🎙️ Introduction
Good morning, Security Gang!
On this special Cinco de Mayo episode of the CyberHub Podcast, James Azar returns after a brief hiatus with a jam-packed session — over a dozen critical cybersecurity stories from around the globe.
From ransomware targeting food and agriculture to new malware variants, high-profile hacking indictments, and geopolitical cyber moves, this show delivers practitioner-level insights with a double espresso punch.
Coffee cup cheers to kicking off the week right—and powering through today's massive update!
🛡️ Full Story Summaries
Harrods Thwarts Cyberattack Amid Ransomware Spree in the UK
Harrods confirmed it was targeted in a recent cyberattack tied to the larger spree hitting major UK retailers like Marks & Spencer and Co-Op. While Harrods successfully defended its systems with no disruption to its operations, investigators suspect the DragonForce group — a ransomware outfit with Chinese ties — orchestrated the attacks. SentinelOne reports that DragonForce uses phishing, stolen credentials, and known vulnerabilities like Log4j and Ivanti VPN flaws. Given the group's name and methods, there are strong suspicions that the campaign may have geopolitical motives tied to China’s cyber tactics during ongoing tariff disputes.
Magento Supply Chain Attack Hits Hundreds of E-Commerce Sites
A massive supply chain attack involving 21 compromised Magento extensions has impacted between 500 to 1,000 e-commerce stores, including a multinational worth $40 billion. Researchers from Sensac found that backdoors were inserted into trusted extensions as early as 2019 but only activated in April 2025. Attackers took full control over affected servers, exploiting trust in popular extensions developed by vendors like Tigran and MGS. This incident underscores the critical need for continuous monitoring of legacy code, comprehensive extension audits, and maintaining institutional threat knowledge over time.
Ransomware Attacks on Food and Agriculture Double in 2025
Ransomware attacks against the food and agriculture sector have doubled in the first quarter of 2025 compared to last year, according to Food and Ag-ISAC Director Jonathan Bradley. Much of this surge stems from Clop’s exploitation of file transfer vulnerabilities. Alarmingly, many incidents remain unreported, limiting the effectiveness of threat intelligence sharing. From January through March, 84 ransomware incidents were tracked — more than double the 35 seen over the same period last year — pointing to an urgent need for better visibility and collaboration across critical infrastructure sectors.
SteelC Malware Gets a Dangerous New Upgrade
The widely-used SteelC information stealer has released a second major version, making it a bigger threat than ever. Zscaler researchers report that SteelC v2 now supports advanced payload delivery mechanisms, RC4 encryption for stealth, dynamic API resolution, self-deletion, and even real-time Telegram bot integration. The malware can also now capture screenshots across multi-monitor setups, significantly expanding its intelligence-gathering capability. Organizations must immediately update their endpoint protection strategies to defend against SteelC’s rapidly evolving tactics.
Disney Hacker Pleads Guilty After Massive Breach
California resident Ryan Mitchell Kramer, 25, pleaded guilty to charges related to hacking Disney’s internal systems and leaking 1.1 terabytes of sensitive data under the fake hacktivist name "Null Bulge." Kramer initially claimed to be protecting artists' rights but was actually attempting extortion, according to the Department of Justice. After Disney ignored his threats, Kramer leaked stolen data and employee information, leading Disney to abandon Slack for internal communications. He faces up to 10 years in prison and becomes another example of how insider threats often wear a “hacktivist” mask to justify extortion.
TikTok Hit With €530 Million Fine Over Data Transfers to China
The Irish Data Protection Commission fined TikTok €530 million (~$600 million) after finding that the video-sharing giant exposed EU citizens’ personal data to unauthorized access by Chinese staff. The four-year investigation determined that TikTok violated GDPR by failing to ensure "equivalent protections" for user data transferred abroad. TikTok disagrees with the decision and plans to appeal, but the ruling reinforces Europe’s increasingly aggressive stance against tech companies mishandling cross-border data flows.
