Newsletter

Cybersecurity Industry News Recap: February 6 – 13 2025

Last updated on Apr 3, 2025
Joel Witts
Written by Joel Witts
Cybersecurity Industry News Recap

Welcome to your five minute cybersecurity news recap from Expert Insights.

Today we’re covering a massive IoT data breach, the ‘Sandworm’ Russian hacking group, the takedown of the 8Base ransomware gang, and malicious code hidden on AI models.

What’s driving your cybersecurity agenda this week? Get in touch with our team: [email protected]

Listen on the Expert Insights Podcast:

Listen to this briefing in under 5 minutes on the Expert Insights Podcast.

📰 Headlines

  • A massive IoT data breach has exposed 2.7 billion data records including Wi-Fi Network names, passwords, and IP addresses. The database was linked to a China-based IoT grow light company with an app available on iOS and Android. (Infosecurity Magazine)
  • International law enforcement agencies have arrested 4 Russian nationals suspected of leading the ‘Phobos’ and ‘8Base’ ransomware gang. 27 servers linked to the criminal network were taken down. (EuroPol)
  • A subgroup of Russian state-backed hacker group ‘Sandworm’ has been running a multi-year campaign to hack organizations in the US and Europe, targeting the energy sector, government, telecoms, and shipping. Sandworm has been involved in targeting users in Ukraine. (TheRecordBleepingComputer)
  • Hackers have been able to hide malicious code in AI models hosted on Hugging Face (HF), by exploiting vulnerabilities in so-called ‘Pickle files.’ HF is a popular platform used by developers to build models, datasets and applications. (CyberNews)

🎣 Vulnerabilities, Scams, & Hacks

  • A massive brute force password attack using almost 2.8 million IP addresses has been operating since last month, targeting credentials for a wide range of network devices. (BleepingComputer)
  • Hewlett Packard Enterprise have begun to notify people that their personal information could have been compromised in a December 2023 hack by a Russian state-sponsored hacking group. (SecurityWeek)
  • An exploit for SonicWall Firewalls has been discovered (CVE-2024-53704), enabling hackers to bypass authentication mechanisms in certain versions of SonicOS SSLVPN. A patch is now available. (BleepingComputer)
  • Over 12,000 KerioControl firewalls are exposed to an exploited remote code execution vulnerability (CVE-2024-52875). The bug was patched back in December. (BleepingComputer)

🚨 Vendor News & Announcements

  • SolarWinds will become private after a $4.4 billion USD acquisition by Turn/River Capital. (SecurityWeek)
  • CyberArk, a leading identity provider, has acquired Zilla Security, an identity governance and administration solution, for $165 million in cash, plus a $10 million performance-based earn-out. (SecurityWeek)
  • Drata, a compliance automation provider, intends to acquire SafeBase, an AI powered AI Trust Center platform for security and compliance information in a reported $250m USD deal. (SecurityWeek)
  • Microsoft is offering more rewards for its Copilot AI Bounty Program, as part of significant updates designed to improve the program’s effectiveness and encourage more participation. (Microsoft)
  • Cybersecurity startup Astra Security has received $2.7 million USD in a funding round led by Emergent Ventures. (SecurityWeek)

📟 Product Releases & Patches

A bumper set of updates this week for February’s Patch Tuesday. We highly recommend customers should update affected software as soon as possible.

  • Apple has emergency patched a zero-day exploit that may have been exploited against specific individuals. Apple described the exploit as a ‘physical attack’ that could disable USB Restricted Mode on a locked device. (PCMag)
  • Microsoft has released fixes for 63 security vulnerabilities, including two actively being exploited. (THN)
  • Ivanti and Fortinet have announced patches for several vulnerabilities across their products. (SecurityWeek)
  • Adobe has patched 45 vulnerabilities across multiple products and warned of remote code execution exploitation. (SecurityWeek)
  • SAP has released 21 security patches including six high priority updates for vulnerabilities in its enterprise software. (SecurityWeek)
  • Google has paid out a $55,000 USD bug bounty and released a Google Chrome update to patch four high-severity vulnerabilities. (SecurityWeek)

🏛️ Policy, Law, & Legislation

  • President Trump is reportedly planning to nominate Sean Cairncross as the next national cyber director. (TheRecord)
  • House Republicans on the House Committee on Energy and Commerce have started a new group to draft a national data privacy legislation bill. (TheRecord)
  • Victims in dozens of European countries have been targeted by Paragon spyware, according to the Italian government. Italy’s cybersecurity agency is investigating alleged hacking attempts by Paragon Solutions. (TheRecord)

🎙 Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

That’s all for this week! 👋

Do you have any stories to share with Expert Insights, or any feedback on the format of this newsletter? Please let us know.

Contact [email protected]

Expert Insights’ Cybersecurity Resources

Written By Written By
Joel Witts
Joel Witts

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.