Good morning, Security Gang! As March kicks off, the cybersecurity landscape continues to evolve at a rapid pace, blending emerging nation-state tactics, new vulnerabilities, and legislative moves that could reshape the global data security environment. The following comprehensive rundown covers each major story mentioned in this episode of the Cyber Hub Podcast, offering the latest insights and implications for cybersecurity professionals worldwide.
This edition of the Cyber Hub Podcast highlights an escalating wave of cyber incidents, legal challenges, and policy proposals around the globe. We begin with the Philippines Army disclosing a cyber breach and follow up with ransomware activity threatening critical media outlets. Attention then shifts to Chinese cybercriminals targeting manufacturing organizations, followed by rising cyber concerns at the state and local government levels.
Legislative developments in France raise new questions about encryption backdoors and VPN regulation, while a newly disclosed zero-day vulnerability is spotlighted by Amnesty International. We also look at the continuing risk of exposed secrets in AI training data, Microsoft’s latest pushback against criminal Azure abuse, a successful government crypto seizure, and a high-profile cybercriminal’s arrest in Thailand.
Finally, we round out with a leadership appointment at CISA, setting the stage for more changes in U.S. cybersecurity strategy.
Philippines Army Cyber Attack Disclosure
The Philippine Army recently confirmed an attempted illegal access of its systems, allegedly claimed by a group called Exodus Security. Although the army suggests that no significant damage or theft occurred, reports indicate that up to ten thousand records, possibly including personal, medical, and even criminal information, may have been compromised. While the breach’s authenticity remains under scrutiny, the situation underscores ongoing tensions and cyberespionage campaigns in the Asia-Pacific region—particularly as the Philippines navigates geopolitical pressures from China.
Lee Enterprise Ransomware Breach
U.S.-based media conglomerate Lee Enterprise is the latest victim of a ransomware attack attributed to the “Key-Lean” (also known as Agenda) ransomware group. After negotiations apparently stalled, the threat actors threatened to leak stolen data publicly unless their ransom demands are met by March 5. Lee Enterprise’s SEC filing indicates a potential material impact, emphasizing the continued financial, reputational, and operational risks of such breaches for large organizations.
Chinese Cyber Criminals Exploiting VPN Bug
Research from Check Point, shared exclusively at CPX 2025, exposes a month-long espionage campaign exploiting a known vulnerability in Check Point security gateways (CVE-2024-24919). Allegedly tied with low confidence to China’s APT41, the campaign compromised OT organizations across multiple continents, focusing on valuable manufacturing intellectual property. Attackers used a combination of lateral movement and backdoor implants, highlighting the continuing risk that nation-states pose to supply chains and critical infrastructure.
Evolving OT Threats and MS-ISAC Warnings
Building on the manufacturing espionage news, the Multi-State Information Sharing and Analysis Center (MS-ISAC) warns that state, local, and municipal agencies are increasingly targeted. Resource constraints, outdated systems, and limited cybersecurity expertise create a potent vulnerability in these public institutions, making them prime targets for financially motivated criminals and nation-state adversaries.
French Legislative Proposals on Encryption & VPNs
Privacy-focused email and VPN providers are raising alarms over proposed French laws seeking to force encryption backdoors and compel VPN providers to block access to blacklisted websites. The legislation calls for fines up to 2% of annual global turnover for non-compliance. Critics argue that such mandates could drive technology companies out of France, stifle privacy innovation, and ultimately harm both the cybersecurity and business ecosystems.
Amnesty International Zero-Day Revelations
A zero-day vulnerability in the Linux USB Video Class driver (CVE-2024-53104) was found to be exploited by a mobile forensics tool used by Serbian authorities. Amnesty International’s technical disclosure highlights how advanced surveillance methods are increasingly used against activists and journalists. This case underscores how software bugs, especially in widely used drivers, can have serious human rights implications.