Black Kingdom Ransomware Operator Indicted in the U.S.
The Department of Justice indicted Rami Khalid Ahmed, a Yemeni national believed to be the mastermind behind the Black Kingdom ransomware campaign. Between 2021 and 2023, Ahmed exploited Microsoft Exchange vulnerabilities (specifically ProxyLogon) to deploy ransomware against nearly 1,500 victims, including healthcare providers, schools, and ski resorts. He demanded ransoms of $10,000 in Bitcoin. Though currently residing in Yemen, Ahmed faces up to 15 years in prison if apprehended. Authorities continue tracking his international cybercriminal operations.
Ukrainian Nefilim Ransomware Operator Extradited to U.S.
Ukrainian national Artem Stryzak was extradited from Spain to the U.S. for his role in deploying the Nefilim ransomware strain against organizations worldwide. Arrested in June 2024, Stryzak faces charges of fraud, extortion, and conspiracy. His extradition underscores the growing success of global law enforcement cooperation against cybercriminal groups.
Raytheon Pays $8.4 Million Settlement Over Cybersecurity Failures
Raytheon Technologies (RTX) has agreed to an $8.4 million settlement with the U.S. government after failing to meet cybersecurity requirements on 29 different defense contracts. Between 2015 and 2021, Raytheon used noncompliant internal development systems to handle sensitive DOD data, violating federal cybersecurity regulations (DFARS/FAR). Although Raytheon admitted no fault, this settlement sends a clear message: defense contractors will be held financially accountable for lax cybersecurity practices.
No Major Cyber Policy Changes Under New Administration
Despite media hype about potential cybersecurity disruptions under President Trump's administration, major tech players — including Amazon, CrowdStrike, Google, and Palo Alto Networks — report no change in federal cybersecurity collaboration or information sharing. While some leadership positions at agencies like CISA have changed, operational continuity appears unaffected, reassuring both government and private sector partners.
U.S. Treasury Targets Cambodian Money Laundering Network
The U.S. Treasury Department designated Cambodia-based Hayon Group as a primary money laundering concern, severing its access to the U.S. financial system. Hayon allegedly helped launder over $4 billion from cybercrime operations, including $37 million tied directly to North Korean cyberheists. This marks another strong step by the Treasury to disrupt cybercriminal financial networks at their roots, targeting illicit revenue flows supporting hostile state operations.
📌 Action Items for Practitioners
Update Threat Intel Playbooks: Add DragonForce TTPs, SteelC v2 behaviors, and Magento extension threats to your monitoring.
Audit E-Commerce Plugins: If using Magento or similar, review all installed extensions immediately.
Reinforce Food and Agriculture Sector Security: Ensure ransomware resilience plans are active.
Review Data Privacy Readiness: Especially if handling EU data, understand the new wave of GDPR enforcement risks.
Monitor Supply Chain Vendors: Vendor compromise is becoming the fastest-growing attack vector.
Stay Current on Legal Risks: Contractor cybersecurity requirements are being actively enforced now.
Expand Dark Web Monitoring: Detect threats before they activate like the Magento backdoors.
Stay Cyber Safe, Security Gang!
(And Happy Cinco de Mayo! 🎉🌮)
✅ Story Links:
https://www.securityweek.com/ransomware-group-claims-attacks-on-uk-retailers/
https://therecord.media/ransomware-attacks-food-and-ag-double-2025
https://www.securityweek.com/man-admits-hacking-disney-and-leaking-data-disguised-as-hacktivist/
https://thecyberexpress.com/ukrainian-extradited-for-nefilim-ransomware/
https://www.securityweek.com/raytheon-to-pay-8-4-million-in-settlement-over-cybersecurity-failures/
https://cyberscoop.com/public-private-threat-intel-sharing-trump-admin/
https://therecord.media/us-fincen-cut-off-huione-group-southeast-asia-cyber-scam
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post