Welcome reader to your CybersecurityHQ report

Brought to you by:

👉 Cypago - Cyber governance, risk management, and continuous control monitoring in a single platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

#OpenToWork? Try our AI Resume Builder to boost your chances of getting hired!

Weekly Headlines

🎧 Listen to this newsletter on our AI-powered podcast

Trio Targets Cyber Scam Networks

Efforts to dismantle cyber scam centers in Myanmar are gaining traction as China, Thailand, and Myanmar collaborate on a crackdown. The coordinated effort, which involves repatriating workers trafficked into scam operations, follows China’s concerns over illegal activities at the borders. Cyber scams, including fake romantic engagements, fraudulent investments, and illegal gambling, target millions globally, causing significant financial losses.

Many of the workers, recruited under false pretenses, are effectively trapped in virtual slavery. Thailand has already repatriated some 260 individuals from 20 countries. Thai officials estimate 7,000 to 10,000 more could be repatriated soon.

China’s security chief, Liu Zhongyi, visited the Myanmar-Thai border in preparation for large-scale repatriations and to ensure further cooperation among the nations. While Myanmar’s Border Guard Force is involved in organizing the repatriations, its connections with scam centers have raised accusations of protection and complicity. Both Thailand and China aim to address the root causes of online fraud to prevent further exploitation.

Insight Partners Probes Cyber Breach

Insight Partners, a New York-based venture capital and private equity firm managing over (90 billion in assets, disclosed a breach on January 16, caused by a “sophisticated social engineering attack.” After detecting the incident, Insight notified law enforcement and brought in third-party cybersecurity experts to contain and investigate.

While the firm says the attackers did not maintain network access after discovery and operations were not disrupted, it has yet to determine whether any company or partner data was accessed or stolen. Insight Partners reassured stakeholders that there is currently no indication of a material impact on its portfolio companies, funds, or other stakeholders.

The investigation, aided by forensic and legal specialists, is ongoing, and Insight pledges to update any affected individuals as details emerge. The firm emphasizes that it took swift remedial measures and encouraged heightened vigilance among all those connected to Insight.

Puppygirl Polycule Steals Lexipol Files

A self-styled “puppygirl polycule” hacker group claims to have stolen over 8,500 files from Lexipol LLC, including sensitive data such as names, passwords, email addresses, and phone numbers. Founded by ex-police officers in 2003, Lexipol provides policy manuals and training bulletins for roughly 8,500 law enforcement agencies across the United States.

The company has repeatedly faced legal challenges over alleged racial profiling and anti-immigrant rhetoric in its publications. The hackers distributed the files on the platform Distributed Denial of Secrets, accusing Lexipol of lacking transparency and exerting undue influence over American policing.

The group’s stated motive is that there are insufficient cyberattacks targeting law enforcement. Lexipol has also been criticized by the American Civil Liberties Union (ACLU), which described some of the company’s policies as “illegal and unclear” and harmful to marginalized communities.

Valve Removes Malware From PirateFi

Valve has removed the game PirateFi from its Steam platform after discovering it contained malware. The company issued a warning to affected users, advising them to run a full system scan and even consider a complete operating system reformat to eliminate potential threats.

While the exact number of downloads remains unclear, the game had a 9/10 rating from 51 reviews before its removal. Valve has not disclosed the type of malware involved, and its spokesperson did not respond to media inquiries.

This incident shows the security risks associated with gaming platforms, as video games often have deep access to users' systems, making them a target for cybercriminals. Previous cases have included infostealer malware campaigns, self-spreading malware in Call of Duty, and even esports disruptions, such as an Apex Legends tournament hack.

Upgrade your subscription for exclusive access to member-only insights and services

Upgrade to paid

South Korea Bans DeepSeek Chatbot

South Korea has banned new downloads of China’s DeepSeek AI chatbot from app stores due to privacy concerns, following scrutiny from the country’s Personal Information Protection Commission. The app soared to over a million weekly users in South Korea after making global headlines, prompting local authorities to restrict government workers from installing it on their devices.

