On Thursday, February 13, 2025, the Cyber Hub Podcast delivered a broad review of critical security updates, nation-state threats, ransomware activity, legislative changes in cybersecurity, and newly reported vulnerabilities. Host James Azar also reminded listeners to remember their loved ones on Valentine’s Day—emphasizing the importance of balancing personal life with the demanding nature of cybersecurity work.
Below is a detailed, story-by-story breakdown of the podcast, followed by a concise action list.
Valentine’s Day Reminder
The episode started with James Azar humorously reminding the cybersecurity community to mark Valentine’s Day, cautioning listeners not to get so absorbed in work that they overlook their personal lives. He emphasized that a heartfelt gesture—whether simple or elaborate—goes a long way in nurturing relationships. This acknowledgment of Valentine’s Day underscored how critical it is for high-stress professionals to find balance and remember important dates and people in their lives.
Seashell Blizzard Resurgence
One of the primary topics of discussion was the resurgence of a well-known Russian threat actor group, Seashell Blizzard. Formerly recognized under names like Black Energy and BlackEnergy Light, the group made its mark targeting Industrial Control Systems (ICS) and SCADA platforms. Seashell Blizzard’s subgroup has lately been focusing on gaining initial access within critical infrastructure environments, such as energy, water, manufacturing, telecom, and transportation networks.
Notably, the group’s tactics reflect the spillover effects of the ongoing Russia–Ukraine conflict, which began several years ago. Throughout the hostilities, Russian threat actors have been developing and deploying sophisticated malware, continually refining offensive capabilities. These tools and techniques, once used primarily against high-value or nation-state targets, often filter into mainstream cybercrime, posing risks even to organizations with no direct ties to geopolitical flashpoints.
ZKLend Crypto Heist
The podcast next covered a major digital heist involving the decentralized lending protocol ZK Lend, built on the StarkNet layer-two scaling solution for Ethereum. Attackers discovered a flaw in the smart contract logic, manipulating accumulators to siphon off roughly 3,600 ETH—worth approximately 9.5 million USD at the time of the theft. While Starkware, the developer of StarkNet, confirmed that the exploit was not a StarkNet technology issue but rather an application-specific bug, the incident demonstrates the ongoing vulnerability of smart contracts and decentralized finance (DeFi) platforms. ZK Lend attempted to negotiate with the attacker, offering a percentage of the stolen funds as a white-hat bounty if the rest were returned. Whether the attacker will comply remains uncertain, underscoring the uncharted legal and ethical territory of crypto-theft negotiations.
Cybercrime as a National Security Concern
James then delved into findings from the Google Threat Intelligence Group (TAG) and Mandiant. Their research highlighted that financial cybercrime has escalated to the level of a national security threat, especially as state-sponsored groups increasingly integrate or hire cybercriminal organizations to further their own goals. Criminal services, including initial access brokers, malware developers, and infrastructure suppliers, can seamlessly blend into nation-state activity—providing both plausible deniability and cost-effective expertise. Groups such as APT44, APT29, UNC2589, and Turla have been observed using information or access previously obtained by criminal actors, underlining the growing sophistication and interdependence of criminal and state-backed ecosystems.
Ransomware Attack on UniMicron
A newly emergent ransomware group, Sarcoma, claimed responsibility for an attack on UniMicron, a prominent Taiwanese manufacturer of printed circuit boards (PCBs). The ransomware operators threatened to leak 377 GB of stolen data if their demands were not met.
UniMicron is a key player in the global supply chain, producing boards for electronic devices such as smartphones and monitors. The manufacturing sector continues to be a hot target for ransomware attacks, given the high cost of production downtime and potential supply chain disruption, which often compels victim companies to consider paying a ransom to restore operations swiftly.
Japan’s ‘Active Cyber Defense’ Legislation
Switching focus to international policy, James reported on Japan’s legislative move to bolster the country’s cyber defenses. This new framework, referred to as “Active Cyber Defense,” empowers the government to intercept and disable cyberattacks before they proliferate. It follows alerts from Japan’s National Police about ongoing Chinese-backed cyber-espionage campaigns. As threats from major nation-states such as China, Russia, and North Korea intensify, Japan’s efforts to elevate its defensive posture align with a broader global trend toward more proactive or even offensive-leaning cyber policies.
