Decrypted: Expert Insights Cybersecurity Briefing 

📰 Headlines

• • Google has announced it has entered an agreement to acquire cloud security platform Wiz for $32 billion in an all-cash-deal. If approved, the deal will be the biggest in cybersecurity industry history and the biggest acquisition ever made by Google. Wiz will join the Google Cloud security portfolio. (Google)

• • A game of whack-a-mole ensues as North Korean hackers attempt to launder more than $1.4 billion USD of cryptocurrency stolen from Bybit. Crypto-exchange OKX, a popular tool that the hackers were attempting to use to launder the funds temporarily shut down in response. (TheRecord)

• • FBI Denver has reported an increase in scams involving free online document converter tools used to spread malware and steal personal info. This news comes amid reports on Reddit that federal agents no longer have access to premium document conversion tools like Adobe Acrobat due to budget cuts. X users pointed out the potential risks waiting to happen. (FBI, X)

• Cybercriminals are exploiting CSS (Cascading Style Sheets) to evade email spam filters and email gateways to track users’ email habits, according to Cisco threat researchers. Implementing advanced email security controls is highly recommended. (THN)

• Cybercriminals are exploiting CSS (Cascading Style Sheets) to evade email spam filters and email gateways to track users’ email habits, according to Cisco threat researchers. Implementing advanced email security controls is highly recommended. (THN)

🎣 Phish Report

• • ‘Cybercriminals are weaponizing AI to launch more sophisticated and deceptive attacks,’ including sophisticated phishing attacks, says Zscaler threat researchers in a new report shared with Expert Insights ahead of publication today. Zscaler analyzed 536.5 billion AI and ML transactions in the Zscaler cloud from Feb-Dec 2024. (Zscaler)
  • Multiple researchers have warned of new phishing campaigns targeting M365. Attackers were observed controlling multiple M365 tenants, impersonating Microsoft transaction notifications, and sending out phishing emails using Microsoft infrastructure. (SecurityWeek)

• Bitdefender has warned that hundreds of malicious apps on the Google Play Store are being used to serve full-screen ads and conduct phishing attacks. (THN)
• Hackers are impersonating Booking.com to attempt to trick users into downloading credential-stealing malware, in a new phishing campaign targeting hotel workers. (TheRecord)
• A widespread phishing campaign is targeting Coinbase users with a wallet migration scam, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. (BleepingComputer)
• Cybercriminals are continuing to use malicious OAUTH apps to compromise credentials – with new campaigns detected driving users to harmful M365 phishing pages or targeting GitHub repositories. (DarkReading)
• An HTTP bug in Apple’s password manager app left users ‘vulnerable to phishing’ for almost three months. The attack would have only been possible to execute if the attacker was on the same network as the user & was patched in December. (9to5Mac)

📡 Threat Tracking

• The US Government has revealed that Medusa ransomware affiliates have successfully hit 300 critical infrastructure organizations. Attacks typically started with phishing to steal victim’s credentials. (SecurityWeek)
• A new malware dubbed Arcane is stealing user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. The malware is spread via YouTube videos promoting video game cheats and hacks which encourage users to download a malicious file. (BleepingComputer)
• 7,966 new vulnerabilities impacting the WordPress ecosystem were uncovered last year,most of them impacting different plugins and themes. (SecurityWeek)
• Microsoft has warned of a new Remote Access Trojan (RAT), StilachiRAT, that uses advanced techniques to avoid detection and steal credentials. (THN)

• • North Korean threat actors targeted Korean and English-speaking users with asurveillance tool distributed via Google Play. The malware was disguised phone utility apps – including a fake security app. (SecurityWeek)

• The US Government has revealed that Medusa ransomware affiliates have successfully hit 300 critical infrastructure organizations. Attacks typically started with phishing to steal victim’s credentials. (SecurityWeek)
• A new malware dubbed Arcane is stealing user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. The malware is spread via YouTube videos promoting video game cheats and hacks which encourage users to download a malicious file. (BleepingComputer)
• 7,966 new vulnerabilities impacting the WordPress ecosystem were uncovered last year,most of them impacting different plugins and themes. (SecurityWeek)
• Microsoft has warned of a new Remote Access Trojan (RAT), StilachiRAT, that uses advanced techniques to avoid detection and steal credentials. (THN)

🚨 Industry News

• • Cloudflare has launched a new service that provides real-time threat intelligence based on the attacks monitored by their team. (SecurityWeek)

• • Google has announced a new version of their open-source vulnerability scanning and remediation tool OSV-Scanner with ‘significant new capabilities.’ (Google)

• • Forcepoint has announced it will acquire GetVisibility, an innovative startup in the AI-powered Data Security Posture Management (DSPM) space. (Forcepoint)

• • IRONSCALES has announced a new integration with CrowdStrike Falcon. Email security insights from IRONSCALES can now be integrated with Crowdstrike’s SIEM platform. (IRONSCALES)
  • Startup Orion Security has raised $6 million with a new AI-Driven DLP solution. (SecurityWeek)

🏛️ Cybersecurity Policy

• • The White House has urged all federal agencies to avoid laying off cybersecurity personnel as part of a Thursday deadline to submit budget reduction plans. (Reuters)

• • A ‘DOGE’ staffer broke Treasury policies by sending an email containing unencrypted personal info, according to testimony from a government cybersecurity official in a federal lawsuit. (TechCrunch)
  • US representatives and senators have reintroduced a bipartisan bill to boost the cybersecurity of rural water systems. (SecurityWeek)
  • Multiple cyberattacks are currently causing disruption for public services in four US states, including attacks on police stations, school districts, and courts. (TheRecord)

🎙️ Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

• • 10 Coolest AI Tools We Saw At HumanX

• • What Is the Best Way to Store Emails Long-Term?

• • DMARC Buyers’ Guide 2025

• • Top 10 MDM Solutions For MacOS 

• • Top 10 MDM Solutions For Windows 

That’s all for this week! 👋

Next week our reporter Caitlin Jones will be out in Las Vegas covering ESET World. Stay tuned for her insights and perspectives from experts and CISOs.

Expert Insights’ Cybersecurity Resources

• Top RMM Solutions For MSPs
• Top Mobile Device Management (MDM) Solutions
• Top Email Security Gateways
• Top Email Security Solutions For Office 365
• Top Identity And Access Management Solutions
• Top Phishing Protection Solutions
• Top Phishing Simulation And Testing Solutions
• Top Cyber Threat Intelligence Solutions