SecurityWeek Briefing.

"Texas governor orders ban on DeepSeek, RedNote for government devices."

Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 02 February 2025, 0003 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

SecurityWeek

83K followers44 articles per week#security#tech

60

Most popular

Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices

Texas bans Chinese apps on devices

•

by Associated Press / 12h

“Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps,” Abbott said. The post appeared first on SecurityWeek .

Unprotected DeepSeek Database Exposed Chats, Other Sensitive Information

DeepSeek database exposes user data

•

by Eduard Kovacs / 2d

An unprotected database belonging to Chinese AI company DeepSeek exposed highly sensitive information, including chat history, secret keys, and backend data. The post appeared first on SecurityWeek .

ChatGPT, DeepSeek Vulnerable to AI Jailbreaks

DeepSeek AI guardrails ineffective

•

by Eduard Kovacs / 1d

Different research teams have demonstrated jailbreaks against ChatGPT, DeepSeek, and Alibaba’s Qwen AI models. The post appeared first on SecurityWeek .

Yesterday

In Other News: Browser Syncjacking, Fake AWS Hack, Google Blocked 2M Bad Apps

9 TTPs

•

by SecurityWeek News / 1d

Noteworthy stories that might have slipped under the radar: stealing browser data via Syncjacking, hackers falsely claim AWS breach, Google prevented 2 million bad apps from reaching Google Play. The post appeared first on SecurityWeek .

Italy Blocks Access to the Chinese AI Application DeepSeek to Protect Users’ Data

DeepSeek AI faces serious controversies

•

by Associated Press / 1d

Italy’s data protection authority expressed dissatisfaction with DeepSeek’s response to its query about what personal data is collected, where it is stored and how users are notified. The post appeared first on SecurityWeek .

US, Dutch Authorities Disrupt Pakistani Hacking Shop Network

12 TTPs

•

by Ionut Arghire / 1d

•

Cybercrime websites selling hacking tools seized

US and Dutch authorities seized 39 domains to disrupt a network of hacking and fraud marketplaces operated by Saim Raza. The post appeared first on SecurityWeek .

2 Arrested in Takedown of Nulled, Cracked Hacking Forums

Valid Accounts (Enterprise T1078)

•

by Eduard Kovacs / 1d

•

Cracked and Nulled marketplaces dismantled

Two individuals have been arrested and one alleged admin has been charged in the takedown of the Nulled and Cracked cybercrime forums. The post appeared first on SecurityWeek .

New York Blood Bank Hit by Ransomware

2 TTPs

•

by Ionut Arghire / 1d

•

NY Blood Center hit by ransomware

New York Blood Center Enterprises and its operating divisions have taken systems offline to contain a ransomware attack. The post appeared first on SecurityWeek .

CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors

2 TTPs

•

by Ionut Arghire / 1d

•

CVE-2025-0626

CISA and FDA say Contec patient monitors used in the US contain a backdoor function that could allow remote attackers to tamper with the device. The post appeared first on SecurityWeek .

Jan 30, 2025

NorthBay Health Data Breach Impacts 569,000 Individuals

3 TTPs

•

by Ionut Arghire / 1d

NorthBay Health says hackers stole the personal information of 569,000 individuals in a 2024 ransomware attack. The post appeared first on SecurityWeek .

Clutch Security Raises $20 Million for Non-Human Identity Protection Platform

Clutch Security raises 20M for identity

•

by Ionut Arghire / 1d

Clutch Security has raised $20 million in a Series A funding round led by SignalFire to secure non-human identities. The post appeared first on SecurityWeek .

Trump Administration Faces Security Balancing Act in Borderless Cyber Landscape

by Marc Solomon / 1d

What challenges will the new administration face and what might President Trump’s record on cybersecurity indicate about the likely approach in 2025 and beyond? The post appeared first on SecurityWeek .

Justice Department Sues to Block $14 Billion Juniper Buyout by Hewlett Packard Enterprise

DOJ blocks HPE Juniper acquisition

•

by Associated Press / 2d

The lawsuit said that the combination of businesses would eliminate competition, raise prices and reduce innovation. The post appeared first on SecurityWeek .

VMware Patches High-Risk Flaws in Oft-Targeted Aria Operations Products

2 TTPs

•

by Ryan Naraine / 2d

•

CVE-2025-22217 & 5 others

VMWare calls attention to patches for multiple 'high-risk' security defects in its Aria Operations and Aria Operations for Logs products. The post appeared first on SecurityWeek .

