Welcome reader to your CybersecurityHQ report

Brought to you by:

👉 Cypago - Cyber governance, risk management, and continuous control monitoring in a single platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

#OpenToWork? Try our AI Resume Builder to boost your chances of getting hired!

It's been just over a year since I launched this community, and thanks to your incredible support, we're approaching 3 million email opens and more than 70K weekly readers, a significant milestone in such a fiercely competitive landscape. I want to express my heartfelt appreciation for every one of you.

As our community grows, I'm always looking for ways to offer more value to you. With that in mind, I'd love to know if you'd be interested in supporting the development of a SaaS tool that would turn your saved information into a powerful, interactive resource. Unlike traditional knowledge management systems that only store data, this platform will help you actively engage with your content.

It will summarize articles, allow you to ask questions, and receive answers based on your stored knowledge. It will automatically organize information from News Articles, PDFs, YouTube videos, Podcasts, and Blog Posts to strengthen your learning. Through regular review cycles, the tool will help reinforce key concepts over time. The intelligent connections between related ideas will bring fresh perspectives and uncover insights you might have missed.

The platform will also feature robust security to protect your data. I'm planning to launch a crowdfunding campaign to pre-sell and develop the tool over the next six months, with lifetime access for backers. The cost will likely be around $199, though I'm still finalizing the details. Your support would make this a community-driven project. Let me know below. 👇

—

Weekly Headlines

🎧 Listen to this newsletter on our AI-powered podcast

CISA Suspensions Spark Election Security Concerns

It might be February, but news around election security is back in the headlines. Seventeen employees from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have been placed on administrative leave, raising concerns among state and local election offices.

The suspended staffers include 10 regional election security specialists hired to strengthen election security ahead of the 2024 cycle. They had helped election officials address cybersecurity threats, protect election workers, and improve physical security measures. Their suspension follows an internal review of CISA’s efforts to combat foreign interference and disinformation. Although these duties were generally overseen by different teams, all those placed on leave previously worked at the state or local level, fostering relationships with thousands of election jurisdictions.

Officials from both parties, including Kentucky Secretary of State Michael Adams (R) and Michigan Secretary of State Jocelyn Benson (D), have praised CISA’s assistance, noting its value to local clerks. Newly sworn-in Homeland Security Secretary Kristi Noem, however, criticized CISA during her confirmation hearing, arguing it has strayed from its core mission and suggesting possible reforms.

The agency, which has lacked a permanent director since Jen Easterly’s departure, now faces intensified scrutiny from former President Donald Trump’s administration over its role in countering misinformation during the 2020 election and the pandemic. Meanwhile, state associations are seeking clarification on staffing changes, reflecting uncertainty over CISA’s election security operations.

US Indicts Russian Nationals Over Ransomware

The United States Department of Justice has indicted two Russian nationals, 33-year-old Roman Berezhnoy and 39-year-old Egor Nikolaevich Glebov, for their alleged involvement in over a thousand cyberattacks linked to the Phobos ransomware strain. These individuals, reportedly operating under the “8Base” and “Affiliate 2803” platforms, were apprehended separately in Phuket, Thailand. They now face 11 charges, including conspiracy to commit wire fraud, intentional damage to protected computers, and extortion-related offenses.

According to the Justice Department, Berezhnoy and Glebov hacked into victim networks, stealing data and encrypting it using Phobos. They then demanded ransom payments in exchange for decryption keys, threatening to release or expose the stolen files if victims refused to pay. If convicted, the defendants could be sentenced to up to 20 years for wire fraud-related crimes and 10 years for computer damage offenses.

Meanwhile, Europol revealed it dismantled 27 servers associated with 8Base, effectively shutting down the group’s infrastructure. This takedown follows another major arrest of a Phobos affiliate in Italy in 2023, which enabled authorities to infiltrate the ransomware operation and warn over 400 companies of imminent attacks. Although these arrests have disrupted Phobos, the overall impact on its continued operations remains uncertain. Law enforcement remains vigilant.

Musk’s Government Data Access Sparks Controversy

Elon Musk’s new access to government data is getting heat, and the unfolding debate is sure to be a centerpoint of cybersecurity discussion in 2025.

Last week, a coalition of 12 state attorneys general condemned the U.S. Department of the Treasury’s decision to grant Musk and his Department of Government Efficiency (DOGE) access to sensitive financial data. The granted access allegedly includes Americans’ personal identifiable information (PII), state bank account data, and federal payment records.

