🎙️ Introduction

Good morning, Security Gang!

In today’s episode of the CyberHub Podcast, James Azar breaks down an exceptionally packed day of cybersecurity developments—from major airline disruptions and healthcare manufacturing attacks to a ransomware gang suffering its own breach and the UK's launch of a voluntary secure-by-default framework.

As cyber and physical threats continue to converge, today's show highlights urgent vulnerabilities practitioners must address right now.

Espresso charged, let's get into it!

South African Airways Disruptions After Cyberattack

South African Airways confirmed a cyberattack disrupted internal operations and its mobile app last weekend. Thanks to effective incident response planning and strong network segmentation, flight operations and essential services remained largely unaffected, with normal functionality restored by Saturday evening. The airline is investigating the root cause but has not yet disclosed whether ransomware was involved.

Massimo Corporation Manufacturing Hit by Cyberattack

California-based Massimo Corporation, a health technology manufacturer, reported a cyberattack that temporarily disrupted its manufacturing operations. The company filed an SEC disclosure noting a material impact to its ability to process and ship orders. This case highlights the cybersecurity challenges in IT-OT convergence in manufacturing environments, where ERP and production systems are tightly intertwined, making recovery complex and urgent.

PowerSchool Customers Targeted by Secondary Extortion

Following the December 2024 breach, attackers are now reaching out directly to individual school districts, threatening to leak stolen student and faculty data unless ransom payments are made. PowerSchool reassures that this is not a new breach but warns of escalating supply chain risks when attackers decentralize extortion downstream.

Cisco and SonicWall Push Critical Security Updates

Cisco released patches for 35 vulnerabilities, including one critical flaw (CVE-2025-2188) affecting iOS XE, allowing arbitrary file uploads. Separately, SonicWall urged immediate patching of three critical Secure Mobile Access vulnerabilities (CVE-2025-32819, 32820, 32821), which allow root-level remote code execution. Organizations using Cisco or SonicWall products must prioritize these updates immediately.

CrowdStrike Lays Off 500 Employees Amid AI-Driven Restructuring

CrowdStrike announced it would lay off 5% of its workforce (approximately 500 employees) as part of its effort to achieve $10 billion in annual recurring revenue. CEO George Kurtz emphasized investments in AI, operational efficiency, and scaling customer-facing teams. This move signals intensifying competition in cybersecurity, especially against rising rivals like Palo Alto Networks.

Russian State APT Group Star Blizzard Targets Western Institutions

Google’s Threat Analysis Group warns that Russia’s FSB-linked Star Blizzard group (formerly known under multiple aliases) is leveraging the click-fix technique to infect Western think tanks, government advisors, and journalists. Their new malware family, LostKeys, was observed exploiting fake CAPTCHA lures in sophisticated phishing campaigns between January and April 2025.

LockBit Ransomware Gang’s Admin Panels Hacked

In a rare twist of irony, LockBit’s dark web affiliate panels were hacked and defaced, exposing internal databases. The leak revealed Bitcoin addresses, negotiation chats, build configurations, and admin account details—many with embarrassingly simple plaintext passwords. The breach, while embarrassing for LockBit, did not appear to leak encryption keys, limiting operational impact.

UK Launches Voluntary Secure-by-Default Software Framework

The UK government’s National Cyber Security Centre (NCSC) unveiled a Software Security Code of Practice aimed at raising baseline standards for software vendors. The framework includes 14 principles covering secure development, patch management, and transparency, directly addressing systemic weaknesses in software supply chains and promoting better default security configurations.

Russian Cyberattacks Blend Into Physical Sabotage Across Europe

UK intelligence services warned of a direct connection between Russian cyberattacks and kinetic sabotage plots. Moscow-backed criminal proxies have been implicated in attacks like the DHL parcel bomb incidents in Birmingham and Leipzig, which threatened aviation safety. These revelations further underscore the reality that cyber and physical warfare are now deeply interconnected.

📌 Action Items for Practitioners

• Test Incident Response Plans: Follow South African Airways' model to minimize downtime during breaches.

• Secure IT-OT Convergence Points: Ensure segmentation and monitoring between production and ERP systems.

• Monitor Supply Chain Risks: Watch for second-wave extortion targeting customers post-breach.

• Apply Critical Cisco and SonicWall Patches Immediately: Mitigate remote code execution vulnerabilities.

• Strengthen Employee Cyber Hygiene: Monitor phishing and click-fix attack techniques targeting your staff.

• Evaluate Vendor Security Practices: Leverage the UK’s new security principles as a benchmark.

• Prepare for Hybrid Threats: Recognize the blending of cyber and physical threats in critical infrastructure protection.

Stay Cyber Safe, Security Gang!

Thanks for tuning in. We'll be back Monday at 9 AM Eastern Live!

✅ Story Links:

https://therecord.media/south-african-airways-cyberattack-disrupted

https://www.securityweek.com/masimo-manufacturing-facilities-hit-by-cyberattack/

https://www.bleepingcomputer.com/news/security/powerschool-hacker-now-extorting-individual-school-districts/

https://www.securityweek.com/cisco-patches-35-vulnerabilities-across-several-products/

https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/

https://www.cybersecuritydive.com/news/crowdstrike-to-cut-500-jobs-in-plan-to-scale-business/747401/

https://www.securityweek.com/google-finds-data-theft-malware-used-by-russian-apt-in-select-cases/

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/

https://www.securityweek.com/new-uk-framework-pressures-vendors-on-sboms-patching-and-default-mfa/

https://therecord.media/uk-spies-see-connection-russia

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.