Conifers.ai Scores $25M Investment for Agentic AI SOC Technology

Conifers.ai raises 25M funding

•

by SecurityWeek News / 2d

Backed by SYN Ventures, Conifers.ai plans to use “agentic AI” technology to tackle complex security operations center (SOC) problems. The post appeared first on SecurityWeek .

Taming Shadow AI: Valence Security, Endor Labs Unveil New Protections to Counter Hidden AI Threats

Endor Labs launches AI Model Discovery

•

by Kevin Townsend / 2d

Valence Security and Endor Labs have introduced extensions to their existing platforms specifically to tackle the invisibility and wrongful use of Shadow AI. The post Taming Shadow AI: Valence Security, Endor Labs Unveil New Protections to Counter Hidden AI Threats appeared first on SecurityWeek .

Backline Emerges From Stealth With $9M in Funding for Vulnerability Remediation Platform

Backline secures 9M seed funding

•

by Eduard Kovacs / 2d

Backline has emerged from stealth mode with an autonomous security remediation platform and $9 million in seed funding. The post appeared first on SecurityWeek .

Cyber Insights 2025: Cyberinsurance – The Debate Continues

by Kevin Townsend / 2d

Better risk management could lead to reduced premiums on top of value for money, making cyberinsurance a silent driver for improved cybersecurity. The post appeared first on SecurityWeek .

Seraphic Attracts $29M Investment to Chase Enterprise Browser Business

Seraphic Security raises 29M Series A

•

by Ryan Naraine / 2d

Seraphic Security banks $29 million investment as VCs remain bullish on startups with security-themed browsers for corporate defenders. The post appeared first on SecurityWeek .

US Cyber Agency’s Future Role in Elections Remains Murky Under the Trump Administration

CISA's future in election security uncertain

•

by Associated Press / 2d

President Donald Trump has yet to name anyone to lead the U.S. Cybersecurity and Infrastructure Security. The post appeared first on SecurityWeek .

TeamViewer Patches High-Severity Vulnerability in Windows Applications

4 TTPs

•

by Ionut Arghire / 2d

•

CVE-2025-0065

TeamViewer has released patches for a high-severity elevation of privilege vulnerability in its client and host applications for Windows. The post appeared first on SecurityWeek .

Nulled, Other Cybercrime Websites Seized by Law Enforcement

Cracked and Nulled marketplaces dismantled

•

by Eduard Kovacs / 2d

Several cybercrime websites have been seized in a law enforcement operation, including Nulled, Cracked, Sellix, and StarkRDP. The post appeared first on SecurityWeek .

Frederick Health Hit by Ransomware Attack

Frederick Health suffers ransomware attack

•

by Ionut Arghire / 2d

Maryland healthcare provider Frederick Health has taken some of its systems offline in response to a ransomware attack. The post appeared first on SecurityWeek .

152,000 Impacted by Data Breach at Berman & Rabin

4 TTPs

•

by Ionut Arghire / 2d

•

Berman & Rabin data breach affects 152K

Law firm Berman & Rabin says 152,000 people are impacted by a data breach resulting from a July 2024 ransomware attack. The post appeared first on SecurityWeek .

Tenable to Acquire Vulcan Cyber for $150 Million

Tenable acquires Vulcan Cyber for $180M

•

by Eduard Kovacs / 2d

Tenable plans to acquire exposure management company Vulcan Cyber for roughly $150 million in cash and stock. The post appeared first on SecurityWeek .

Jan 29, 2025

New Zyxel Zero-Day Under Attack, No Patch Available

4 TTPs

•

by Ryan Naraine / 3d

GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post appeared first on SecurityWeek .

Oligo Raises $50M to Tackle Application Detection and Response

Oligo Security raises 50M Series B

•

by Ionut Arghire / 3d

Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform. The post appeared first on SecurityWeek .

New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones

Collection (Enterprise TA0009)

•

by Eduard Kovacs / 3d

•

New CPU attacks expose Apple data

New CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Apple mobile and desktop devices. The post appeared first on SecurityWeek .

Aquabot Botnet Targeting Vulnerable Mitel Phones

6 TTPs

•

by Ionut Arghire / 3d

The Mirai-based Aquabot botnet has been targeting a vulnerability in Mitel SIP phones for which a proof-of-concept (PoC) exploit exists. The post appeared first on SecurityWeek .

Smiths Group Scrambling to Restore Systems Following Cyberattack

Smiths Group faces cyber security breach

•

by Ionut Arghire / 3d

Engineering firm Smiths Group has disclosed a cyberattack that forced it to take some systems offline and activate business continuity plans. The post appeared first on SecurityWeek .

Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products

5 TTPs

•

by Eduard Kovacs / 3d

Rockwell Automation has released six new security advisories to inform customers about several critical and high-severity vulnerabilities. The post appeared first on SecurityWeek .

Cyber Insights 2025: Artificial Intelligence

by Kevin Townsend / 3d

Artificial intelligence is upending cybersecurity. It is used by adversaries in their attacks, and by defenders in their defense. The post appeared first on SecurityWeek .

SimpleHelp Remote Access Software Exploited in Attacks

4 TTPs

•

by Ionut Arghire / 3d

Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities. The post appeared first on SecurityWeek .

Jan 28, 2025

Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform

Frenos secures 3.88M seed funding

•

by Eduard Kovacs / 3d

Frenos, a company that has developed an autonomous OT security assessment platform, has raised $3.88 million in seed funding. The post appeared first on SecurityWeek .

VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer

CVE-2025-22217

•

by Ryan Naraine / 4d

VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access. The post appeared first on SecurityWeek .

Eclypsium Eyes Global Expansion with $45 Million Series C Investment

Eclypsium raises 45M for security

•

by SecurityWeek News / 4d

The investment includes equity and debt from new investors Qualcomm Ventures, Pavilion Capital, Singtel Innov8, and Sixty Degree Capital. The post appeared first on SecurityWeek .

Hackers Drain Over $85 Million From Crypto Exchange Phemex

by Ionut Arghire / 4d

Hackers stole more than $85 million in crypto assets from hot wallets at cryptocurrency exchange Phemex. The post appeared first on SecurityWeek .

NinjaOne to Acquire Dropsuite for $252 Million

NinjaOne acquires Dropsuite for $420M

•

by Eduard Kovacs / 4d

Endpoint management and security firm NinjaOne to acquire cloud data backup, archiving, and recovery solutions provider Dropsuite for $252 million. The post appeared first on SecurityWeek .

European Union Sanctions Russian Nationals for Hacking Estonia

EU sanctions GRU members for cyberattacks

•

by Ionut Arghire / 4d

The European Union has added three Russian nationals to its sanctions list for their involvement in cyberattacks against Estonia. The post appeared first on SecurityWeek .

DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge

7 TTPs

•

by Eduard Kovacs / 4d

•

DeepSeek challenges ChatGPT dominance

China’s DeepSeek blamed sign-up disruptions on a cyberattack as researchers started finding vulnerabilities in the R1 AI model. The post appeared first on SecurityWeek .

ENGlobal Says Personal Information Accessed in Ransomware Attack

by Ionut Arghire / 4d

ENGlobal has informed the SEC that personal information was compromised in a November 2024 ransomware attack. The post appeared first on SecurityWeek .

SonicWall Confirms Exploitation of New SMA Zero-Day

3 TTPs

•

by Eduard Kovacs / 4d

•

CVE-2025-23006

SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild. The post appeared first on SecurityWeek .

Apple Patches First Exploited iOS Zero-Day of 2025

CVE-2025-24085

•

by Ionut Arghire / 4d

Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks. The post appeared first on SecurityWeek .

Jan 27, 2025

TalkTalk Confirms Data Breach, Downplays Impact

2 TTPs

•

by Ionut Arghire / 5d

•

TalkTalk investigates potential data breach

UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it. The post appeared first on SecurityWeek .

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity

Over 100 vulnerabilities in LTE 5G

•

by Ionut Arghire / 5d

Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities. The post appeared first on SecurityWeek .

Cyber Insights 2025: Cybersecurity Regulatory Mayhem

by Kevin Townsend / 5d

Cybersecurity regulations are facing a tipping point. There are too many and they are too complex to manage – and it’s getting worse. The post appeared first on SecurityWeek .

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

by Kevin Townsend / 5d

Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool. The post appeared first on SecurityWeek .

Building Automation Protocols Increasingly Targeted in OT Attacks: Report

2 TTPs

•

by Eduard Kovacs / 5d

Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted. The post appeared first on SecurityWeek .

Git Vulnerabilities Led to Credentials Exposure

4 TTPs

•

by Eduard Kovacs / 5d

Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials. The post appeared first on SecurityWeek .

Change Healthcare Data Breach Impact Grows to 190 Million Individuals

4 TTPs

•

by Eduard Kovacs / 5d

•

UnitedHealth reports 190M affected

The impact of the Change Healthcare ransomware-caused data breach has increased from 100 million to 190 million individuals. The post appeared first on SecurityWeek .