Common Crawl Secrets Found in AI Training Data
Researchers from Truffle Security discovered nearly 12,000 valid secrets, including API keys and passwords, in the massive public Common Crawl repository. This trove is commonly used to train large language models by tech giants worldwide. The incident amplifies concerns that artificial intelligence could inadvertently learn or reveal sensitive information, underscoring the need for safer data collection and preprocessing standards.
Microsoft Names Suspects in Azure Abuse Lawsuit
In a lawsuit against cybercriminals allegedly tied to global network “Storm-2139,” Microsoft identified four individuals from Iran, the UK, China/Hong Kong, and Vietnam who reportedly abused Azure OpenAI services. Microsoft’s naming of specific suspects demonstrates a more aggressive approach to curbing cybercrime, in hopes that public accountability and potential legal action will deter similar activities.
U.S. Authorities Recover $31 Million in Crypto
In a breakthrough for cryptocurrency-related cybercrime, U.S. investigators recovered $31 million stolen in 2021 from Uranium Finance, a DeFi protocol on the Binance Smart Chain. Although it took several years, this successful seizure indicates the increasing collaboration between law enforcement agencies and crypto-exchanges to identify and freeze illicit funds—even across borders and blockchain platforms.
Major Data Breach Suspect Arrested in Thailand
Thai authorities apprehended a 39-year-old man believed responsible for over 90 large-scale data leaks worldwide. Operating under multiple aliases, he specialized in extortion, leaking sensitive data to media outlets or regulatory bodies to increase pressure on victims. The suspect’s arrest is a significant step toward dismantling one of APAC’s most active cybercriminal networks in recent years.
Karen Evans Appointed Executive Assistant Director at CISA
Karen Evans has been named the new Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). With deep leadership experience at OMB, DOE, and other federal initiatives, Evans is expected to streamline cybersecurity efforts and push for stronger defenses at both government and enterprise levels. Her appointment arrives while the agency awaits the nomination and confirmation of a new CISA Director.
Action Items & Calls to Action
Review Patching & Access Controls
Ensure all systems, including VPN gateways and Linux drivers, are fully patched to prevent unauthorized access attempts.Bolster Incident Response
Have a clear IR plan that accounts for ransomware demands, lateral movement, and backdoor installations.Monitor Legislative Changes
Follow emerging data privacy and encryption laws—especially in the EU—to anticipate potential operational or compliance hurdles.Conduct Supply Chain & OT Security Audits
Evaluate all third-party vendors and operational technology environments for vulnerabilities, focusing on known threat vectors used by state-sponsored actors.Implement Robust Encryption Solutions
Validate encryption solutions that are resistant to legislative backdoors, safeguarding your organization’s privacy and data integrity.Secure Secrets in AI Workflows
Integrate scanning and filtering tools to detect and remove exposed credentials in data used for AI training models.Collaborate with Law Enforcement
Report any suspicious crypto transactions or data extortion threats to relevant authorities to leverage coordinated global actions and recover funds.Strengthen Governance for Public Institutions
Advocate for increased cybersecurity funding and expertise at state and local levels, recognizing the growing risk to public-sector infrastructures.
Stay vigilant and proactive in this evolving cyber threat climate. For more in-depth coverage and an easy-to-share written format with action items, visit CyberHubPodcast.com. Your engagement is crucial to keeping the Security Gang informed and resilient. Stay cyber safe!
✅ Story Links:
https://therecord.media/philippines-army-confirms-hack
https://www.darkreading.com/ics-ot-security/chinese-apt-vpn-bug-worldwide-ot-orgs
https://www.cybersecuritydive.com/news/critical-infrastructure-state-local-cyber/741273/
https://www.securityweek.com/microsoft-names-suspects-in-lawsuit-against-ai-hackers/
https://therecord.media/hacker-arrested-bangkok-data-breaches-extortion
https://thecyberexpress.com/karen-evans-new-executive-assistant-director/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post