On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matter
• NSA and CyberCom leaders fired for not being MAGA enough
• US Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them
• …which is a great time to discuss slashing CISA’s staffing
• Ransomware crews and bullet proof hosting providers are getting rekt, and we love it
• And Microsoft patches yet another logging 0-day being used in the wild.

This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve.

Show Notes:

Oracle privately confirms Cloud breach to customers https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/

Oracle have finally issued a written notification to customers about their cybersecurity incident. https://bsky.app/profile/doublepulsar.com/post/3lmcfv6s2us2a

Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive https://www.cybersecuritydive.com/news/trump-fires-nsa-director-head-us-cyber-command/744480/

Trump fires numerous National Security Council staff - The Washington Post https://www.washingtonpost.com/national-security/2025/04/03/trump-national-security-council-firings/

Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive https://www.cybersecuritydive.com/news/trump-scrutiny-cisa-cuts/744619/

Hackers Spied on US Bank Regulators’ Emails for Over a Year - Bloomberg https://www.bloomberg.com/news/articles/2025-04-08/hackers-spied-on-100-bank-regulators-emails-for-over-a-year?embedded-checkout=true

This is how Jeffrey Goldberg got added to the Signal chat https://www.theguardian.com/us-news/2025/apr/06/signal-group-chat-leak-how-it-happened

Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News https://therecord.media/cybercriminals-australia-hacking-campaign-pension

$500,000 stolen in Australian super fund data breach | Superannuation | The Guardian https://www.theguardian.com/australia-news/2025/apr/04/australian-super-funds-compromised-cybersecurity-data-breach-hack

Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News https://therecord.media/australia-pulls-95-company-licenses-scam-crackdown

Everest ransomware group’s darknet site offline following defacement | The Record from Recorded Future News https://therecord.media/everest-ransomware-site-offline-following-defacement

On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34). https://x.com/PRODAFT/status/1909342469617053720

There’s a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub https://bsky.app/profile/campuscodi.risky.biz/post/3lm42jfxi5c2k

The DragonForce ransomware group hacked two rivals this month https://bsky.app/profile/campuscodi.risky.biz/post/3lleoxqyvz22l

CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News https://therecord.media/crushftp-vulnerability-exploited

Kill Security Campaign Targets CrushFTP Servers https://x.com/ido_cohen2/status/1909268775653753166

National Vulnerability Database | NIST https://www.nist.gov/itl/nvd

Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop https://cyberscoop.com/microsoft-patch-tuesday-april-2025/

Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457) https://labs.watchtowr.com/is-the-sofistication-in-the-room-with-us-x-forwarded-for-and-ivanti-connect-secure-cve-2025-22457/