Cyber Security Headlines – CISO Series Episode Released on July 21, 2025

Host: Steve Prentiss
Podcast: Cyber Security Headlines
Produced by: CISO Series

In this episode of Cyber Security Headlines, host Steve Prentiss delves into several critical cybersecurity incidents and vulnerabilities impacting various sectors globally. Below is a detailed summary of the key topics discussed, complete with notable quotes and timestamps for reference.

1. Aruba Access Points Vulnerability

[00:00] Steve Prentiss:
“Hewlett Packard warns of hard-coded passwords in Aruba access points.”

• Overview: Hewlett Packard has issued a warning regarding hard-coded credentials in Aruba Instant On access points. These devices, designed for small to medium-sized businesses, offer enterprise-grade Wi-Fi features managed via a cloud mobile app.

• Implications: The presence of hard-coded passwords allows attackers to bypass standard device authentication, granting unauthorized access to the web interface of these access points.

• Severity: The issue has been assigned a CVE number and a critical CVSS score of 9.8, indicating a high-risk vulnerability that requires immediate attention.

2. SharePoint Zero-Day Exploitation

[02:30] Steve Prentiss:
“SharePoint Zero day exploited via remote code execution, no patch available.”

• Details: A critical zero-day vulnerability in Microsoft SharePoint has been actively exploited since at least July 18. This vulnerability allows for remote code execution, and as of now, no patch is available.

• Impact: At least 85 servers worldwide have been compromised. The vulnerability was initially demonstrated by Vietl Cybersecurity during Pwn2Own Berlin, where it was exploited in conjunction with other Microsoft SharePoint flaws using a tool shell attack.

• Microsoft's Response: While Microsoft addressed related tool shell flaws in the July Patch Tuesday updates, the new variant remains unpatched. Microsoft has clarified that Microsoft 365 is not affected and is actively working on a security update to mitigate the issue.

3. Encrypt Hub Targets Web3 Developers

[05:15] Steve Prentiss:
“Encrypt Hub uses fake AI platforms to target Web3 developers.”

• Attacker Profile: Encrypt Hub, also known as Larva208, is shifting its focus from ransomware to data harvesting, specifically targeting Web3 developers.

• Methodology: The group employs Information Stealer malware and entices victims through counterfeit AI platforms like Norlax AI. They pose as job recruiters or portfolio reviewers to gain the trust of developers.

• Exploitation Tactics: Malicious meeting links are distributed via platforms such as X Telegram and job boards like Remote3, masquerading as legitimate interview invitations.

• Vulnerability: Freelance developers in decentralized ecosystems are especially at risk due to often limited security measures in place.

4. Ransomware Attack on Russian Vodka Producer

[08:45] Steve Prentiss:
“Russian vodka producer suffers ransomware attack.”

• Victim: NovaBev Group, the Russian producer and distributor of Beluga and Belenkaya vodka brands.

• Attack Details: NovaBev has reported technical issues caused by an unnamed organization demanding a ransom. In response, the company has shut down over 2,000 liquor stores across Russia.

• Financial Impact: Experts estimate the attack is costing NovaBev up to $3.8 million daily. Additionally, the company's website and mobile app are currently non-operational.

• Attribution: No ransomware group has claimed responsibility for this attack to date.

5. Fortinet Web Flaw Added to CISA’s Known Exploited Vulnerabilities Catalog

[12:00] Steve Prentiss:
“CISA adds Fortinet 40 web flaw to known exploited vulnerabilities catalog.”

• Vulnerability Details: The newly cataloged flaw is an SQL injection vulnerability with a CVSS score of 9.6, allowing unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP or HTTPS requests.

• Exploitation Activity: Active exploitation began on July 11, coinciding with the release of a proof-of-concept exploit. This has led to the compromise of dozens of systems.

• Recommendations: Organizations utilizing affected Fortinet Web versions are strongly urged to apply updates immediately to mitigate potential breaches.

6. Japanese Police Release Decryptor for Phobos Ransomware

[15:30] Steve Prentiss:
“Japanese police release decryptor for Phobos ransomware following arrests.”

• Action Taken: Japan's national police agency has released a free decryption tool and an English-language guide for organizations affected by the Phobos ransomware.

• Background: The Phobos and eight related groups have extorted over $16 million from approximately 1,000 victims worldwide since 2019.

• Collaboration: The decryption tool was disseminated with assistance from the European Cybercrime Centre and the FBI, specifically the FBI Baltimore office, which led the investigation resulting in charges against Phobos affiliates earlier in the year.

7. UK Government Alerts on Malware from Russian Actors

[18:20] Steve Prentiss:
“UK government warns of malware attributed to Russian actors.”

• Threat Actor: The Russian group APT28, also known as Fancy Bear and Forest Blizzard, is identified as deploying new malware variants.

• Malware Characteristics: Nicknamed Authentic Antics, this malware targets the Windows operating system and operates within Microsoft Outlook, prompting users to enter their credentials.

• Data Compromise: Upon credential entry, the malware steals both credential data and OAuth authentication tokens, granting attackers access to services like Exchange Online, SharePoint, and OneDrive.

• Data Exfiltration: The stolen data is sent to an attacker-controlled email address without appearing in the sent folder, making detection more challenging.

8. Cyberattack on Virginia Radiology Practice

[21:50] Steve Prentiss:
“Virginia Radiology practice suffers a cyberattack.”

• Institution Affected: Radiology Associates of Richmond, Virginia, a practice with over a century of operation since 1905.

• Incident Details: An infiltration occurred between April 2nd and 6th, 2024, with confirmation made a year later on May 2nd.

• Data Compromised: Personal and health information of over 1.4 million individuals was accessed. No ransomware group has taken responsibility for this breach.

Conclusion

In this episode, Steve Prentiss provides a comprehensive overview of the latest cybersecurity threats and incidents, emphasizing the evolving tactics of cybercriminals and the critical need for organizations to stay vigilant. From vulnerabilities in widely-used hardware and software to sophisticated ransomware attacks targeting specific industries, the landscape of cyber threats continues to expand and become more intricate.

For those interested in diving deeper into these stories, Steve encourages listeners to visit CISOseries.com for the full articles behind each headline.

This summary captures the essential points discussed in the episode, providing insights into current cybersecurity challenges and responses. For real-time updates and further information, regularly tuning into Cyber Security Headlines by CISO Series is recommended.