News

Expert Insights Cybersecurity Industry News Recap: 9 – 16 January 2025

Stay ahead in cybersecurity with this week’s top updates from Expert Insights.

Cybersecurity Industry News Recap

💡 Here’s everything you need to know about new threats, key acquisitions, and urgent patches in under five minutes.

What’s driving your agenda for this week?


📰 Headlines

  • The FBI and the DoJ have removed China-linked PlugX malware from more than 4,200 US computers. (The Record)
  • Microsoft’s Digital Crimes Unit (DCU) has announced it is taking legal action to disrupt cybercriminals targeting it’s AI services. (Microsoft)
  • A malware campaign has compromised over 5,000 WordPress sites, adding rogue admins, installing malicious plugins and stealing data. (Bleeping Computer)
  • Researchers have uncovered a new malvertising campaign targeting Google Ads advertisers by attempting to phish credentials via fraudulent Google Ads. (THN)

🎣 Vulnerabilities, Bugs, & Hacks

  • CISA has warned agencies to patch a BeyondTrust command injection vulnerability (CVE-2024-12686) being actively exploited in attacks. (BleepingComputer)
  • Apple has recently patched a macOS vulnerability that allowed hackers to install malicious kernel drivers. (BleepingComputer)
  • Arctic Wolf researchers have observed a recent campaign targeting publicly exposed management interfaces on Fortinet FortiGate Firewalls. (ArcticWolf)
  • A weakness in Google’s OAuth login feature could enable attacks that register ‘abandoned’ domains access to former employee accounts linked to SaaS platforms. (BleepingCompter)
  • Cybercriminals are adopting new social-engineering methods to circumvent iMessage’s built-in phishing link protection feature. (BleepingComputer)

🏛️ Policy & Legislation

  • President Biden has issued a new executive order governing AI use for cyber defense and aiming to tighten cyber regulations for federal agencies. (Politico)
  • CISA has reported a ‘surge’ in enrolment to its Cyber Hygiene service from critical infrastructure organizations over the last two years. (Cyberscoop)
  • The UK Government is considering implementing new legislation for a ban on ransomware payments by the public sector and by operators of critical national infrastructure. (SecurityWeek)
  • The European General Court has fined the European Commission (the executive arm of the EU) for violating EU data privacy laws. (THN)

🚨 Vendor News & Announcements

  • Darktrace will acquire cloud threat hunting platform Cado Security. Darktrace was acquired by Thoma Bravo for $5.3 billion in October. (CRN)
  • Security awareness provider Hook Security has acquired Haekka, a Slack-based security training platform. (Hook Security)

📟 Product Releases & Patches

  • Microsoft’s January ‘Patch Tuesday’ included security updates for 159 flaws, including 8 zero-day vulnerabilities. (BleepingComputer)
  • Ivanti recently released patches for its Connect Secure VPN appliances to fix a zero-day threat allowing remote attacks to execute arbitrary code. (SecurityWeek)
  • Adobe has rolled out patches for multiple vulnerabilities affecting Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and the Adobe Substance 3D Designer. (SecurityWeek)

🎙 Expert Insights: Interviews

Don’t miss this week’s round of interviews & roundups with cybersecurity experts and thought leaders.

That’s all for this week! 👋

If you have any feedback or stories to share, get in touch with [email protected].


Expert Insights’ Cybersecurity Resources