Attorney General William Tong, joined by officials from California, New York, Arizona, and other states, labeled the move “unlawful, unprecedented, and unacceptable.” They claim DOGE staffers sought the information to block essential payments supporting healthcare, childcare, and federal aid programs.

In response, the attorneys general plan to file a lawsuit against the Trump administration, arguing that the President lacks the authority to unilaterally grant access to private financial data. This case is shaping up to be a major legal battle over data privacy and government overreach.

Meanwhile, major write-ups in places like Foreign Affairs mull over the risks involved.

Paragon Spyware Targets More Individuals

The Paragon story continues to develop with more people coming out of the wood work. Beppe Caccia, co-founder of the Italian NGO Mediterranea Saving Humans, disclosed that he was targeted on WhatsApp, following a similar revelation by his colleague Luca Casarini. Last week, Casarini received an alert from WhatsApp about the suspected spyware attack and has since filed a complaint with the Prosecutor’s Office in Palermo, seeking to uncover who was behind the surveillance.

Caccia joins three others who previously reported receiving WhatsApp’s notification: journalist Francesco Cancellato, Libyan activist Husam El Gomati, and Casarini. WhatsApp initially disclosed the campaign on January 31, revealing that around 90 individuals had been targeted, but neither WhatsApp nor Paragon has named the government responsible.

The Italian government denied any involvement, asserting that its intelligence services did not spy on legally protected individuals like journalists. Meta informed Italian officials that victims were also identified in multiple European countries, though most governments declined to comment.

Additionally, David Yambio, an activist from Refugees in Libya, reported being targeted in a separate attack, notified by Apple about "mercenary spyware" in November. Whether his case is linked to Paragon’s campaign remains unclear.

Upgrade your subscription for exclusive access to member-only insights and services

Upgrade to paid

Apple Urges Immediate Update for Vulnerability

Apple has issued an urgent warning for iPhone and iPad users to update their devices immediately after uncovering a serious security vulnerability that could allow hackers to take full control of affected devices. The vulnerability, described as part of an "extremely sophisticated attack," enables cybercriminals to gain full admin access, potentially allowing them to run malicious software under the device owner's identity.

The affected devices include iPhone XS and later, as well as several iPad models, including iPad Pro, iPad Air (3rd generation and later), and iPad mini (5th generation and later). Apple has released emergency updates—iOS 18.3.1 and iPadOS 18.3.1—to patch the security flaw.

A key concern is a potential bypass of USB Restricted Mode, a security feature introduced in iOS 11.4.1 to prevent unauthorized access via USB connections. This feature was originally designed to counter tools like "GrayKey," a device developed by Grayshift, which law enforcement and hackers have used to unlock iPhones.

While Apple has not confirmed whether the vulnerability has been actively exploited on a large scale, users are strongly advised to update their devices immediately to prevent potential cyberattacks. The company has not provided further details beyond its security advisory.

A major Ukrainian cyberattack on Russia’s energy infrastructure has caused billions of rubles in damages. In an operation called Gazstroyprom, a cyber team put together by the Armed Forces and Defense Intelligence attacked 22 subsidiary companies of Gazprom, a mostly state-owned Russian energy enterprise.

Apparently, the team used an insider to gain access to servers. That allowed the cyberattack to destroy 2 petabytes of documentation, disable 120 physical hypervisor servers, and shut down 10,000 computers.

Alabama Man Pleads Guilty in SEC Hack

Eric Council Jr., a 25-year-old Alabama resident, pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud after hacking the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. Using a SIM-swapping attack, Council transferred a phone number linked to the @SEC account onto his own device, allowing him to receive recovery codes. He was assisted by unnamed co-conspirators who obtained personal information from an account holder. Council also used a fake ID to convince AT&T to give him control of the phone number.

Once inside the SEC’s account, Council’s co-conspirators posted a fake message attributed to then-SEC Chairman Gary Gensler, falsely claiming the approval of Bitcoin Exchange Traded Funds (ETFs). The announcement briefly caused Bitcoin’s value to surge by over $1,000. Council was paid in Bitcoin for his role in the scheme.

Investigators later discovered incriminating online searches on Council’s device, including queries about law enforcement investigations. He now faces a maximum sentence of five years in prison, with sentencing scheduled for May 16, 2025. The case highlights the ongoing risks posed by SIM-swapping attacks and the vulnerabilities of high-profile social media accounts.

Cyberattack Exposes Data of 883,000

Hospital Sisters Health System (HSHS) confirmed that a crippling cyberattack in August 2023 compromised the personal data of 883,000 individuals. The breach disrupted hospital operations across all 15 HSHS hospitals in Wisconsin and Illinois, affecting internal communications, medical applications, and online services for several days.