Acting President Choi Sang-mok warned that DeepSeek’s rapid success could impact industries beyond AI. Existing users can continue accessing DeepSeek, and it remains accessible via its website.

The ban mirrors moves by other jurisdictions, including Taiwan, Australia, and Italy, which have cited data protection and national security risks. France and Ireland have also raised questions about how personal data, such as email addresses and birthdates, are stored and used, particularly if they reside on Chinese servers.

Meanwhile, lawmakers in the US have proposed legislation banning DeepSeek on federal devices, citing ongoing serious surveillance risks.

Media Giants Sue Cohere Startup

Condé Nast and several major media companies have sued AI startup Cohere for alleged systematic copyright and trademark infringement. The lawsuit, filed in New York, claims Cohere scraped and used news articles without permission to train its AI, directly competing with publishers and AI licensing markets. Plaintiffs include The Atlantic, Forbes, The Guardian, Politico, and Vox Media, among others, seeking statutory damages of up to $150,000 per work and a permanent injunction against Cohere’s practices.

The lawsuit accuses Cohere of generating misleading AI outputs, including fabricated articles falsely attributed to publishers. One example cited involves a Guardian article that Cohere misrepresented, conflating unrelated tragedies and inventing quotes. The plaintiffs argue Cohere ignored robots.txt directives and failed to obtain proper licensing.

Cohere dismissed the claims as frivolous, asserting its AI training follows responsible practices.

AI Cybersecurity Firms Capture Billions

AI-focused cybersecurity firm Dream, co-founded by former Austrian Chancellor Sebastian Kurz and Israeli entrepreneurs in January 2023, has reached a $1.1 billion valuation following a $100 million Series B funding round. The investment, led by Bain Capital Ventures, includes backing from Group 11, Tru Arrow, Tau Capital, and Aleph. Dream specializes in protecting governments and critical infrastructure from cyber threats, reflecting growing investor confidence in AI-driven cybersecurity solutions.

Identity security firm SailPoint (SAIL.O), backed by Thoma Bravo, debuted on the stock market at $23 per share, valuing the company at $12.8 billion. The listing marks a cautious return to public markets amid investor skepticism over valuations, as traders navigate policy uncertainty and delayed interest rate cuts.

Palo Alto Networks (PANW.O) has raised its full-year revenue forecast, citing increased demand for AI-driven security solutions. Rising concerns over digital scams and high-profile cyber incidents are driving enterprise clients to invest more in advanced threat protection to safeguard business operations and reputation.

Private Equity Eyes Trend Micro

In yet another cybersecurity business story, Bain Capital, Advent International, and EQT AB are among private equity firms exploring a potential takeover of Japanese cybersecurity firm Trend Micro, valued at 1.32 trillion yen ($8.54 billion). Sources say KKR is also interested, although there's no guarantee a deal will proceed.

Following the news, Trend Micro’s stock soared 16.05% in Tokyo, reaching its highest level since March 2000.

Founded in 1988, Trend Micro started as an antivirus maker and expanded into cloud computing, network, and endpoint security. The firm reported a 6% rise in third-quarter net sales to 68.1 billion yen and a 42% jump in operating income, with its operating margin hitting 24%.

A successful buyout would be among the largest leveraged buyouts in months, signaling a revival of private equity deal activity amid higher interest rates. Several cybersecurity deals have emerged as competition grows and organizations increase spending on security platforms. Trend Micro may remain independent.

Interesting Read

Cybersecurity professionals, like just about anyone with a job right now, are wondering how AI will affect their job security. In this write-up by Paulius Grinkevičius for Cybernews, the impact of this technology on both office jobs and manual labor is explored.

