Good Morning Security Gang,
🇺🇸 Opening Reflection: Memorial Day Tribute
James Azar opens the show with a solemn reflection on Memorial Day, honoring the men and women who paid the ultimate sacrifice in service of the United States. While it’s a holiday many associate with barbecues and downtime, James reminds us to focus on remembrance. It’s a day of deep gratitude, not celebration. He urged listeners to reflect on the day’s true meaning while continuing to uphold the values our fallen heroes died protecting.
CyberHub Podcast – May 26, 2025 – Memorial Day Special Edition
With that, the show shifts into today’s packed cybersecurity rundown.
⚡ Nova Scotia Power Breach: A Devastating Hit to Customer Data
A ransomware attack on Nova Scotia Power exposed a trove of sensitive customer information including names, contact data, billing and power consumption details, social insurance numbers, and even bank account data. Although power distribution and generation services were unaffected due to IT/OT separation, the breach revealed major IT hygiene failures—especially poor segmentation. James argued that public identifiers like names and addresses should no longer be considered PII and called for smarter, risk-based data protection classifications.
💸 $223M Heist at CETOS Protocol – Another Blow to Crypto
A massive theft of $223 million from decentralized exchange CETOS Protocol has rocked the crypto world. CETOS has offered a $5 million bounty to recover the funds, echoing Coinbase’s recent ransom refusal strategy. The breach stemmed from an undisclosed package vulnerability, again highlighting the persistent fragility of Web3 platforms. With over 57 billion in trading volume, CETOS’ incident underscores the need for tighter supply chain controls even in decentralized ecosystems.
🐉 China Exploiting Zero-Day in CityWorks Against U.S. Local Governments
Chinese-linked group UAT-6382 has been exploiting a CityWorks zero-day vulnerability (CVE-2025-0994) since January. The vulnerability allows remote code execution on Microsoft IIS servers. Talos confirmed exploitation against local governments, using AntSword and Behinder web shells and multiple backdoors. The attack highlights the ongoing nation-state campaign to infiltrate U.S. infrastructure via enterprise software used in city services and utilities.
📉 SEC Rule Challenged by U.S. Financial Giants
Five of the most powerful U.S. banking associations filed a formal petition to repeal the SEC’s cybersecurity incident disclosure rule, which mandates public disclosure within four business days. They argue the rule poses national security risks and adds compliance burdens without improving security. James echoed his longstanding critique, emphasizing it’s better to require incident reports within a flexible timeline rather than forcing premature public disclosure.
🎯 Operation Endgame: Global Cybercrime Networks Dismantled
An international law enforcement campaign dubbed Operation Endgame has resulted in:
300 servers and 650 domains taken down
$3.5M seized
16 DanaBot malware gang members charged
Tech giants like CrowdStrike, Amazon, and Google aided in infrastructure takedowns
Two Russian nationals face 72 years in prison for malware-related crimes, including ransomware and wire fraud. Europol’s coordinated work is an encouraging sign that even elusive cybercriminals are not beyond reach.
💊 Operation RapTor: Dark Web Drug Syndicates Crushed
Another Europol-led bust, Operation Raptor, led to:
270 arrests worldwide
$184M in cash and crypto seized
144kg of fentanyl or fentanyl-laced substances removed
180 firearms and counterfeit goods recovered
The operation targeted sellers on marketplaces previously taken offline. The message is clear: the dark web is not a safe haven.
⚠️ npm Under Siege: 60 Malicious Packages Discovered
Researchers identified 60 malicious npm packages exfiltrating system and network data via Discord webhooks. Post-install scripts in the packages collected sensitive machine-level information. Even data wipers had been disguised in npm uploads over the past two years, showing supply chain abuse in open-source ecosystems remains rampant.
🔒 Signal Defies Recall with Screenshot Blocker
Signal launched a new privacy feature that prevents Windows’ controversial Recall technology from capturing chat screenshots. Any attempt to grab Signal’s chat screen returns a blank frame. The move is praised as a direct pushback against invasive surveillance-style logging under the guise of AI-powered search.
🎯 Bumblebee Malware Campaign Abuses IT Tool Brands
A Bumblebee loader campaign is impersonating trusted IT tools like ZenMap and WinMTR through typosquatting domains. These tools, used with admin rights, make perfect attack vectors for privilege escalation. IT teams are urged to verify download sources and block suspicious domains.
👤 QAKBOT Botnet Operator Indicted in U.S.
Russian national Rostam Gallyamov (aka PinkSlipBot creator) was indicted for leading the QAKBOT botnet operation since 2008. He’s accused of enabling ransomware actors like Black Basta and Conti by renting infected machines. U.S. authorities have seized $4M in crypto and are pursuing broader charges under Operation Endgame.
✅ Action Items for Cybersecurity Leaders
🔐 Reassess your data segmentation policies—don’t put all customer data in one lake
🚫 Block access to typosquatted IT tool domains (e.g. zenmap.pro, winmtr.org)
🛡️ Patch CityWorks if used, and verify against CVE-2025-0994
📝 Revisit your incident response plan and how it aligns with SEC or CISA rules
🔍 Review npm package usage across your dev environments
⚠️ Monitor for Bumblebee loader activity and restrict admin tool downloads
🧱 Add DNS-level protections to monitor abandoned domain redirects
📤 Stay informed on the regulatory pressure mounting against incident disclosures
On behalf of the entire CyberHub Podcast team—take a moment to honor and reflect today. For those who gave everything, we remember you.
Until next time—stay vigilant, stay informed, and most importantly… stay cyber safe.
✅ Story Links:
https://thecyberexpress.com/banks-urge-sec-to-end-cyber-disclosure-mandate/
https://therecord.media/hackers-charged-infrastructure-dismantled-operation-endgame
https://therecord.media/global-law-enforcement-arrest-270-tied-to-dark-web-drug-sales
https://www.securityweek.com/signal-adds-screenshot-blocker-to-thwart-windows-recall/
https://www.securityweek.com/russian-qakbot-gang-leader-indicted-in-us/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post