Welcome reader to your CybersecurityHQ report

Brought to you by:

👉 Cypago - Cyber Governance, Risk Management, and Continuous Control Monitoring in a Single Platform

🛡️ Defendify - 13 Cybersecurity Tools and Three Layers of Protection in One Intuitive, Powerful Platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

—

#OpenToWork? Try our AI Resume Builder to boost your chances of getting hired!

—

Weekly Headlines

🎧 Listen to this newsletter on our AI-powered podcast

DeepSeek R1 Disrupts AI

It’s fair to say that the Deepseek R1 blindside was a major event this week. This Chinese AI model shook the tech industry, boasting capabilities similar to GPT-4 and Google’s Gemini at a fraction of the cost. Although rolled out to the public on January 20, the fallout is now catching up with us.

Developed by DeepSeek, a startup founded in 2023 by hedge fund manager Liang Wenfeng, the model reportedly cost just $5.6 million to power, all done while the U.S. maintained chip export restrictions to China.

The open-source model quickly gained traction, surpassing ChatGPT in app downloads. Wall Street reacted with a selloff—particularly of Nvidia stock, as its powerful chips were once thought to be a cornerstone of the AI boom.

On Tuesday, Italy’s data protection authority (the Garante) announced it was investigating how DeepSeek uses personal data. This is one of the very first regulatory actions looking into the startup, so we’ll keep a close eye on what they find.

Along a similar vein, reports emerged this week that DeepSeek AI stores U.S. user data in China, sparking national security concerns eerily similar to those that led to TikTok’s crackdown. The app, which has already surpassed 2 million downloads, collects user data such as keystroke patterns and IP addresses, all under China’s cybersecurity laws.

The U.S. Navy has warned personnel against using it, and lawmakers are calling for tighter restrictions. With Wall Street reeling and regulators closing in, DeepSeek’s rise could signal a turning point in the global AI race.

DeepSeek AI not only raises concerns over data privacy but also enforces strict censorship aligned with Chinese Communist Party (CCP) policies. The researchers at promptfoo found the model refuses to answer 85% of sensitive prompts, particularly on topics like Taiwan, the Cultural Revolution, and President Xi Jinping.

Responses often take on an overtly nationalistic tone, adhering strictly to CCP guidelines. However, promptfoo discovered these restrictions can be bypassed with simple tweaks—such as rephrasing prompts or avoiding China-specific context.

Funksec AI-Powered Ransomware Surge

Funksec is a rapidly rising ransomware group that’s disrupting the cybercrime landscape with AI-assisted malware development—the exact kind of thing cybersecurity think pieces have wrung their hands over for years. The group, responsible for 18% of December’s ransomware attacks tracaked by NCC Group, has overtaken established players like CL0P and Akira.

Researchers at Check Point believe Funksec’s founders lack technical expertise but leverage generative AI to refine their tools. The group employs a ransomware-as-a-service (RaaS) model, offering low ransom demands and selling stolen data cheaply to maximize volume over quality. Its malware, written in Rust, spreads aggressively, encrypting files using the ChaCha20 algorithm and disabling security protections.

Funksec also aligns with hacktivist causes, particularly targeting U.S. entities due to geopolitical motives. Security analysts link its members to other cybercriminal groups, including Ghost Algeria and Cyb3r Fl00d. 

UK Firms Hit by Cyberattacks

A couple of headlines out the UK this week. The first focuses on an announcement that British supermarket group Morrisons made on Wednesday. They claim the November cyber attack on Blue Yonder hurt product availability in stores. CEO Rami Baitieh said, "Our warehouse management system had to be shut down, leaving us without visibility on our fresh and produce stock levels for several days."

The attack had a meaningful impact on Christmas sales and dampened what was otherwise proving to be a great quarter.

Then to the engineering firm Smiths Group, which is managing a cybersecurity incident of their own. Tuesday’s announcement that the British firm was hit sent shares down a 2.3% tumble.

The company said it was taking steps to recover its systems and stay in full regulatory compliance.

Largest U.S. Healthcare Breach

UnitedHealth has confirmed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack—nearly double the originally reported 100 million. The breach, now the largest healthcare data breach in U.S. history, exposed patients' health insurance details, medical records, billing information, and sensitive personal data, including Social Security numbers.

The attack, carried out in February 2024 by the BlackCat (ALPHV) ransomware gang, began when hackers exploited stolen credentials to access Change Healthcare’s Citrix remote access service, which lacked multi-factor authentication. The attackers stole 6 TB of data and encrypted systems, crippling IT infrastructure and causing widespread disruption to healthcare services, including prescription processing.

UnitedHealth paid a $22 million ransom for decryption and to prevent data leaks. However, BlackCat operators scammed their affiliate, keeping the ransom, and later shut down. The attacker then partnered with RansomHub, demanding a second ransom. UnitedHealth likely paid again as stolen data leaks mysteriously vanished.

