Oh No! Lenovo, French submarine data breach, Russian pharmacy cyberattack - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines - July 31, 2025

Host: CISO Series
Episode Title: Oh No! Lenovo, French Submarine Data Breach, Russian Pharmacy Cyberattack

The latest episode of Cyber Security Headlines by CISO Series, hosted by Hadas Kasorla, delves into a series of significant cybersecurity incidents that have unfolded globally. From urgent firmware vulnerabilities in Lenovo desktops to sophisticated data breaches targeting French defense contractors and widespread cyberattacks crippling Russian pharmacies, this episode provides a comprehensive overview of the current threat landscape. Below is a detailed summary of the key discussions, insights, and conclusions drawn during the episode.

1. Lenovo Firmware Vulnerabilities

Timestamp: [00:07]
Lenovo has proactively issued urgent firmware updates addressing a set of high-severity vulnerabilities discovered in their all-in-one desktop models. These flaws reside within the customized H2O UEFI firmware and affect the IdeaCenter AiO3 and Yoga AiO series. Security firm Binarly identified these vulnerabilities, which, if exploited, could allow attackers to bypass secure boot protections. This breach potentially grants adversaries elevated privileges to install stealthy malware at the firmware level.

"Exploiting these bugs could let attackers gain elevated privileges and install stealthy malware at the firmware level." — Hadas Kasorla [00:07]

The urgency of this update underscores the critical nature of firmware security in modern computing devices, emphasizing the need for manufacturers to rigorously test and secure their firmware against potential threats.

2. French Submarine Manufacturer Naval Group Data Breach

Timestamp: [01:30]
A hacker group named Neferpitou has made headlines by leaking 13 gigabytes of internal documents belonging to the French submarine manufacturer, Naval Group. The leaked data ranges from combat system source code and simulation software to weapons configurations and internal communications. Neferpitou claims possession of up to a terabyte of stolen data, with the leaked materials appearing both legitimate and highly sensitive.

"The data is real, but the path it took to get out is still a mystery." — Hadas Kasorla [02:15]

Despite the severity of the leak, Naval Group asserts that there is no evidence of a breach within its internal systems, no confirmed intrusions, and no operational disruptions. The company is currently treating the incident as a reputational attack rather than a confirmed compromise. French authorities and cybersecurity experts are actively investigating the breach, seeking to uncover the methods employed by Neferpitou to obtain and disseminate the data.

3. Cyberattack on Russian Pharmacy Chains

Timestamp: [03:00]
Major Russian pharmacy chains, including Stolichki and Neopharm, have fallen victim to a crippling cyberattack, forcing over 1,100 locations offline. The attack has disrupted payments, prescription processing, and loyalty systems, with some stores entirely shuttered. Although both chains share ownership ties, there is speculation that they may have been jointly targeted.

"No group has claimed responsibility." — Hadas Kasorla [04:00]

Russia's Internet regulator, Roshkomnadzor, has ruled out a Distributed Denial of Service (DDoS) attack as the cause but has not provided further details. This incident is part of a broader wave of cyberattacks targeting various sectors within Russia, including aviation and liquor distribution systems, highlighting the increasing vulnerability of critical infrastructure to cyber threats.

4. Cyberattack on St. Paul, Minnesota

Timestamp: [05:10]
On July 25, 2025, St. Paul, Minnesota, experienced a significant cyberattack that disabled city systems, leading to a state of emergency declaration. The attack's scope was extensive enough to surpass local resources, prompting Governor Tim Walz to deploy the Minnesota National Guard's Cyber Protection Team on July 28th. This team is collaborating with the FBI, state agencies, and private security firms to contain the damage, investigate the breach, and restore services.

"Critical systems like 911 remain operational, but public Wi-Fi, payment systems, and online services were taken offline." — Hadas Kasorla [06:15]

As of the episode's release, no group has claimed responsibility for the attack, and officials have yet to identify the source. The incident underscores the importance of robust cybersecurity measures for municipal infrastructure to ensure the continuity of essential services during cyber crises.

