February 07 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

Microsoft, ViewState Injection, ASP.NET, Malicious Models, Hugging Face, Pickle Vulnerabilities, Qwen AI, Critical Edge Update, SimpleHelp Vulnerabilities, Ransomware Campaign, Jupiter Exchange, Fake $MEOW Tokens, Taliban Databases, Classified Files, Thermomix, Data Breach, Hikari Seiko Co, Japan, St. Clair Orthopaedics, BianLian Group, U.S. Lawmakers, DeepSeek AI, Federal Devices, NSA, Ghidra 11.3, Enhanced Debugging, Gravy Analytics, Data Breach, Mobile Phone Locations, International Crackdown, Online Child Exploitation Network, Europol.

Listen to the full podcast

🚨 Cyber Alerts

1. Microsoft Warns of ViewState Code Injection

Microsoft has issued a warning about the growing threat of ViewState code injection attacks that exploit exposed ASP.NET machine keys. These keys, often found in online repositories and code documentation, are designed to protect ViewState data but can be misused by attackers to craft malicious payloads. Once attackers gain access to these keys, they can initiate remote code execution (RCE) on targeted servers, deploying harmful payloads like the Godzilla framework.

2. Malicious Models Discovered on Hugging Face

Researchers from ReversingLabs recently uncovered malicious machine learning models on the Hugging Face platform that exploit vulnerabilities in the Pickle file serialization format. This discovery highlights significant security concerns, as Pickle allows arbitrary code execution during deserialization, making it an attractive target for attackers. Malicious payloads were embedded within PyTorch models stored as compressed Pickle files, which allowed the code to execute before security measures could detect it.

3. Hackers Exploit DeepSeek and Qwen AI Models

Hackers have started leveraging the advanced language capabilities of DeepSeek and Qwen AI models to generate sophisticated malware. These newer AI models, unlike established models like ChatGPT, offer fewer restrictions, making them attractive to low-skilled attackers who exploit existing scripts for malicious activities. Security experts have noted that hackers use techniques like jailbreaking prompts to bypass AI model restrictions, enabling them to produce harmful content such as infostealers and scripts that can evade banking fraud protections.

4. Microsoft Edge Critical Update Released

Microsoft has released a critical security update for its Edge browser, addressing four remote code execution vulnerabilities. These flaws, identified as CVE-2025–21342, CVE-2025–21408, CVE-2025–21283, and CVE-2025–21279, can be triggered when users click on specially crafted malicious links. While Microsoft has assessed the likelihood of exploitation as low, it is highly recommended that users update to the latest version immediately to mitigate potential risks.

5. Hackers Exploit SimpleHelp Flaws for Ransom

Threat actors have been leveraging recently discovered vulnerabilities in SimpleHelp’s Remote Monitoring and Management (RMM) software to gain unauthorized access to networks, likely as a precursor to ransomware attacks. The vulnerabilities (CVE-2024–57726, CVE-2024–57727, and CVE-2024–57728) allow for privilege escalation and remote code execution, making them valuable to attackers. After exploiting these flaws, the attackers performed reconnaissance, created new administrator accounts, and set up persistence mechanisms, positioning themselves for further malicious activities.

💥 Cyber Incidents

6. Jupiter Exchange Targeted by Scam Token Hack

Jupiter exchange’s X account was hacked on February 6, 2025, and used to promote fraudulent tokens, notably the memecoin $MEOW, which briefly surged in market value before being drained. The hacker also promoted another token, “DCOIN,” escalating the panic, which led to a 12% drop in Jupiter’s JUP token price. The attack triggered a significant spike in trading activity, with JUP/BTC and JUP/ETH volumes rising by 300%. While the attack impacted Jupiter’s ecosystem, causing further market uncertainty, Jupiter quickly regained control of its account and reassured users that there was no breach of customer data or funds.