Targeting Unpatched Systems
The podcast also highlighted newly observed spikes in malicious activity aimed at unpatched or poorly maintained systems. GrayNoise, a threat monitoring platform, noted a rise in attempts leveraging older vulnerabilities—particularly CVE-2022-47945 and CVE-2023-49103—that affect frameworks like ThinkPHP and services such as ownCloud. This ongoing focus on unpatched software demonstrates that low-complexity but high-reward exploits remain popular among cybercriminals, who opportunistically scan the internet for easy entry points.
Payment Outage in Israel
Listeners were informed of a major payment disruption in Israel, where Automated Banking Services (Shva) suffered what was initially reported as a “malfunction.” For a few hours, credit card transactions were halted across the country. While official details are pending, reports suggest that a cyberattack could be responsible for the outage. Incidents like this underscore the vulnerability of national financial infrastructures, illustrating why having offline or backup payment methods can be crucial in emergencies.
Patch Alerts from Palo Alto, Ivanti, and Fortinet
In a broader security advisory segment, James discussed important updates published by multiple vendors. Palo Alto announced ten new security advisories, including CVE-2025-0108, which allows unauthenticated attackers to bypass firewall management interface authentication.
Ivanti rolled out eleven fixes for various products (Connect Secure, Policy Secure, Secure Access, etc.), many of which remediate critical remote code execution risks.
Fortinet also released fourteen advisories for products including FortiOS, FortiPortal, FortiAnalyzer, and FortiManager. Although some vulnerabilities require an attacker to be an authenticated user to escalate privileges, others are exploitable by remote, unauthenticated threat actors—further underlining the urgency of patching.
U.S. National Cyber Director Nomination
Finally, the podcast concluded with news of President Trump’s intended nomination for National Cyber Director, Sean Karenlacrosse, a former Republican National Committee official and past CEO of the Millennium Challenge Corporation.
Observers within the cybersecurity community remain cautious about his depth of cyber expertise, as there is little record of significant experience in this domain. The appointment also coincides with a vacancy at CISA, heightening concerns that top-level cyber positions may not yet be receiving the necessary expertise or focus. Many will watch to see how this new director shapes U.S. cyber policy and coordinates national incident response efforts.
Bullet Point Action List
Ensure Robust Patch Management
Immediately apply updates from Palo Alto, Ivanti, and Fortinet, especially for critical vulnerabilities like CVE-2025-0108 (Palo Alto) and critical bugs in Ivanti’s and Fortinet’s suites.
Prepare for Ransomware Incidents
Strengthen incident response procedures, maintain offline backups, and conduct regular tabletop exercises focused on supply chain disruptions.
Assess DeFi and Smart Contract Risks
Audit smart contracts for vulnerabilities and deploy continuous monitoring.
Consider offering bug bounties to incentivize ethical disclosures.
Monitor Nation-State and Cybercrime Convergence
Stay updated on TTPs used by Russian, Iranian, Chinese, and North Korean groups.
Integrate these findings into threat hunting and SIEM correlation rules.
Track Global Cyber Policy Developments
Follow Japan’s “Active Cyber Defense” law and similar international legislation.
Adapt security strategies in anticipation of heightened defensive (and offensive) practices worldwide.
Plan Contingency for Financial Outages
Maintain alternative payment methods and a tested offline failover plan to ensure business continuity.
Observe Leadership Appointments
Remain vigilant regarding changes in U.S. cybersecurity leadership.
Advocate for and support policies that emphasize experienced appointments in key cyber roles.
✅ Story Links:
https://therecord.media/cybercrime-evolving-nation-state-threat
https://www.darkreading.com/cybersecurity-operations/japan-offense-new-cyber-defense-bill
https://www.securityweek.com/palo-alto-networks-patches-potentially-serious-firewall-vulnerability/
https://www.securityweek.com/ivanti-fortinet-patch-remote-code-execution-vulnerabilities/
https://www.cybersecuritydive.com/news/trump-nominate-cairncross-cyber-director/739940/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post