5. IBM’s Annual Cost of a Data Breach Report

Timestamp: [06:45]
IBM released its annual report on the cost of data breaches on July 30, 2025, revealing a notable divergence between global and U.S. trends. Globally, the average cost of a data breach has decreased by 9% to $4.44 million, marking the first decline in five years. This reduction is largely attributed to faster detection and containment strategies implemented by organizations worldwide.

In contrast, the United States has seen a nearly 9% increase in breach costs, reaching a record $10.22 million. Factors contributing to this rise include escalating regulatory penalties, higher detection and escalation expenses, and increased labor costs. The report also highlights burgeoning risks associated with Artificial Intelligence (AI):

"13% of breaches involved AI tools or models and 97% of those lacked proper access controls." — Hadas Kasorla [06:50]

Shadow AI, in particular, has added an average of $670,000 to breach recovery costs, emphasizing the need for stringent access controls and oversight in AI deployments.

6. Quadrupling of Cyber Losses in Mumbai

Timestamp: [07:00]
Over the past eighteen months, Mumbai has suffered cyber losses totaling over 1,100 crore rupees (approximately $135 million USD) due to cyber fraud. The majority of these losses stem from fake trading platforms, cryptocurrency scams, and impersonation tactics such as digital arrests. Victims are often threatened with fabricated legal charges, coercing them into relinquishing their savings.

Authorities believe the actual toll is significantly higher, as many victims refrain from reporting incidents due to fear or embarrassment. In response, India has established a multi-layered support system that includes coordinated fraud response mechanisms across banks, telecoms, and law enforcement agencies, as well as a 24/7 national helpline. Additionally, several cities have initiated cyber help desks and counseling centers providing legal, technical, and emotional support to victims.

7. Security Flaw in Lovense Adult Toy App

Timestamp: [07:25]
A critical flaw discovered in the Lovense adult toy app has left millions of users inadvertently exposed. Researchers identified that with just a username, attackers could access private email addresses and, in some instances, gain unauthorized access to user accounts. The vulnerability was facilitated by a chat-based bug, allowing strangers to join intimate sessions, thereby leaking personal details.

"The chat-based bug allowed strangers to join in, turning intimate play into public display and leaking personal details." — Hadas Kasorla [07:25]

While Lovense has issued a patch to address the issue, cybersecurity experts caution that the fix is not entirely effective, and vulnerabilities remain, making it too easy for malicious actors to exploit the flaw.

Conclusion

The episode underscores the increasingly sophisticated nature of cyber threats affecting diverse sectors worldwide. From critical infrastructure and defense contractors to consumer electronics and personal privacy, the breadth of vulnerabilities highlights the imperative for robust cybersecurity measures. Hosts and experts emphasize the importance of proactive threat detection, timely patching of vulnerabilities, and comprehensive support systems to mitigate the impact of such breaches.

"Stay Alert, Stay Patched, Stay Hydrated." — Hadas Kasorla [07:25]