7. Taliban Data Breach Leaks Sensitive Files

A group of hackers has breached the Taliban’s databases, leaking sensitive documents from 21 government ministries and agencies. These documents, published on the website Talibleaks, reportedly include classified materials from key ministries such as finance, justice, and foreign affairs. The Taliban has confirmed the leak, attributing it to inadequate security on individual computers, though they assert their central database remains secure.

8. Data Leak Exposes Thermomix Users on Darknet

A major data breach at Vorwerk, the maker of Thermomix, compromised personal data of three million users. The data, including email addresses, phone numbers, and cooking skills, was stolen from the company’s Rezeptwelt forum and is now being sold on the Darknet. Affected users are advised to remain cautious of phishing attempts, although no passwords were included in the leak. Vorwerk has since contained the breach, but the specific method of attack remains unclear, with security experts suggesting a third-party system was involved.

9. Hikari Seiko Hit by Ransomware Attack

Hikari Seiko Co., Ltd. in Japan fell victim to a ransomware attack on January 19, 2025. The company swiftly responded by isolating compromised servers and shutting down networks to prevent further damage, ensuring that production activities were unaffected. Investigations are still ongoing to determine whether any data was leaked, and authorities have been informed as the company works with security experts to address the situation.

10. St. Clair Orthopaedics Hit by Data Breach

St. Clair Orthopaedics and Sports Medicine (SCOSM) experienced a data breach in November 2024 when suspicious network activity was detected. On November 24, the clinic discovered unauthorized access to its systems and initiated an investigation. By December 9, 2024, the investigation revealed that the breach affected locations containing patient information, including sensitive health data. The investigation was completed on December 20, and a comprehensive review of the impacted files was conducted, which concluded on January 29, 2025. The review confirmed that a significant amount of patient data had been compromised.

📢 Cyber News

11. U.S. Lawmakers Propose Ban on DeepSeek App

A bipartisan duo in the U.S. House introduced the “No DeepSeek on Government Devices Act,” which seeks to ban the use of the Chinese AI app DeepSeek on federal devices. Reps. Josh Gottheimer and Darin LaHood argue that DeepSeek poses a risk to national security, citing concerns about surveillance and misinformation from the Chinese government. The proposal comes after the company’s AI model gained attention for its competitive performance, sparking debate over the growing competition between the U.S. and China in the AI sector.

12. US Treasury Blocks DOGE Access Amid Lawsuit

The U.S. Treasury Department has temporarily agreed to restrict access to its payment systems amid a privacy lawsuit. The lawsuit, filed by federal employee unions and retirees, alleges that the Treasury violated privacy laws by giving Elon Musk’s Department of Government Efficiency (DOGE) access to sensitive government records. The temporary agreement ensures that no further DOGE-affiliated individuals can access these records as the legal proceedings continue.

13. Ghidra 11.3 Released with Enhanced Features

The NSA has launched Ghidra 11.3, an open-source software reverse engineering framework designed to help cybersecurity professionals analyze code across multiple platforms. The latest version brings enhanced debugging capabilities, including macOS and Windows kernel debugging, and introduces faster emulation performance through a new Just-in-Time p-code emulator. Additionally, Ghidra 11.3 offers expanded functionality with features like offline string translation, improved processor support, and seamless integration with Visual Studio Code for modern development workflows.

14. Gravy Analytics Sued Over Data Breach

Gravy Analytics is facing a new lawsuit for allegedly mishandling the personal data of millions. The lawsuit claims that the company failed to secure location data, including coordinates from popular apps like Tinder, Grindr, and MyFitnessPal, which were harvested from users. This breach follows a previous incident in January 2025, when Gravy confirmed that hackers had stolen 17 TB of sensitive data from its AWS S3 storage.

15. Arrests Target Online Child Exploitation

A global law enforcement operation has led to the arrest of two suspected leaders of “CVLT,” a neo-Nazi-affiliated group within the international “The Com” network. The group is accused of coercing minors into self-harm, exploitation, and producing abuse material. Investigations reveal that vulnerable children were manipulated and subjected to extreme abuse, including forced suicide attempts, with efforts from Europol, Homeland Security, and others continuing to dismantle these online extremist groups.