅ Action Items

• Patch SQL Server: Address CVE-2025-49719 immediately by updating SQL Server and OLEDB drivers.

• Auto-patch Adobe products where feasible—especially ColdFusion and Experience Manager.

• Prioritize OT vendor patches if you operate in industrial environments (Schneider, Siemens, Fortinet).

• Audit help desk protocols to require MFA for password resets—don’t fall for impersonation.

• Watch Iranian RaaS groups—monitor access logs for unusual activity targeting Western assets.

• Stay alert to job applicant fraud, especially from foreign remote applicants—validate identities with secure verification tools.

🎙️ James Azar’s CISO Take

This week’s Patch Tuesday felt like a reminder that security isn’t just about keeping up—it’s about adapting to constant change. Microsoft’s massive patch dump, combined with Adobe and Ivanti’s critical updates, reflect an environment where legacy systems, misconfigurations, and slow response cycles are a hacker’s best friend. If you’re not prioritizing patch automation and vulnerability management at the highest level, you’re living on borrowed time.

But what really stood out for me was the M&S attack. We continue to see companies—big, global brands—fail at the most basic security control: user identity validation. It’s 2025, and we’re still resetting passwords with just an email and a name. This tells me that despite all the flashy tech, organizations still treat cybersecurity as a checkbox instead of a business enabler. That mindset has to change if we want to build resilience into our digital foundations.

If you found today’s breakdown valuable, subscribe to the CyberHub Podcast,

Until next time—stay cyber safe.

✅ Story Links:

https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2025-patch-tuesday-fixes-one-zero-day-137-flaws/

https://www.securityweek.com/adobe-patches-critical-code-execution-bugs/

https://www.securityweek.com/ivanti-fortinet-splunk-release-security-updates/

https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-siemens-schneider-phoenix-contact-2/

https://www.bleepingcomputer.com/news/security/mands-confirms-social-engineering-led-to-massive-ransomware-attack/

https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets

https://www.bankinfosecurity.com/chinese-data-leak-reveals-salt-typhoon-contractors-a-28919

https://thehackernews.com/2025/07/us-sanctions-north-korean-andariel.html

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.