CISO Talk by James Azar
CyberHub Podcast
NSO Ordered to Pay $168 Million, iHeart Radio Breach, CISA Budget Cuts & Direction, 0 Click Attacks, Netweaver Zeroday Exploit, DDoS for Hire Takedown
0:00
-18:18

NSO Ordered to Pay $168 Million, iHeart Radio Breach, CISA Budget Cuts & Direction, 0 Click Attacks, Netweaver Zeroday Exploit, DDoS for Hire Takedown

Massive Legal Wins, Critical Infrastructure Cyber Risks, and the Rising Threat to Airlines and Elections in a Tumultuous Digital Landscape

🎙️ Introduction

Good morning, Security Gang!
Welcome to Episode 906 of the CyberHub Podcast. James Azar returns with a powerful rundown of today’s cyber events—analyzing what matters, why it matters, and what practitioners should do about it.

From landmark lawsuits against spyware companies to critical vulnerabilities under active attack, this episode connects the dots between legal risks, cyber hygiene failures, and global instability fueled by cyber threats.

Double espresso in hand, let's get rolling!

NSO Group Ordered to Pay $168 Million to WhatsApp

A California jury has ordered NSO Group to pay $168 million in damages to WhatsApp, concluding a six-year legal battle over the Pegasus spyware abuses. The case sets a potentially dangerous precedent, holding software manufacturers liable for how governments misuse their products. While NSO could appeal—or even dissolve itself—the broader risk now looms over any cybersecurity or surveillance tool vendor who provides dual-use technologies that could be abused.

iHeartMedia Confirms December 2024 Breach

iHeartMedia disclosed a December breach affecting multiple radio stations, exposing SSNs, financial data, and personal information. Although no attackers claimed responsibility, the breach window—from December 24th to 27th—coincides with the holiday period often exploited by threat actors. The exact scope remains unclear, but breach notifications were filed in multiple states.

Congress Questions Proposed $491 Million Cut to CISA

Homeland Security Secretary Kristi Noem faced bipartisan scrutiny over proposed $491 million cuts to CISA’s 2026 fiscal budget. While Noem defended the refocus toward "core cybersecurity efforts," critics argue that slashing election support and multi-state ISACs weakens national cyber defenses. The controversy also highlights how political perceptions about CISA’s disinformation initiatives under past leadership are reshaping current funding debates.

U.S. Government Issues Warning to Oil & Gas Sectors

The FBI, CISA, EPA, and DOE issued a joint alert warning of growing cyberattacks against the oil and natural gas sectors. Poor cyber hygiene and direct internet exposure of OT systems remain widespread, posing serious risks of disruption and even physical destruction. The government advises urgent network segmentation, phishing-resistant MFA, and secure remote access controls.

SAP NetWeaver Under Active Second Wave of Exploitation

Threat actors are launching a second wave of attacks against SAP NetWeaver servers compromised through a critical CVE-2025-31324 zero-day. Despite patches, follow-on attackers are leveraging previously planted web shells. Winopsis and Mandiant have released a free scanner to help organizations detect compromised systems and mitigate ongoing threats.

Microsoft Telenet Client Zero-Click Vulnerability Disclosed

Researchers disclosed a zero-click vulnerability in the Microsoft Telenet Client, allowing credential harvesting without user interaction. Because Telenet is still enabled on many systems by default, organizations are urged to disable the Telenet client immediately unless absolutely necessary to avoid major risk exposure.

Windows CLFS Vulnerability Actively Exploited by Ransomware

Multiple ransomware groups have been exploiting a Windows Common Log File System (CLFS) vulnerability (CVE-2025-29824) before it was patched in April’s Patch Tuesday. Groups like Storm-2460 and ransomware variants such as RansomEXX are actively leveraging the bug to deploy new malware strains like PipeMagic. Immediate patching is critical.

New PoC Released for Critical Apache Parquet Flaw

Researchers released a functional proof-of-concept (PoC) for a maximum severity Apache Parquet vulnerability (CVE-2025-30065). The new PoC significantly increases the likelihood of exploitation, particularly against unpatched big data infrastructure. Organizations running Apache Parquet must prioritize patching immediately.

Poland Accuses Russia of Pre-Election Cyber Disruption

Polish officials accuse Russia of launching unprecedented cyber and hybrid attacks aimed at destabilizing Poland ahead of its presidential elections. Russian-linked groups have been targeting water, power, and government services. Separately, Polish authorities also took down six DDoS-for-Hire platforms, reinforcing their strong cybersecurity stance against nation-state interference.

Airlines Prioritize Cybersecurity and AI Investments

According to a new CETA report, North American airlines are prioritizing cybersecurity and AI investments to modernize aging infrastructure. With recent cyber incidents targeting airports and aviation systems, nearly 80% of carriers list cybersecurity among their top three priorities, while 50% rank AI integration as a primary investment focus for 2025.

📌 Action Items for Practitioners

  • Monitor Legal and Policy Shifts: Watch the NSO Group case and its impact on software liability.

  • Update Incident Response Plans: Add holiday period monitoring procedures to prevent breaches like iHeartMedia.

  • Audit OT Networks: Immediately segment critical systems, update VPN access, and enforce MFA.

  • Patch SAP, Windows, and Telenet Now: Exploitation is already active; apply all relevant security updates.

  • Scan for NetWeaver Web Shells: Use available free tools from Mandiant and Winopsis.

  • Secure Big Data Systems: Patch Apache Parquet vulnerabilities to prevent future exploitations.

  • Prepare for Election Cyber Threats: Critical sectors should increase monitoring ahead of politically sensitive periods.

  • Review Vendor and MSP Security: Ensure third-party vendors are securing their systems properly, especially in aviation.

Stay Cyber Safe, Security Gang!

See you tomorrow at 9 AM Eastern for another espresso-powered cybersecurity update!

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

✅ Story Links:

https://therecord.media/jury-orders-nso-to-pay-meta-168-million-over-whatsapp-hack

https://therecord.media/iheart-radio-stations-breached-december

https://therecord.media/noem-house-hearing-proposed-cisa-funding-cuts

https://www.securityweek.com/us-warns-of-hackers-targeting-ics-scada-at-oil-and-gas-organizations/

https://www.securityweek.com/second-wave-of-attacks-hitting-sap-netweaver-after-zero-day-compromise/

https://thecyberexpress.com/microsoft-telnet-0-click-vulnerability/

https://www.securityweek.com/second-ransomware-group-caught-exploiting-windows-flaw-as-zero-day/

https://www.bleepingcomputer.com/news/security/apache-parquet-exploit-tool-detect-servers-vulnerable-to-critical-flaw/

https://www.bleepingcomputer.com/news/security/police-takes-down-six-ddos-for-hire-services-arrests-admins/

https://therecord.media/poland-elections-russia-hybrid-threats-disinformation

https://www.cybersecuritydive.com/news/airline-north-america-investments-cyber-ai/747253/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Discussion about this episode