The breach has cost UnitedHealth $2.45 billion in losses as of Q3 2024. While no evidence suggests misuse of the stolen data yet, the scale of the breach raises major concerns about data security and ransom-driven extortion tactics.

Upgrade your subscription for exclusive access to member-only insights and services

Upgrade to paid

Apple Patches Zero-Day Exploit

Apple released updates for iPhone, iPad, and Mac on Monday, enabling Apple Intelligence by default for newer devices and fixing security vulnerabilities. Among the patches was a zero-day bug in Core Media that had been actively exploited on older iPhones running pre-iOS 17.2 software. The flaw, a memory corruption issue, could have allowed hackers to gain elevated access to device data. The fix extends across Apple’s product line, including Vision Pro.

This marks the first actively exploited iOS bug of 2025, with Apple having patched at least seven such vulnerabilities the previous year. Apple has not disclosed attacker details.

DHS Disbands Cyber Advisory Board

The Department of Homeland Security (DHS) has dismissed all members of its advisory committees, including the Cyber Safety Review Board (CSRB), as part of the Trump administration’s effort to cut costs and refocus DHS resources. Acting Secretary Benjamine Huffman’s Jan. 20 memo stated that committee activities would be realigned with national security priorities, allowing former members to reapply. The decision is expected to delay investigations into the Salt Typhoon cyberattacks, a Chinese-led infiltration of U.S. telecom networks that targeted high-profile political figures, including those linked to President Trump and Vice President JD Vance.

While some officials argue this is a routine transition, critics warn that restructuring could disrupt major cybersecurity investigations into foreign cyber threats, including previous Chinese hacks of Microsoft systems.

Microsoft Edge Blocks Scareware

Microsoft Edge’s new Scareware Blocker, announced at the 2024 Ignite conference, is now available for preview. This tool aims to combat rising tech support scams that trick users into believing their computers are infected. These “scareware” scams use aggressive full-screen pop-ups, fake warnings, and audio alerts to incite panic and push victims to call fraudulent support numbers.

careware Blocker adds a first line of defense by detecting suspicious full-screen pages using machine learning models that compare scam patterns to thousands of known samples. The model runs locally on users' computers without sending data to the cloud. If a potential scam is detected, Edge automatically exits full-screen mode, stops aggressive audio, and warns users with a screenshot of the page.

Interesting Read

While fans bemoan a repeat of Eagles versus Chiefs, no doubt there will be an enormous amount of people with eyes on the game. And as Pat Butler in Security Magazine reminds us, this presents a cybersecurity nightmare.

High-profile sporting events like the Big Game and the Olympics are prime targets for cyber and physical threats. For perspective, the 2024 Paris Olympics faced over 140 cyberattacks. Threat intelligence tools, including open-source intelligence (OSINT), play a crucial role in securing venues, players, and fans by monitoring social media, tracking potential bad actors, and detecting cyber threats in real-time.

Weekly Arora-Inspired Opinion & Analysis

This weekly column has been created based on a deep analysis of how Nikesh Arora, CEO of Palo Alto Networks, strategizes in the cybersecurity space, drawing inspiration from his leadership style, forward-thinking approach, and innovative insights. While not an exact representation, the column embodies key elements of his strategic mindset and vision for the future of cybersecurity.

-

This week’s cybersecurity events reinforce what I’ve been saying for a while: we are sleepwalking into a new era of digital warfare, and the U.S. is still playing catch-up. The sudden rise of DeepSeek R1 should have rattled Washington more than it has. Developed for a mere $5.6 million, this Chinese AI model is now outpacing ChatGPT in downloads. This isn’t just about competition; it’s about national security.

DeepSeek is open-source, yes, but let’s not be naive—this is a state-aligned model shaping narratives while harvesting vast amounts of U.S. user data. Storing that data in China should be setting off alarms, yet we’re seeing the same sluggish regulatory response that let TikTok become a national security headache. When will we learn?

Meanwhile, Funksec’s AI-assisted ransomware spree is proving that cybercrime no longer requires elite hackers. AI is making malware development easier, faster, and more effective. We are watching the democratization of cybercrime unfold in real-time, yet organizations still rely on outdated security postures. The days of playing defense without AI-driven security solutions are over. Adapt, or be breached—it’s that simple.

Then there’s the Change Healthcare breach, which exposed 190 million Americans’ data. UnitedHealth’s decision to pay a ransom only fuels more attacks. This is a systemic failure: companies treat security as an afterthought, and when they get burned, they pay their way out. That mindset has to change.

Finally, DHS’s decision to dismantle the Cyber Safety Review Board is baffling. Just as threats escalate, we’re gutting oversight. We need stronger, faster action—because right now, the bad actors are moving a lot faster than we are.

Until next week,

Arora Avatar

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team