Cyber Security Headlines - Episode Summary Hosted by CISO Series | Release Date: June 24, 2025

1. DHS Warns of Retaliatory Iranian Cyber Attacks

Lauren Verno opens the episode by highlighting the Department of Homeland Security's (DHS) recent national advisory concerning potential Iranian cyber retaliation. In the wake of President Trump's airstrikes on three Iranian nuclear sites, the DHS anticipates an escalation in cyber activities from Iranian state-sponsored hackers and pro-Iranian hacktivists targeting U.S. infrastructure.

Lauren Verno (00:07): "Iranian cyber threat actors are expected to ramp up operations against US Targets following President Trump's recent airstrikes on three Iranian nuclear sites."

The advisory underscores Iran's history of targeting critical infrastructure, political campaigns, and operational technologies within the U.S., primarily through malware-based attacks. Iranian-linked groups have already signaled their intent to retaliate, increasing concerns over national cybersecurity.

2. Steel Giant Nucor Confirms Breach

Next, Verno discusses the cyberattack on Nucor, North America's largest steel producer. The incident resulted in data theft and temporarily halted operations across several facilities.

Lauren Verno (02:15): "Nucor confirmed a cyber attack that led to the data theft and the temporary shutdown of operations at several facilities."

Despite restoring affected systems and observing no ongoing unauthorized access, the nature of the breach suggests a possible double extortion ransomware attack, although no group has claimed responsibility yet. The SEC filing revealed that only limited data was exfiltrated, alleviating some immediate concerns but leaving the door open for future threats.

3. Ransomware Hits Healthcare System Again

The episode moves on to another significant cyber incident involving McLaren Healthcare. This Michigan-based hospital network suffered its second major ransomware attack within a year, compromising sensitive data of over 740,000 patients.

Lauren Verno (04:50): "McLaren Healthcare has confirmed a ransomware attack that compromised sensitive data for over 740,000 patients."

The breach exposed personal information including names, Social Security numbers, and medical records. McLaren has responded by notifying victims and offering a year of free credit monitoring. Early indicators suggest involvement of the Inc. Ransomware gang, based on the ransom note circulated online.

4. SALT Typhoon Targets Canadian Telecom Providers

Verno brings attention to SALT Typhoon, a Chinese state-sponsored hacking group actively targeting Canadian telecom networks. A notable breach in February 2025 exploited a critical Cisco vulnerability, months after its public disclosure.

Lauren Verno (06:30): "Salt Typhoon is actively targeting networks with a confirmed breach in February of 2025 that exploited a critical Cisco flaw."

Despite prior warnings, several critical infrastructures remain unpatched, exacerbating the risk as SALT Typhoon intensifies its activities across telecom and other key sectors. The Canadian Center for Cybersecurity and the FBI have raised alarms about the ongoing threats posed by these persistent attackers.

5. Iran-Linked Attacks Hit Globally

Expanding on the earlier discussion about Iranian cyber threats, Verno details recent cyberattacks linked to Iran that have impacted global targets.

Lauren Verno (05:45): "Iran linked attacks hit Globally now as tensions with Iran escalate, recent cyber attacks abroad serve as a stark reminder that Iranian linked hackers are already actively targeting critical systems worldwide."

In Albania, the group Homeland Justice, associated with Iran's Islamic Revolutionary Guard Corps, disrupted public services by taking down the capital's website and exfiltrating data. Similarly, in Saudi Arabia, Cyber Fatah leaked thousands of personal records related to the 2024 Saudi Games, revealing sensitive information of athletes and officials. These actions are part of a broader information warfare campaign aimed at advancing Iran's anti-U.S., anti-Israel, and anti-Saudi agendas.

6. Fake Zoom Calls Used to Deploy Malware

The podcast highlights a sophisticated social engineering tactic involving fake Zoom calls to deploy malware, attributed to North Korea's Blue Noroff hacking group.

Lauren Verno (07:20): "We are now learning that a scheme of fake zoom calls to deploy malware is greater than first thought."

Victims, primarily in the cryptocurrency and financial sectors, are deceived into running fake Zoom audio fix scripts or downloading malicious extensions. Attackers employ deepfakes, spoofed domains, and Telegram to deliver malicious payloads, leading to data theft, keyloggers, and persistent backdoors within compromised systems.

7. UK Retailers Lose Millions in Cyber Attacks

The final major headline covers the substantial financial losses UK retailers have faced due to cyberattacks. Marks & Spencer and Co-op are among the hardest hit, with estimated damages totaling up to €440 million (approximately $591 million USD).

Lauren Verno (08:00): "Cyber attacks targeting major UK retailers like Marks and Spencer and Co Op are estimated to cost up to 440 million euros."

Britain's Cyber Monitoring Center (CMC) implemented a new classification system for systemic cyber events, and these attacks were categorized as Category 2 incidents. Marks & Spencer experienced the most significant financial impact, while Co-op dealt with severe operational disruptions, particularly in rural areas. This classification aims to provide clarity for insurers and policymakers in addressing and mitigating such large-scale cyber threats.

Conclusion

In this episode of Cyber Security Headlines, Lauren Verno comprehensively covered the escalating cyber threats linked to geopolitical tensions, significant breaches in major industries, and innovative attack vectors like fake Zoom calls. The discussed incidents underscore the critical need for robust cybersecurity measures and proactive defense strategies to protect against increasingly sophisticated and state-sponsored cyber threats.

For those interested in more detailed stories and daily updates, visit CISOseries.com.

Note: All timestamps correspond to the moments when the respective topics were discussed in the podcast.