It’s no secret that the rise of AI is reshaping the job market, with junior coding roles being automated faster than manual labor. Large language models (LLMs) are eliminating entry-level programming jobs as companies increasingly use AI-driven coding tools like GitHub Copilot and Vercel. Meta and Replit have announced plans to reduce software engineer roles, while AI chatbots are already replacing customer service jobs. However, experts argue that AI will augment rather than replace experienced developers, allowing them to focus on complex tasks like security and custom functionality.

But how do you get experienced developers in the future if you have no entry-level programmers right now?

Meanwhile, manual labor jobs in construction, healthcare, and transportation remain less affected due to the difficulty of automating physical tasks. Robotics may eventually catch up, but for now, blue-collar jobs are more resilient. 

Weekly Inspired Arora Opinion & Analysis

This weekly column has been created based on a deep analysis of how Nikesh Arora, CEO of Palo Alto Networks, strategizes in the cybersecurity space, drawing inspiration from his leadership style, forward-thinking approach, and innovative insights. While not an exact representation, the column embodies key elements of his strategic mindset and vision for the future of cybersecurity.

-

This week’s cybersecurity landscape highlights a recurring truth: digital security is no longer a segmented concern for enterprises. It is a geopolitical, financial, and societal imperative. AI-generated insights help us analyze a global crackdown on cyber scam centers, a high-profile breach at Insight Partners, a controversial AI lawsuit, and an increasingly volatile intersection of gaming and cybersecurity.

Let’s start with the trio of nations, China, Thailand, and Myanmar, taking the fight to cyber scam networks. The staggering reality is that these fraudulent operations are not just digital. They are modern slavery networks trapping workers under false pretenses, coercing them into executing scams that cost individuals billions worldwide. The international response is promising, but the fundamental issue remains. Digital fraud thrives where governance is weak. Unless these efforts evolve into long-term systemic interventions, we will be back here in another year discussing the same criminal enterprises under different names.

On the corporate front, Insight Partners’ breach is a stark reminder that even the most sophisticated firms remain vulnerable to social engineering. The attack was “contained,” but let’s be clear. That is damage control, not prevention. Investors and enterprises alike need to accept that breaches are not a question of "if" but "when." The real differentiator is how swiftly companies can detect, respond, and rebuild trust.

Meanwhile, AI is finding itself at legal crossroads again. The lawsuit against Cohere for allegedly scraping copyrighted media content raises critical questions about the ethical and legal framework of AI training models. Cohere, like OpenAI and Google before it, is facing the growing reckoning of generative AI’s reliance on unlicensed data. This case will not be the last. Expect tighter regulatory scrutiny and industry-wide shifts in how AI models acquire and process information.

Another unsettling breach came from the “Puppygirl Polycule” hacker group targeting Lexipol, a firm supplying law enforcement policy documents. The motivations are ideological rather than financial. This marks a growing trend where hacktivism collides with cybersecurity. The deeper issue is that public trust in digital infrastructure is eroding. Governments and enterprises must address not just security but transparency and accountability in their data practices.

Gaming also took a hit, as Valve was forced to remove PirateFi due to embedded malware. This is not an isolated event. We have seen gaming platforms emerge as prime targets for cyberattacks, from infostealers to tournament hacks. Why? Games are highly interactive, always connected, and players often grant deep system access. The takeaway is that security must be baked into digital ecosystems from inception, not patched in later.

Finally, let’s talk about AI in cybersecurity. The market is moving fast. Dream, a firm focused on AI-driven cybersecurity, just hit a $1.1 billion valuation, and Trend Micro is now a prime target for private equity. The interest in cybersecurity is obvious, but the question remains. Are we investing in real solutions or just in hype? The future belongs to firms that can operationalize AI for real-time threat prevention, not just promise it.

One thing is certain. Every industry, from private equity to gaming, from national security to AI research, is now a cybersecurity industry. Those who do not recognize that fact will learn it the hard way.

Until next week,

Arora Avatar

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team