Good Morning Security Gang!
Welcome to the Wednesday, July 30th, 2025 episode of the CyberHub Podcast. One more day until we close out July and head straight into August—and you know what that means: Hacker Summer Camp is right around the corner. Today’s show is absolutely packed. We’re covering major incidents across France, Russia, the U.S., Poland, and the cybersphere at large.
There’s sabotage, ransomware, international politics, and some seriously concerning security flaws. So let’s not waste time—grab your double espresso, coffee, or Coke Zero (tastes way better in Israel, trust me)—and let’s dive into today’s stories.
🇫🇷 Orange Telecom Cyberattack Hits France’s Backbone
France’s largest telecom operator, Orange, disclosed a cyberattack on one of its systems, impacting operations across Europe and Africa. Serving 290 million people, Orange is currently investigating with no confirmed data theft yet. France’s cybersecurity agency ANSSI is involved, and while attribution is still murky, there's speculation this could follow the Salt Typhoon pattern we saw in U.S. telecoms. With Orange's broad international footprint, this could evolve into a multinational cyber investigation.
💊 Russian Pharmacies Shut Down After Cyber Strike
Russia continues to reel from another cyberattack—this time on its pharmaceutical infrastructure. Two major pharmacy chains, Stolichky and NeoFarm, were forced to shutter nearly 1,000 locations in Moscow. This follows closely on the heels of the Aeroflot breach.
"The gloves have come off in the cyber domain... these attacks are designed to send a clear message to the Russian population and leadership that we're no longer restrained." James Azar
These back-to-back civilian-impacting attacks signal that cyber gloves may be off in the ongoing Russia-Ukraine conflict, especially following President Trump’s ten-day ultimatum to Putin to end the war. The use of cyberattacks to ramp up internal unrest in Russia is clearly becoming a strategic tool.
🏙 National Guard Deployed in Minnesota Over St. Paul Cyberattack
In a rare move, Minnesota Governor Tim Walz activated the National Guard to respond to a cyberattack on the state capital’s IT systems. The City of St. Paul shut down critical services, including Wi-Fi in libraries and online utility payments. Officials say the attack targeted sensitive employee data, and recovery is now a joint state, local, and federal operation. While deploying the Guard for cyber incidents is unusual, it underscores how ill-prepared some state capitals are when it comes to incident response.
💔 “Tea” Dating App Breach Exposes Thousands of Women’s Data
The Tea app, designed to let women safely discuss dating experiences, was rocked by two successive cybersecurity incidents. One led to the exposure of 72,000 images, including 13,000 photo IDs. A second flaw exposed messages discussing sensitive topics like cheating, abortion, and even users' phone numbers. The app is now offline and under investigation. It's a grim reminder that nothing is truly anonymous online.
🕷 Scattered Spider Hits Snowflake Customers, Again
Scattered Spider is still active and adapting. This time, they’re targeting Snowflake customer environments using social engineering against help desks to gain unauthorized access, deploy malware via remote tools like AnyDesk, and exfiltrate vast amounts of data. The group isn’t attacking Snowflake itself, but exploiting weak internal controls of its customers. This is a people and process problem—not a tool problem.
"This isn't about another tool – there's not a tool that's going to help you with Scattered Spider. There's only procedures and controls that you put in place when humans interact with other humans." James Azar
⚗ SAP NetWeaver Exploit Used in Chemical Sector Attack
A sophisticated cyberattack leveraged CVE-2025-31324 in SAP NetWeaver to deliver Autocolor Linux malware to a U.S.-based chemical company. Discovered by Darktrace, the malware adjusts its behavior based on privilege levels and hides using shared object injection. The campaign began in April and shows advanced evasion capabilities. Expect more APTs to exploit similar vertical-specific vulnerabilities.
🖥 Lenovo BIOS Vulnerabilities Threaten Persistent Malware Attacks
Six new flaws have been found in Lenovo’s IdeaCentre and Yoga desktops’ BIOS, particularly within the System Management Mode. Four of these are rated high severity, and could allow attackers to bypass Secure Boot and deploy stealthy rootkits. Lenovo has issued patches for IdeaCentre, with Yoga fixes on the way. These low-level firmware threats are among the hardest to detect and clean.
🪙 FBI Seizes $2.4M from Chaos Ransomware Affiliate “Horse”
The FBI has seized 20 Bitcoin, worth $2.4 million, from a ransomware affiliate known as “Horse.” The seizure relates to extortion payments from Texas companies. While the amount seems small, these actions deter criminal activity and increase the cost of laundering stolen crypto. Ransomware actors are starting to feel the sting in their wallets, especially as Bitcoin values rise.
🔥 Russian Hybrid Warfare Tied to Sabotage in Poland
Poland has detained 32 individuals—including Poles, Russians, Belarusians, Ukrainians, and even a Colombian national—accused of carrying out arson and sabotage attacks under orders from Russian intelligence. These hybrid warfare tactics blur the lines between cyber and physical conflict. One Colombian suspect was even sentenced in the Czech Republic for attempting to bomb a shopping mall. Telegram was reportedly used for recruitment. Yes, this is real life, and it’s happening across borders.
🧠 James Azar’s CISO Take
What we’re witnessing this week is the continued fusion of geopolitical tension and cyber operations. Orange Telecom’s breach is likely part of a broader telecom targeting effort. Russian infrastructure is crumbling under sustained cyber pressure. And now even the National Guard is stepping in for domestic cyber response. The lines between cyber conflict and real-world consequences are vanishing. If you're not building response playbooks that account for kinetic escalation from cyber incidents, you're behind.
The other major theme is that cybercrime groups like Scattered Spider aren’t using zero-days—they're using humans. They’re manipulating help desks, abusing remote tools, and exploiting broken processes. Tools are great, but if you’re not building muscle memory through tabletop exercises and process refinement, then you’re leaving the front door wide open. It's time to shift our focus back to basics—identity, access, and procedural resilience.
✅ Action Items
🛠 Patch Lenovo BIOS vulnerabilities (CVE-2025-4421 to 4426) and monitor for firmware threats
🔐 Review help desk procedures for password resets and MFA re-enrollment
🛑 Block AnyDesk if not business-critical; monitor for unauthorized installs
📡 Patch SAP NetWeaver (CVE-2025-31324) in industrial control environments
👮♀️ Coordinate with law enforcement for ransomware-related crypto tracing
💬 Ensure secure messaging and PII handling in consumer-facing apps like Tee
📖 Update IR playbooks to account for geopolitical hybrid warfare scenarios
🛰 Monitor telecom partners and suppliers for state-backed threat indicators
✅ Story Links:
https://therecord.media/orange-telecom-france-cyberattack
https://www.yahoo.com/news/articles/major-cyber-attack-closes-hundreds-125722686.html?guccounter=1
https://therecord.media/minnesota-governor-activates-national-guard-st-paul-cyber-attack
https://therecord.media/scattered-spider-targeting-snowflake-access-data-exfiltration
https://www.securityweek.com/lenovo-firmware-vulnerabilities-allow-persistent-implant-deployment/
https://therecord.media/poland-32-suspects-pro-russia-sabotage
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post