Newsletter

Expert Insights Cybersecurity Industry News Recap: 30 January – 6 February 2025

Last updated on Apr 3, 2025
Joel Witts
Written by Joel Witts
Vendor News Recap

🌐  In under five minutes, we’ll explain the critical cybersecurity stories you should know from the last week. 

In today’s issue: more DeepSeek security concerns, a major acquisition from Sophos, and a bumper batch of patches and updates.

Listen on the Expert Insights Podcast:

Listen to this briefing in under 5 minutes on the Expert Insights Podcast.

📰 Headlines

  • Chinese GenAI platform DeepSeek has ‘critical safety flaws’ according to AI security researchers at Cisco and UPenn. The researchers praised the performance of the model but claimed that ‘compared to other frontier models, DeepSeek R1 lacks robust guardrails.’ (Cisco Blog)
  • Ransomware payments dropped for the first time in years – down 35% from $1.12 billion to $812 million – according to a report from Chainalysis. The drop was credited to increased law enforcement disruptions on ransomware gangs. (The Record)
  • Google has found that hackers and state-sponsored groups are abusing Google’s Gemini, primarily for productivity gains rather than to develop or conduct novel AI-enabled cyberattacks. (BleepingComputer)
  • 768 CVEs were exploited in 2024, a 20% YoY increase, according to a report from VulnCheck. Organizations should maintain strong patch management practices to stay protected. (THN)

🎣 Vulnerabilities, Scams, & Hacks

  • A new phishing campaign is targeting organizations using Microsoft’s Active Directory Federation Services, involving exploiting the trusted environment with spoofed login pages to steal user credentials and bypass MFA controls. (Abnormal Security)
  • Hackers in Southeast Asia are using fake wedding invitations to distribute a new strain of Android malware named Tria, reports threat researchers at Kaspersky. (The Record)
  • Cybercriminals placed fake Google Search Ads targeting Microsoft Bing advertisers. The ads lead to phishing sites designed to steal the login info of users trying to access Microsoft’s advertising platform. (THN)
  • Apps containing malicious SDKs designed to steal cryptocurrency wallet recovery phrases were found on the Apple and Google app stores by Kaspersky threat researchers. (BleepingComputer)
  • Google blocked over 2.3 million security policy-violating Android apps from the Google Play app marketplace in 2024 and banned over 158,000 developer accounts. (THN)

🚨 Vendor News & Announcements

  • Sophos has now completed its $859m USD acquisition of Secureworks. Sophos says the purchase of Secureworks positions it as the largest provider of MDR services globally, with over 28,000 customers. (CybersecurityDive)
  • Cybersecurity startup Riot has raised $30m USD in Series B funding. Riot provides a platform that helps employees to improve their cybersecurity posture and stay protected from phishing. (SecurityWeek)
  • Clutch Security has raised $20m USD in Series A funding for its platform that protects non-human identities, including API keys, certificates and secrets. (SecurityWeek)

📟 Product Releases & Patches

  • Microsoft has disclosed and mitigated a critical vulnerability (CVE-2025-21415) which impacted the Azure AI Face Service and could allow attackers to bypass authentication methods. No customer actions are required. (CybersecurityNews)
  • Google has released patches to address 47 security flaws in the Android operating system, including one actively exploited vulnerability. (THN)
  • Netgear has patched two critical vulnerabilities affecting multiple Wi-Fi router models, and are urging customers to update to the latest firmware as soon as possible. (BleepingComputer)
  • Zyxel has advised that two exploited vulnerabilities in multiple legacy DSL CPE products will not be patched, as the affected models are legacy devices. Customers are advised to replace these solutions with new gen equipment. (SecurityWeek)
  • Amazon has released several security updates for its data warehousing service Reshift, including controls to prevent misconfigurations. (BleepingComputer)

🏛️ Policy, Law, Legislation

  • Former Department of Energy official Karen Evans has joined the Cybersecurity and Infrastructure Security Agency as a senior advisor in its cybersecurity division.  (NextGov)
  • Italy’s data protection agency has blocked DeepSeek’s service within the country, citing a lack of information on the platform’s data privacy policies. (THN)
  • US and Dutch law enforcement agencies have seized dozens of domains linked to a Pakistan-based cybercriminal group known as Saim Raza. (TheRecord)
  • Russian hackers are suspected of hacking the personal email account of UK Prime Minister Keir Starmer, according to a new book. (TheTimes)

🎙 Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

That’s all for this week! 👋

Do you have any stories to share with Expert Insights, or any feedback on the format of this newsletter? Please let us know.

Contact [email protected]

Expert Insights’ Cybersecurity Resources

Written By Written By
Joel Witts
Joel Witts

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.