Get ready for a riveting exploration of the newest cyber threats and industry shake-ups in this edition of the CyberHub Podcast summary! Fresh off the S4 Conference—where cutting-edge conversations on OT, ICS, and SCADA dominated the scene—our host brings you firsthand insights from security’s front lines.

This installment reveals the latest intel on stealthy APTs, Windows zero-day exploits, critical firewall vulnerabilities, and groundbreaking moves in the identity management space. Whether you’re defending a global enterprise or simply curious about the ever-evolving threat landscape, these stories offer fresh perspectives, actionable guidance, and a glimpse into the future of cybersecurity.

Dive in, stay informed, and plan and execute!

Salt Typhoon APT Goes Global
Salt Typhoon is a Chinese state-sponsored threat group that has orchestrated what could be one of the most severe cybersecurity breaches in U.S. history. Exploiting vulnerabilities in Cisco routers running IOS XC, Salt Typhoon successfully infiltrated telecom companies, ISPs, and universities on multiple continents.

The group’s methods include establishing highly persistent backdoors, often taking victims weeks or months to eradicate. Their global campaign appears aimed at critical infrastructure and research institutions, with key targets in the U.S., South Africa, Europe, and Asia, underlining the urgency of patching and rigorous vulnerability management.

Windows Zero-Day Exploited by Mustang Panda
Israeli threat intelligence firm ClearSky recently reported that Mustang Panda, another Chinese-linked APT, is exploiting a new Windows zero-day. This exploit hides files extracted from RAR archives, rendering them invisible in Windows Explorer while still executable via the command line.

Microsoft has classified the flaw as low severity for now, but the lack of a CVE assignment means organizations should remain vigilant. ClearSky plans to release further details, signaling that defenders need to monitor these developments and prepare to patch quickly once fixes become available.

Palo Alto PAN-OS Vulnerability (CVE-2025-0108)
Palo Alto’s PAN-OS vulnerability (CVE-2025-0108) allows unauthenticated attackers to bypass authentication and execute specific PHP scripts, posing a high-severity threat to affected firewall installations.

The flaw has publicly available exploit details, published by researchers at AssetNote, further increasing the urgency for administrators to apply the Palo Alto-recommended patches. Failure to patch could expose network infrastructures to severe confidentiality and integrity risks, emphasizing the ongoing necessity for robust patch management strategies.

Cyber Attack on Virginia Attorney General’s Office
A cyber attack on the Virginia Attorney General’s Office forced nearly all computer systems offline, including NetDocs, Outlook, Teams, VPN access, and file shares. Virginia State Police and other law enforcement agencies are actively investigating the incident, while legal operations temporarily revert to paper-based processes for court filings.

Details remain scant, but the disruption underscores the potential devastation of attacks against government agencies, which must balance the demands of public service with robust cybersecurity defenses.

‘Final Draft’ Malware Leveraging Outlook Drafts
Researchers at Elastic Security Labs discovered a sophisticated malware named “Final Draft,” which uses Outlook email drafts for command-and-control. The malware infiltrates systems via a custom loader called Pathloader, then establishes persistence by manipulating OAuth tokens in Microsoft Graph API.

With 37 available commands—including data exfiltration, process injection, and pass-the-hash—Final Draft exemplifies the new wave of identity-focused threats. Its stealthy approach highlights the need for close monitoring of email and token usage across corporate environments.

Russia-Linked Storm 2372 Campaign
Microsoft has tracked an ongoing global phishing campaign led by Storm 2372, targeting government and private entities in Africa, Europe, the Middle East, and North America. The attackers use a device code phishing tactic, convincing victims to generate a device code and enter it on a legitimate login page.

This grants the attacker an access token, which can enable long-term account compromise if the token remains valid. The incident spotlights the importance of limiting token lifespans and rigorously monitoring token-based authentication systems.

Texas Investigates Chinese AI Firm DeepSeek
Texas Attorney General Ken Paxton has opened an investigation into DeepSeek, a Chinese AI company, for alleged violations of the state’s data privacy laws.

The probe includes demands for documentation from Apple and Google regarding how they vet such apps before making them publicly available. This investigation aligns with broader national and state-level concerns about data handling and privacy by companies linked to China, signaling an expansion of regulatory scrutiny in the AI and app marketplace.

SailPoint Goes Public (Again)
SailPoint, a prominent provider of identity security solutions, successfully launched a new IPO, raising $1.4 billion at $23 per share. This marks the company’s second foray into the public market, following a $6.9 billion buyout by Thomas Bravo that took it private three years ago.

Concluding its debut with a market cap of approximately $13.3 billion, SailPoint’s move signals renewed investor interest in cybersecurity and may prompt other tech firms to reconsider IPO plans amid a cautiously optimistic market landscape.

CyberArk Acquires Zilla for $165 Million
CyberArk’s $165 million acquisition of identity governance company Zilla demonstrates ongoing consolidation in the cybersecurity sector. With around 40 employees, Zilla adds modern Identity Governance and Administration (IGA) capabilities to CyberArk’s established Privileged Access Management (PAM) platform. The deal helps CyberArk deliver more comprehensive identity solutions, reflecting the heightened market demand for integrated offerings that streamline security controls across both privileged and non-privileged accounts.

Action List

• Patch Immediately:

  • Address known Cisco IOS XC vulnerabilities to mitigate Salt Typhoon risk.

  • Update Palo Alto PAN-OS (CVE-2025-0108) to recommended patched versions.

• Monitor Emerging Threats:

  • Track ClearSky’s forthcoming technical write-up on the new Windows zero-day.

  • Implement detection rules for “Final Draft” malware TTPs, including suspicious OAuth token usage and unusual Outlook draft activity.

• Enforce Secure Token Policies:

  • Reduce token lifespan to limit the window of unauthorized access (e.g., daily refresh).

  • Regularly review identity and access logs to detect abnormal or persistent logins.

• Implement Strong Governance & Patch Management:

  • Conduct regular security audits to ensure timely application of updates.

  • Balance business processes with robust security testing and risk-based patch prioritization.

• Stay Informed & Share Knowledge:

  • Follow advisories from government agencies, major security vendors, and reputable threat intelligence firms.

  • Encourage open communication with executive boards by clearly explaining geopolitical and technology-based risks.

Stay tuned for more deep dives on these stories at CyberHubPodcast.com. Remember, proactive defense, timely patching, and diligent monitoring are key pillars in safeguarding your digital infrastructure. Stay cyber safe!

✅ Story Links:

https://www.darkreading.com/cyberattacks-data-breaches/salt-typhoon-exploits-cisco-devices-telco-infrastructure

https://www.securityweek.com/new-windows-zero-day-exploited-by-chinese-apt-security-firm/

https://www.bleepingcomputer.com/news/security/hackers-exploit-authentication-bypass-in-palo-alto-networks-pan-os/

https://www.securityweek.com/virginia-attorney-generals-office-struck-by-cyberattack-targeting-attorneys-computer-systems/

https://www.bleepingcomputer.com/news/security/new-finaldraft-malware-abuses-outlook-mail-service-for-stealthy-comms/

https://www.securityweek.com/russian-state-hackers-target-organizations-with-device-code-phishing/

https://therecord.media/texas-investigating-deepseek-privacy

https://www.securityweek.com/sailpoint-ipo-signals-bright-spot-for-cybersecurity/

https://www.darkreading.com/identity-access-management-security/cyberark-makes-identity-security-play-zilla-acquisition

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.