Good Morning Security Gang,

🎙️ Welcome Back: A Brief Note from the Host

James Azar opens with gratitude for the support during the podcast's short pause.

While the full story behind the break will come later, the show is back live with key cybersecurity updates across enterprise, infrastructure, and global geopolitics.

A must-watch live session is also announced for 3:30 PM ET featuring RSA insights with Andy Ellis and Alan Alford.

🛠️ SAP Zero-Day Exploit Threatens Over 10,000 Applications

A critical zero-day vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer is under active exploitation. Scoring a perfect 10.0 on the CVSS scale, the bug allows unauthenticated uploads of malicious binaries. RelyQuest discovered the flaw amid multiple customer breaches, some of which had already applied April’s patch. James urges SAP users and third-party risk managers to immediately assess downstream exposure across supply chains.

🔌 Nova Scotia Power IT Network Hit by Cyber Attack

A cyberattack targeted Nova Scotia Power and its parent company Emera, affecting IT—not OT—systems. The attack forced isolation of affected servers and slowed call center operations. No ransomware confirmation, but the incident echoes Colonial Pipeline’s IT disruption. Notably, solid segmentation kept critical services functional.

📱 SK Telecom to Replace 25M SIM Cards After UCM Data Breach

SK Telecom will replace SIM cards for 25 million users due to a recent breach, but has only 6 million cards available. Malware had been detected across the network, raising fears of SIM swap attacks. James emphasizes the importance of scalable business continuity plans, noting the company’s risk-reduction efforts—despite logistical constraints.

🚛 Kintetsu World Express Confirms Ransomware Attack

The Japanese logistics giant suffered a ransomware attack impacting global cargo operations. KWE, a subsidiary of a major Japanese rail firm, is notifying customers but has not disclosed scope or attacker details. A classic case of targeted disruption in the supply chain sector.

🕵️ APT28 Targets French Government Entities

Russia’s Fancy Bear (APT28) is back, hitting at least a dozen French ministries, think tanks, and aerospace firms. The French government attributes the attack to a wide espionage campaign using tools like OceanMap Stealer and phishing campaigns. James notes France's limited cyber deterrence as a longstanding vulnerability in European geopolitics.

🔍 Massive Surge in Git Config Scans Sparks DevSecOps Concern

Threat actors are aggressively scanning the internet for exposed .git/config files—up to 4,800 IPs in one 24-hour period. These files often hold secrets or authentication tokens. James reminds dev teams: secure your CI/CD pipelines, scan for secrets pre-merge, and never expose Git directories publicly.

🔋 CATL EV Batteries Raise National Security Flags

China’s CATL, the world’s largest EV battery maker, may embed surveillance tools via their cloud-connected Battery Management System (BMS). The Pentagon and others fear remote kill-switches or data siphoning in EVs exported worldwide—including Tesla, BMW, Ford, and more. James links this risk to China’s broader strategic tech ambitions and potential parallels with past Israeli operations against Hezbollah using communication implants.

🧙 China's 'Wizards' APT Deploys SpellBinder Lateral Movement Tool

APT group “Wizards” uses a tool called SpellBinder to execute adversary-in-the-middle attacks via IPv6 spoofing. It reroutes traffic and injects malware through legitimate Chinese software updates. First seen in abuse of Sogou Pinyin, this marks a trend in leveraging trusted software pipelines for persistence and evasion.

🌐 Chrome and Firefox Patch Critical Vulnerabilities

Google Chrome 136 and Firefox 138 received major updates fixing multiple high-severity bugs. With exploitation down in 2024 compared to 2023, Google credits secure development practices. Still, the fight’s far from over as attackers pivot toward less-secured platforms like Ivanti and SonicWall.

🕳️ Google Reports Fewer Zero-Days Exploited in 2024

Google observed a significant drop in zero-day exploits, particularly in browsers and mobile platforms—down by a third and half respectively. Government espionage and spyware firms still dominate exploit sources. North Korea now matches China in the number of observed zero-day exploits, a new trend worth watching.

✅ Action List for Security Practitioners

• 🔧 Patch SAP NetWeaver systems immediately and audit your vendor tech stacks.

• 🧪 Scan third-party domains and infrastructure for SAP exposure using threat intelligence tools.

• 📞 Update incident response playbooks with contact protocols for IT outages—not just OT.

• 🔒 Disable public access to .git directories and embed secrets scanning in DevOps.

• 📶 Monitor mobile device firmware and IoT battery integration in EV fleets for potential data links.

• 🚨 Track APT activity, especially Fancy Bear and Chinese lateral movement tactics.

• 📲 Ensure all browsers and mobile devices are up to date with the latest security releases.

• 🧠 Anticipate RSA debriefs and upcoming cybersecurity trends in today’s 3:30 PM live session.

Catch you live later today—and until then, stay cyber safe.

✅ Story Links:

https://www.securityweek.com/sap-zero-day-possibly-exploited-by-initial-access-broker/

https://therecord.media/nova-scotia-energy-provider-takes-servers-offline

https://www.bleepingcomputer.com/news/security/sk-telecom-cyberattack-free-sim-replacements-for-25-million-customers/

https://therecord.media/kintetsu-world-express-ransomware-attack-japan

https://www.securityweek.com/france-blames-russia-for-cyberattacks-on-dozen-entities/

https://www.bleepingcomputer.com/news/security/hackers-ramp-up-scans-for-leaked-git-tokens-and-secrets/

https://www.securityweek.com/chinas-secret-weapon-how-ev-batteries-could-be-weaponized-to-disrupt-america/

https://thehackernews.com/2025/04/chinese-hackers-abuse-ipv6-slaac-for.html

https://www.securityweek.com/chrome-136-firefox-138-patch-high-severity-vulnerabilities/

https://www.cybersecuritydive.com/news/zero-day-exploits-google-report-vulnerabilities-enterprise/746556/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.