Welcome to your cybersecurity news recap with Expert Insights.đ
In under five minutes, weâll cover the critical cybersecurity news from the past 7 days.
đ Our calendars are already starting to fill up with industry events! What will your first conference be in 2025?
đ° Headlines
- DeepSeek, the Chinese startup AI company making global headlines this week, was forced to temporarily limit signups due to âlarge-scale cyber-malicious attacksâ on Monday. US tech stocks tumbled after reports of DeepSeekâs advanced capabilities and low spending. (Axios)
- International law enforcement agencies have seized domains for several infamous hacking forums including âCrackedâ and âNulled,â which are âwidely regardedâ as hubs for cybercriminal activity. (BleepingComputer)
- A GenAI tool called âGhostGPTâ is being offered to cybercriminals to help generate malicious code and phishing emails. (Abnormal)
- UnitedHealth confirms 190 million Americans were affected by the Change Healthcare data breach last year, making it the largest breach of medical data in US history. (TechCrunch)
đŁ Vulnerabilities, Scams, & Hacks
- Telecommunications firm TalkTalk has confirmed it has fallen victim to a data breach involving a third-party platform. The incident was revealed after a threat actor wrote on a hacking forum that they were offering the sale of information of 18.8 million TalkTalk customers. (SecurityWeek)
- Nearly 1,000 fake Reddit and WeTransfer pages are being used to spread Lumma Stealer malware, according to Sekoia.io threat research. (SCWorld)
- A Texas county serving 37,000 residents has issued a declaration of disaster after a cybersecurity breach âinvolving a virus that has affected several internal systems.â (TheRecord)
- A threat actor is targeting German & Polish speaking users via phishing emails carrying malicious attachments including a previously undocumented .NET backdoor that leverages the Tor network to evade detection. (HelpNetSecurity)
- Zimperium has tracked a phishing campaign impersonating the United States Postal Services, exclusively targeting mobile devices, using PDFs to hide malicious links designed to steal credentials & data. (Zimperium)
đ¨ Vendor News & Announcements
- NinjaOne intends to acquire cloud-data backup provider Dropsuite for approximately $252 million USD. NinjaOne CEO Sal Sferlazza said: âDropsuite will help our customers be more successful by extending data protection from the endpoint to SaaS applications, automating and simplifying backup, and filling critical data protection gaps.â (NinjaOne)
- Exposure Management leader Tenable has signed an agreement to acquire Vulcan Cyber for approximately $137 million USD. Vulcan Cyberâs capabilities will augment Tenableâs exposure management platform. (Tenable)
- Email security vendor Barracuda has announced new email security capabilities aimed at protecting against account takeover attacks. (CRN)
- JumpCloud has acquired Stack Identity, a next-gen identity and access management solution. The acquisition will deepen JumpCloudâs existing capabilities in the identity security space. (JumpCloud)
đ Product Releases & Patches
- Phishing attack alerts are being added to Microsoft Teams for all customers by mid-February. (BleepingComputer)
- Microsoft is previewing a âscareware blockerâ feature named Defender SmartScreen for Edge web browsers which uses machine learning to prevent tech support scams. (BleepingComputer)
- Google has announced a new âIdentity Checkâ feature for Android that locks sensitive settings behind biometric authentication when outside trusted locations. (BleepingComputer)
- Apple has released security updates to fix a zero-day vulnerability (CVE-2025-24085) tagged as actively exploited in attacks targeting iPhones. (BleepingComputer)
đď¸ Policy, Law, & Legislation
- The EU has sanctioned three Russian nationals for allegedly carrying out âmalicious cyber activitiesâ against Estonia. (THN)
- The US department of Health and Human Services (HHS) has launched a consultation on enhancing cybersecurity measures for health data covered by HIPAA. (CSO)
- The DoJ has indicted 5 people for running a âlaptop farmâ used in a North Korean IT worker scam that affected at least 64 companies. (TheRecord)
- Over 30 industry groups are calling for Congress to enact federal data privacy legislation that will override the current system of state defined data privacy legislation. (TheRecord)
đď¸ Expert Insights: Latest From Us
Donât miss this weekâs round of interviews & insights with cybersecurity experts and thought leaders.
- Flashpointâs Ian Grey On Navigating Dark Web Monitoring
- Trustifiâs Zack Schwartz On The Complex Email Security Landscape
- CNAPP Buyersâ Guide For 2025
- 4 Cloud backup Experts Share Their Advice For Security Leaders
- 8 Email Security Experts On Trends To Follow In 2025
Thatâs all for this week! đ
Do you have any stories to share with Expert Insights, or any feedback on the format of this newsletter? Please let us know.
Contact [email protected]
Expert Insightsâ Cybersecurity Resources
- The Top RMM Solutions For MSPs
- The Top Mobile Device Management (MDM) Solutions
- The Top Email Security Solutions For Office 365
- The Top Email Security Gateways
- The Top Multi-Factor Authentication (MFA) Solutions For Business
- The Top Phishing Protection Solutions
- The Top Cyber Threat Intelligence Solutions
