Below is a concise weekend summary of the major cybersecurity stories covered this week on the CyberHub Podcast, followed by a combined bullet list of critical vulnerabilities and patches to help you stay protected.

Major Stories

1. UK Government vs. Apple: Encrypted iCloud Data

• The UK issued a Technical Capability Notice (TCN) that could force Apple to provide hidden access to encrypted iCloud data.

• Apple has yet to confirm whether it will comply or challenge this request, raising significant global privacy and legal concerns.

2. Global DeepSeek AI Ban

• Multiple regions and countries—including Australia, Italy, and the U.S. government—have banned or restricted DeepSeek AI.

• Investigations revealed poor encryption, unencrypted data transmission, and possible ties to Chinese state interests.

3. Healthcare Under Siege: Hospital Sisters Health System Attack

• The breach disrupted operations in several Wisconsin and Illinois hospitals, affecting nearly 883,000 individuals.

• Highlights the value and vulnerability of healthcare data, emphasizing the need for robust backups and downtime preparedness.

4. Ransomware & Financial Threats

• Avery (labeling giant) suffered a ransomware attack that led to a card skimmer on its site. Over 67,000 customers may have had payment data stolen.

• Lee Enterprises, a large U.S. newspaper group, faced a severe cyber event consistent with ransomware symptoms.

• 8Base Ransomware was taken down by international law enforcement, though threat actors frequently rebrand to evade capture.

5. Emerging Malware Campaigns

• Large-Scale Brute-Force Attack: Over 2.8 million IP addresses used to target credentials for Palo Alto, Ivanti, and SonicWall devices.

• “Flexible Ferret” MacOS Malware: North Korean actors trick users with fake job interviews, installing remote access malware on macOS.

• Android Banking Trojans in India: Attackers rely on live phone numbers to intercept one-time passwords, affecting more than 50,000 individuals.

6. Critical Infrastructure Focus

• Trimble CityWorks Zero-Day (CVE-2025-0994): A high-value target for attackers due to the platform’s role in managing critical infrastructure data.

• Seashell Blizzard Resurgence: A Russian ICS-focused threat actor ramping up attacks on energy, water, and manufacturing sectors.

7. Government and Policy Updates

• Japan’s “Active Cyber Defense” legislation: Aims to proactively intercept cyberattacks linked to ongoing Chinese cyber-espionage campaigns.

• British Military Shortens Training: Accelerated 4-week boot camp plus specialized 3-month cyber program to address urgent defensive needs.

• U.S. National Cyber Director Nomination: Sean Cairncross’s appointment raises questions about cyber-specific expertise at the highest level.

8. Noteworthy Breaches & Incidents

• Hewlett Packard Enterprise Office 365 Breach: Limited mailbox compromise potentially exposed personal and financial data.

• OpenAI Credentials on Dark Web: Claims of “20 million” compromised accounts likely linked to info-stealing malware, not a direct breach.

9. Financial Infrastructure Disruptions

• Israel Payment Outage: A suspected cyberattack briefly halted credit card transactions across the country, underscoring the fragility of national payment systems and geo-political tensions are the fragile ceasefire and hostage release nears an end.

10. Crypto & DeFi Exploits

• ZK Lend Heist: Attackers stole ~3,600 ETH (~USD 9.5M) via a smart contract logic flaw. The incident highlights ongoing vulnerabilities in decentralized finance (DeFi) and crypto heists.

Share

All Vulnerabilities & Patches in One Place

Below is a consolidated bullet list of the vulnerabilities and patches mentioned across various vendors and platforms this week.

1. Apple

   • iOS/iPadOS 18.3.1: Fixes a critical flaw allowing attackers with physical device access to bypass USB Restricted Mode.

   • Action: Update all iPhones/iPads immediately.

2. Trimble CityWorks

   • Zero-Day (CVE-2025-XXXX): Manages critical infrastructure data but doesn’t control industrial processes directly.

   • Action: Apply patches (versions 15.8.9 and 23.10) to mitigate.

3. Microsoft Patch Tuesday

   • 55 fixes across Windows OS and apps.

   • High-severity bugs include:

     • CVE-2025-2139 (Windows Storage EoP): Attackers can delete critical files.

     • CVE-2025-21418 (WinSock Driver): Enables system privilege escalation.

     • CVE-2025-21376 (LDAP RCE): Potential wormable exploit between servers.

     • CVE-2025-21387 (Excel): Exploitable via Preview Pane.

   • Action: Patch Windows systems ASAP.

4. Adobe Critical Updates

   • 45 vulnerabilities affecting Adobe Commerce, InDesign, Illustrator, InCopy, and Substance 3D Designer.

   • Could lead to remote code execution and privilege escalation.

   • Action: Update to the latest versions for all Adobe products in use.

5. Intel 2024 Vulnerability Report

   • 374 vulnerabilities patched across software, firmware, and hardware in 2024 alone.

   • Action: Regularly update Intel drivers, firmware, and software tools.

6. ICS Security (Siemens & Schneider Electric)

   • Siemens: 14 new advisories (covering ~100 vulnerabilities), including Scalance W, SIPROTEC 5, and more.

   • Schneider Electric: 9 vulnerabilities in ASCO Remote On-Kit AIR products, some rated high severity.

   • Action: Patch or apply mitigations; consider micro-segmentation to limit ICS exposure.

7. Fortinet

   • Clarification on reported “zero-day”: Not actively exploited in the wild, but critical flaws (CVE-2025-24472) could allow creating unauthorized admin accounts.

   • Action: Update FortiOS, FortiProxy, FortiWeb to latest versions and review admin credentials.

8. OpenSSL (CVE-2024-12797)

   • High-severity flaw around raw public keys in TLS authentication.

   • Affects OpenSSL 3.2, 3.3, 3.4 with raw public keys explicitly enabled.

   • Action: Upgrade to 3.2.4, 3.3.2, or 3.4.1 if using affected versions.

9. GFI Grail Control Firewall (CVE-2023-52875)

   • One-click RCE flaw still unpatched in ~12,000 instances.

   • Action: Update to version 9.4.5 Patch 1 immediately.

10. Palo Alto, Ivanti, and Fortinet

• Palo Alto: CVE-2025-0108 allows unauthenticated bypass of firewall management interface.

• Ivanti: 11 fixes addressing RCE across multiple products (Connect Secure, Policy Secure, etc.).

• Fortinet: 14 advisories spanning FortiOS, FortiAnalyzer, FortiManager, and more.

• Action: Prioritize these critical patches as threat actors are actively scanning.

Leave a comment

Wrapping Up

This week’s CyberHub Podcast highlights a wide range of threats—from government pressure on Apple’s encryption to global bans on AI apps, major healthcare breaches, critical zero-days in ICS platforms, and expanding ransomware tactics. The key to defense remains a robust patch management strategy, active threat monitoring, secure backups, and strong user awareness programs—especially as nation-state attackers and cybercriminals increasingly overlap in techniques and tools.

Stay vigilant, apply the above patches swiftly, and be prepared for both the known and the unexpected in the fast-evolving cyber threat landscape. Enjoy your weekend—and stay cyber-safe!