For more detailed stories and daily updates on cybersecurity, listeners are encouraged to visit CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Thursday, July 31, 2025. I'm Hadas Kasorla oh no. Lenovo Lenovo has issued urgent firmware updates for several of its all in one desktop models to patch a set of high severity vulnerabilities that could allow attackers to bypass secure boot protections. The flaws were discovered in customized inside H2O UEFI firmware by security firm Binarly and affect IdeaCenter AiO3 and Yoga AiO models. Exploiting these bugs could let attackers gain elevated privileges and install stealthy malware at the firmware level. You sunk my battleship. Or did you? Hackers calling themselves Neferpitou have leaked 13 gigabytes of internal documents belonging to French submarine manufacturer Naval Group, everything from combat system source code and simulation software to weapons configurations and internal communications. They claim to have up to a terabyte of stolen data, and the leaked materials appear both legitimate and and highly sensitive. Naval Group says it has found no evidence of a breach in its internal systems, no confirmed intrusions, no operational disruption, but somehow its proprietary data is now circulating online. French authorities and cybersecurity experts are investigating, though the company is currently treating the event as a reputational attack rather than a verified compromise. Neferptu hasn't explained how they got the data, offered no ransom demands and issued only a cryptic 72 hour ultimatum followed by the enjoy and see you next time. The data is real, but the path it took to get out is still a mystery. Russians unable to get a taste of their own medicine A cyber attack has crippled major pharmacy chains across Russia, forcing hundreds of stores offline. Stolichki and Neopharm, together operating over 1100 locations, confirmed service disruptions that impacted payments, prescriptions and loyalty systems, with some stores shuttered entirely. The chains share ownership ties and may have jointly been targeted, though no group has claimed responsibility. Russia's Internet regulator, Roshkomnadzor, ruled out a DDoS attack but offered no further details. The incident follows a wave of cyberattacks on Russian infrastructure, including hits on aviation and liquor distribution systems. The guards got you covered, don't ya know? A cyber attack struck St. Paul, Minnesota on July 25, 2025, disabling city systems and prompting a state of emergency when the scope outpaced local resources. Governor Tim Walz authorized the deployment of the Minnesota National Guard's Cyber Protection Team on July 28th to help contain the damage. The Guard is now working with the FBI State agencies and private security firms to investigate and restore services. Critical systems like 911 remain operational, but public WI fi, payment systems and online services were taken offline. As of now, no group has claimed responsibility and officials have not identified the source of the attack. Huge thanks to our sponsor DropZone AI, security teams everywhere are drowning in alerts. That's why companies like Zapier and CBTS turn to Dropzone AI, the leader in autonomous alert investigation. Their AI investigates everything, giving your analysts time back for real security work. No more 40 minute rabbit holes. If you're at Black Hat, find them in Startup City. Otherwise check out their self guided demo at Dropzone AI. This is how modern socks are scaling without burning out. When they go low, we go high IBM's annual cost of a data breach report released July 30, 2025 reveals a sharp split between global and US trends. Worldwide, the average cost of a data breach fell 9% to $4.44 million. That's the first drop in five years, thanks largely to faster detection and containment. In contrast, U.S. breach costs climbed nearly 9% to a record of $10.22 million, driven by rising regulatory penalties, detection and escalation costs and increased labor expenses. The report also highlights growing AI related risks. 13% of breaches involved AI tools or models and 97% of those lacked proper access controls. Shadow AI alone added an average $670,000 to breach recovery costs In Mumbai, Cyber Losses quadruple Over the last year and a half, Mumbai has lost over 1100 crore rupees, which is approximately 135 million US dollars to cyber fraud. Most of the losses came from fake trading platforms, crypto scams and impersonation tactics like digital arrests. That's where victims are threatened with fabricated legal charges and coerced into handing over their savings. Authorities believe the real toll is much higher as many victims avoid reporting due to fear or shame. In response, India has built a multi layered support system that includes coordinated fraud response across banks, telecoms and law enforcement and a 24. 7 national helpline. Some cities have created cyber help desks and counseling centers offering legal, technical and even emotional support. Don't toy around with security A flaw in the Lovense adult toy app left millions of users unintentionally exposed. Researchers found that with just a username, attackers could uncover private email addresses and in some cases slip inside accounts without permission. The chat based bug allowed strangers to join in, turning intimate play into public display and leaking personal details. Lovense patched things up, but experts say the patch is not fully effective and it's still a little too easy to get in attention Canadian listeners. If you're in Montreal, then you need to join us tomorrow, Friday, August 1, for a CISO Series meetup. David Spark will be hosting the event at the Crew Cafe starting at 8:30am Network with some fellow CISO series fans. Play some games, or at the very least, grab a coffee. For more details, head on over to our events page@cisoseries.com if you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I'm Hadaska Sorla, reporting for the CISO series. Stay Alert, Stay Patched, Stay Hydrated.
[07:35]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.