Cybercrime Threatens National Security, Google Threat Intel Team Says
Google’s Threat Intelligence Group (GTIG) has declared that cybercrime should no longer be considered a separate threat from state-backed cyberattacks, as the personnel, tools, and effects of both often overlap. With cybercriminals and state-backed actors increasingly collaborating, the distinction is becoming irrelevant. For example, Russia’s APT44 group has used cybercrime tools for espionage, while North Korea has leveraged financially motivated cybercrime to fund its regime. GTIG argues that financial cybercrime poses a national security threat and requires international cooperation to address. The group recommends that governments prioritize intelligence gathering, enhance law enforcement, and disrupt cybercriminal infrastructure, including malware developers and financial intermediaries. Moreover, GTIG advocates for empowering individuals and businesses with stronger cybersecurity practices.
Read more at Google’s official blog.
Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day
Microsoft’s Patch Tuesday updates addressed over 50 vulnerabilities, including critical zero-day flaws in Windows. A privilege escalation bug (CVE-2025-21391) could allow attackers to delete files, and the critical CVE-2025-21418 flaw in Windows Ancillary Function Driver could give attackers SYSTEM privileges. Microsoft urged users to prioritize these fixes, along with addressing a “wormable” vulnerability (CVE-2025-21376) affecting Windows LDAP servers. Additional patches were rolled out for Microsoft Excel, addressing a remote code execution flaw (CVE-2025-21387) that can be exploited via the Preview Pane. Users are advised to act swiftly to mitigate the risks of these vulnerabilities.
Learn more on Microsoft's security updates.
Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks
Adobe released patches for 45 vulnerabilities across various products, warning that they could expose users to remote code execution (RCE). Critical flaws in Adobe Commerce, InDesign, Illustrator, and Photoshop were among those addressed. These vulnerabilities could allow arbitrary code execution or privilege escalation, posing significant risks for users. Adobe urges users to apply these fixes via Creative Cloud or their respective update mechanisms. While no in-the-wild exploitation has been reported, the patches are critical to maintaining security across Adobe’s widely used suite.
More details on Adobe’s security patches.
Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia
The U.S., U.K., and Australia have sanctioned Zservers, a Russian web-hosting provider that supports the LockBit ransomware syndicate. Zservers allegedly provided LockBit with servers designed to evade law enforcement actions. LockBit has extorted over $120 million from thousands of global victims. These sanctions reflect a broader international effort to combat ransomware and dismantle the criminal networks behind it. LockBit has been linked to numerous high-profile attacks, including against Boeing and the Royal Mail.
Learn more from the U.S. Treasury Department.
High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks
Apple discovered a high-severity vulnerability in OpenSSL that could allow Man-in-the-Middle (MitM) attacks. Tracked as CVE-2024-12797, it affects clients using raw public keys (RPKs) for server authentication. If the handshake fails, affected clients may not notice the authentication failure, enabling MitM attacks. OpenSSL has patched the flaw in versions 3.2.4, 3.3.2, and 3.4.1. The vulnerability could impact TLS and DTLS connections, so users are urged to update their systems.
More details on OpenSSL's security advisory.
SAP Releases 21 Security Patches
SAP has released 21 security patches, including six high-priority fixes for critical vulnerabilities in NetWeaver, BusinessObjects, and HANA. The most severe flaw (CVE-2025-0064) allows attackers to impersonate users in BusinessObjects. Other vulnerabilities affect SAP’s Supplier Relationship Management, Approuter, and Enterprise Project Connection products. SAP encourages customers to apply these patches promptly to mitigate risks of exploitation, especially as attackers often target SAP systems.
Learn more from SAP’s security updates.
Authorities Disrupt 8Base Ransomware, Arrest Four Russian Operators
Europol announced the takedown of the 8Base ransomware group, with four Russian operatives arrested. The operation targeted 27 servers, disrupting the gang's infrastructure, which used the Phobos ransomware. 8Base, a ransomware-as-a-service operation, has been active since 2022 and extorted millions from victims worldwide. This international law enforcement action involved 14 countries and is seen as a significant step in disrupting the ransomware ecosystem.
More details on Europol’s press release.
Intel Patched 374 Vulnerabilities in 2024
Intel resolved 374 vulnerabilities in 2024 across its software, firmware, and hardware products. The majority of these flaws were in software, with 81 in firmware and 21 in hardware. The company has been proactive in addressing vulnerabilities, resolving 94% of firmware bugs and 92% of software issues before exploitation. Intel also paid bug bounties for over half of these vulnerabilities, underscoring its commitment to security across its vast product ecosystem.
Read Intel's full security report.
Cyberattack on Lee Enterprises Causes Disruptions at Dozens of Newspapers
Lee Enterprises, the publisher of over 350 U.S. newspapers, suffered a cyberattack on February 3, leading to widespread operational disruptions. The attack impacted printed newspapers, subscription services, and internal systems, although it has not been confirmed as ransomware. Lee is investigating the incident and working to restore its systems while assessing whether any data was compromised.
Read more about Lee Enterprises' cyberattack.
Alabama Man Pleads Guilty to Hacking SEC’s X Account
Eric Council Jr., from Alabama, has pleaded guilty to hacking the U.S. Securities and Exchange Commission’s X (formerly Twitter) account in January 2024. The hack temporarily inflated Bitcoin’s value after a fraudulent post claimed SEC approval for Bitcoin ETFs. Council used a SIM swapping attack to gain access to the account, earning cryptocurrency in exchange for his actions. He faces up to five years in prison.
Read more at the SEC’s official statement.
US Cyber Agency Puts Election Security Staffers Who Worked With the States on Leave
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed 17 election security staffers on administrative leave amid a review of their roles. These specialists, who provided support to state and local election offices, have been instrumental in strengthening defenses against cyber and physical threats. The internal review follows political criticism and could affect CISA’s ability to aid in securing the 2024 elections.
Learn more from CISA’s statement.
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials
OpenAI has investigated claims of a breach after a hacker offered to sell credentials for 20 million accounts. However, OpenAI found no evidence linking the data to a breach of its systems. Security firm Kela identified the credentials as likely being harvested through malware, not from OpenAI itself. The hacker’s post offering the data has since been deleted.
Read more about OpenAI's investigation.
US Cyber Agency Puts Election Security Staffers Who Worked With the States on Leave
Seventeen staff members of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), responsible for election security, have been placed on administrative leave as part of an internal review. These employees were key in assisting state and local election officials with cybersecurity assessments and training, particularly ahead of the 2024 elections. The move comes amid political criticism and concerns about CISA’s role in managing misinformation. Despite this, state election officials have praised CISA’s efforts. The agency remains committed to continuing its support, but the leave raises questions about its future involvement.
Learn more at CISA's official website.
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials
A hacker claimed to have obtained 20 million OpenAI credentials and offered them for sale on BreachForums. However, OpenAI has found no evidence that the breach originated from its own systems. A threat intelligence firm, Kela, conducted an analysis and traced the credentials back to information-stealing malware. The hacker’s post has been deleted, and it appears the credentials were sourced from a broader dataset compiled through malware rather than OpenAI’s platform. OpenAI is monitoring the situation but reassures users that there is no breach on their end.