News

Expert Insights Cybersecurity Industry News Recap: 17 – 23 January 2025

Stay informed with this week’s essential cybersecurity updates.

Cybersecurity Industry News Recap

Welcome to the Expert Insights weekly cybersecurity news roundup.

🔍 In just five minutes, we’ll cover the latest on emerging threats, major acquisitions, and critical patches that demand your attention.

What’s shaping your team’s priorities this week?


📰 Headlines

  • The US Treasury have announced sanctions on Chinese hackers responsible for the breach of Treasury Department workstations last month. The sanctions target a Chinese hacker and a China-based cybersecurity company. (SecurityWeek)
  • Researchers have warned of Mirai malware targeting vulnerabilities in Avtech cameras and Huawei routers to catch devices in a botnet. The campaign has been active for six months, with at least 1,300 systems infected. (SecurityWeek)
  • Hackers have earned over $700,000 USD so far at the ‘Pwn2OWN Automotive 2025’ hacking competition in Tokyo this week for finding vulnerabilities in EV chargers and connectors. (SecurityWeek)
  • Cloudflare was able to detect and block the largest DDoS attack ever recorded – a 5.6 Terabit per second attack – during the week of Halloween in 2024. (Cloudflare)

🎣 Vulnerabilities, Bugs, & Hacks

  • Russian cybercriminals are operating a new scam on Microsoft 365. The attack involves flooding victims with thousands of spam emails, then impersonating tech support via Microsoft Teams calls to gain access and install ransomware on their devices. (The Record)
  • A previously unknown China state-sponsored hacker group has been targeting users in East Asia with malicious VPN installers, according to a new report from ESET. (The Record)
  • California-based education tech provider PowerSchool is notifying students and teachers that their personal information was compromised in a data breach in December 2024. (SecurityWeek)
  • Hewlett Packard Enterprise is investigating claims of a breach after a threat actor claimed to have stolen documents from the company’s developer environment. (BleepingComputer)
  • Two critical security flaws have been discovered impacting premium real estate plugins for WordPress, enabling unauthenticated users to gain administrative privileges. (BleepingComputer)

🚨 Vendor News & Announcements

  • SailPoint, an identity security provider currently owned by Thoma Bravo, is pursuing a return as a public company. (CRN)
  • Cloud-native application security company Sysdig has launched Stratoshark, a new open-source tool that extends Wireshark network visibility into the cloud. (SiliconAngle)
  • Security data curation pipeline startup Axoflow has raised $7 million USD in a seed funding round, bringing the total raised by the company to close to $10 million. (SecurityWeek)
  • Application security company DryRun Security has raised $8.7 million USD in a recent seed funding round. (SecurityWeek)

📟 Product Releases & Patches

  • Oracle has released it’s January 2025 Critical Patch update which addresses 318 security vulnerabilities across it’s products and services. (THN)
  • 7-Zip has patched a vulnerability that allowed attackers to bypass the Mark of the Web Windows security feature and execute code on users’ computers. All users should update as soon as possible. (BleepingComputer)
  • Cisco has released patches for three vulnerabilities, including a critical bug in Meeting Management. (SecurityWeek)

🏛️ Policy & Legislation

  • Newly inaugurated US President Donald Trump has revoked a 2023 Executive Order requiring developers of AI systems to share the results of safety tests with the US government, signalling a focus on promoting AI innovation. (Reuters)
  • The Trump administration has dismissed all members of Department of Homeland Security advisory panels, including the Cyber Safety Review board. The committee issues reports and recommendations addressing major cybersecurity incidents. (The Record)
  • The FBI and CISA have issued new guidance for software vendors, including making several recommendations such as avoiding hardcoding secrets. (Cybernews)
  • The European Union is working on new ‘action plan’ to strengthen cybersecurity in healthcare, focussing on prevention, detection, impact mitigation and deterrence. (CSO Online)

🎙 Expert Insights: Interviews & Buyers Guides

Don’t miss this week’s round of interviews & buyers guides with cybersecurity experts and thought leaders.


That’s all for this week! 👋

Do you have any stories to share with Expert Insights, or any feedback on the format of this newsletter? Please let us know.

Contact [email protected]


Expert Insights’ Cybersecurity Resources