Investigations revealed that hackers had access to HSHS’s network between August 16 and August 27, 2023, exposing names, addresses, Social Security numbers, medical record numbers, treatment details, and insurance information. Patients later reported fraud schemes impersonating HSHS representatives, adding to concerns about identity theft.

HSHS has since notified affected individuals and is offering free identity theft protection and credit monitoring. The full impact of the breach was only disclosed this week to the Maine Attorney General’s Office.

Check Point and Wiz Partner

Israel-based Check Point Software Technologies and cybersecurity leader Wiz have announced a strategic partnership aimed at addressing the growing challenges businesses face in securing their hybrid cloud networks and applications. As part of the collaboration, Check Point’s cloud network security tools will be integrated into Wiz’s platform, which is specifically designed to secure cloud-based applications for developers.

Check Point CEO Nadav Zafrir emphasized that the partnership aims to create a new security paradigm, providing comprehensive protection across hybrid environments and enabling businesses to manage risk with greater control. The collaboration comes at a time when digital transformation and the rise of hybrid work have introduced new security risks, including sophisticated ransomware and data breaches.

Wiz CEO Assaf Rappaport highlighted that the goal is to seamlessly protect cloud environments with an integrated, industry-leading solution. The partnership will help security teams more effectively identify unsecured applications, automatically prevent cloud-based attacks, and neutralize threats in real-time. Additionally, Check Point’s Cloud Native Application Protection (CNAPP) customers will be assisted in migrating to Wiz’s platform.

Wiz, founded in 2020, recently acquired cybersecurity startup Dazz to further enhance its cloud security offering, signaling strong growth in the cloud security space.

Interesting Read

Microsoft’s AI Red Team (AIRT) has shared key insights from testing over 100 generative AI products, uncovering vulnerabilities and security risks in AI models (read the full PDF here). The report outlines eight major lessons, and they’re all worth chewing on.

It includes insights like the importance of understanding system capabilities, leveraging automation for large-scale testing, and recognizing the crucial role of human judgment. The team highlights how AI models can be manipulated through simple prompt engineering rather than complex adversarial attacks, and how AI systems amplify existing security risks while introducing new ones.

The report uses case studies to show specific risks. These include AI-generated scams, gender bias in text-to-image models, and vulnerabilities that allow AI chatbots to bypass safety mechanisms. One striking example details how a vision-language model could be jailbroken using embedded text in images.

If you don’t want to read the whole report, you can check out a post on the three big takeaways on the Microsoft blog.

Weekly Inspired Arora Opinion & Analysis

This weekly column has been created based on a deep analysis of how Nikesh Arora, CEO of Palo Alto Networks, strategizes in the cybersecurity space, drawing inspiration from his leadership style, forward-thinking approach, and innovative insights. While not an exact representation, the column embodies key elements of his strategic mindset and vision for the future of cybersecurity.

-

This week’s cybersecurity landscape presents two particularly pressing developments: the CISA suspensions and Elon Musk’s access to government financial data. Both issues raise fundamental questions about security, oversight, and the future of digital trust.

The suspension of 17 CISA employees, including 10 election security specialists, is an alarming move at a time when election integrity should be reinforced, not weakened. These specialists were embedded in state and local election offices, ensuring critical infrastructure resilience. The lack of clear justification behind their removal suggests a deeper politicization of cybersecurity—something we simply cannot afford. Cyber threats to elections are no longer theoretical; they are an active battleground for nation-states and criminal organizations. Undermining the very agency tasked with protecting elections is shortsighted and dangerous. This move leaves thousands of election jurisdictions scrambling for support just as threat actors ramp up their efforts. The message is clear: cybersecurity is now a political football, and that should concern everyone.

Musk’s access to government financial data presents another set of risks. Centralizing access to sensitive personal and institutional financial records under a private entity raises severe oversight concerns. The Treasury Department’s decision, met with bipartisan backlash, exposes the tension between innovation and control. While Musk’s efficiency-driven approach has yielded breakthroughs in multiple industries, financial oversight is not something that benefits from disruption without clear regulatory guardrails. If data privacy is compromised, the repercussions will be profound, setting a precedent that could allow private interests to shape national security decisions.

These two developments highlight the critical need for vigilance. If we don’t demand transparency and accountability now, we risk setting dangerous precedents that will shape cybersecurity for years to come.

Until next week,

Arora Avatar

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team