Welcome reader to your CybersecurityHQ report

Brought to you by:

👉 Cypago - Cyber governance, risk management, and continuous control monitoring in a single platform

🛡️ Defendify - 13 cybersecurity tools and three layers of protection in one intuitive, powerful platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

—

#OpenToWork? Try our AI Resume Builder to boost your chances of getting hired!

—

Weekly Headlines

🎧 Listen to this newsletter on our AI-powered podcast

WhatsApp Accuses Paragon Of Hacking

We start with a story about a tech giant, a group of spies, and the U.S. government.

It all started when Meta’s WhatsApp accused Israeli spyware maker Paragon of using its software in a hacking campaign targeting around 90 journalists and activists. Two individuals, Italian journalist Francesco Cancellato and Sweden-based Libyan activist Husam El Gomati, have publicly stated they were among the targets. WhatsApp has issued a cease-and-desist letter, but Paragon has not responded.

Paragon Solutions later confirmed that it sells its technology to the U.S. government and “a group of global democracies,” though it declined to specify which countries. John Fleming, Paragon’s executive chairman, stated that the company prohibits the illicit targeting of journalists and civil society figures, vowing to terminate contracts if violations occur.

Paragon previously signed a $2 million contract with U.S. Immigration and Customs Enforcement (ICE), and last year, AE Industrial bid $900 million to acquire the company. Reports suggest Italy may also be a Paragon customer, though neither Paragon nor the Italian government has confirmed this.

This story will no doubt continue to unfold over the following weeks and months.

DeepSeek Controversy Sparks Global AI Concerns

Last week, the big news was DeepSeek R1. And really, this week is no different, so we gathered a few of the big stories in one place.

The first? Governments are trying to limit use of DeepSeek to protect their information from China. Australia has joined a growing list of countries banning the AI chatbot, over national security concerns. The Department of Home Affairs has ordered all government entities to block and remove DeepSeek products from official systems, citing the risk to government technology. However, the ban does not extend to private citizens.

Why are governments so worried? Less than three weeks after its meteoric launch, New York-based cybersecurity firm Wiz claims it discovered that DeepSeek had inadvertently exposed over a million lines of sensitive data to the open internet. The unsecured data included digital software keys and chat logs, revealing prompts sent by users to the AI assistant. Wiz alerted DeepSeek, which secured the data within an hour, but CTO Ami Luttwak warned that others likely accessed it before the fix.

Then, on Wednesday, Ontario-based Feroot Security said that DeepSeek may have direct links to Chinese state systems, posing a serious national security risk. CEO Ivan Tsarynny says he discovered hidden code within DeepSeek that sends user data to CMPassport.com, the online registry for China Mobile, a state-owned telecommunications company banned in the U.S. due to surveillance concerns.

Users logging into DeepSeek may unknowingly be creating accounts in China, exposing their identities, search history, and online activity to the Chinese Communist Party (CCP). The app also creates digital fingerprints that can track users beyond DeepSeek’s platform.

So, what’s next?

The AI Action Summit, hosted by France and India on Feb. 10-11, will bring together nearly 100 nations, including the U.S. and China, to discuss AI’s safe development and economic impact. It’s seen as a potential showdown as the AI race heats up.

The summit focuses on open-source AI, labor disruption, and energy sustainability, with top executives from Alphabet, Microsoft, and OpenAI attending.

U.S. Vice President JD Vance will represent the American delegation, but it’s unclear if the U.S. will align with China and others on a non-binding AI governance communiqué. 

Unlike previous summits, no new AI regulations are planned. France aims to balance AI innovation with flexible EU regulations, showcasing its clean nuclear energy as a sustainable solution for power-hungry AI models. Expected outcomes include $500 million in AI investment and energy-focused initiatives. France sees DeepSeek’s success as proof that the global AI race is still open.

Russian Hackers Exploit 7-Zip Vulnerability

A 7-Zip vulnerability (CVE-2025-0411) allowed Russian hackers to bypass Windows' Mark of the Web (MoTW) security feature, exploiting it as a zero-day attack since September 2024. The flaw was used in SmokeLoader malware campaigns targeting Ukrainian government agencies and private organizations.

MoTW is a security feature that flags files from untrusted sources, prompting a warning before execution. However, hackers exploited 7-Zip’s flaw by embedding malicious files inside double-archived formats, preventing MoTW from propagating to the inner archive. This allowed malicious scripts to execute without triggering security alerts, bypassing phishing filters and making attacks harder to detect.

The campaign targeted organizations like Ukraine’s Ministry of Justice, Kyiv Public Transportation, and Kyiv Water Supply. Despite researchers discovering the flaw in September, 7-Zip didn’t patch it until November 30, 2024 in version 24.09. As 7-Zip lacks an auto-update feature, users are urged to manually update to protect against further exploitation.

Spanish Teen Hacker Arrested for Global Breaches

Spanish authorities have arrested ‘Natohub,’ an 18-year-old hacker accused of breaching strategic organizations worldwide, including NATO, the Ministry of Defence, and the Guardia Civil. Detained at his home in Calpe, Alicante, he allegedly stole 180,000 records from Spain’s Civil Guard, Armed Forces, and Ministry of Defence, later selling the data on cybercriminal forums.

Investigators revealed he had over 50 cryptocurrency accounts, indicating “extensive knowledge of the blockchain world.” Authorities also seized a large cache of computer equipment. Despite the severity of the allegations, a court in Alicante released him with only a passport suspension, with his mother posting bail.

According to police, "the young man had set up a complex technological network using anonymous messaging and browsing applications, making him difficult to track." His cyberattacks spanned global institutions, including the U.S. Army, the United Nations, and the International Civil Aviation Organization. The operation involved Europol, the CNI, and U.S. Homeland Security Investigations (HSI), marking a major breakthrough in cybersecurity enforcement.

Upgrade your subscription for exclusive access to member-only insights and services

Upgrade to paid

Thai Woman Arrested in $182M Romance Scam

A 52-year-old Thai woman, Orathai, was arrested at Hat Yai International Airport for allegedly aiding a Nigerian romance scam gang involved in a 6.223 billion baht ($182 million) fraud. Police detained her upon arrival from Malaysia on Feb. 1, following a 2020 arrest warrant for money laundering and assisting a transnational criminal network.

The scam targeted Chamanan, a former financial manager, who was deceived by a scammer posing as a U.S. soldier in Afghanistan. Manipulated into believing she was in a romantic relationship, she stole billions from her company and transferred the funds to Orathai’s accounts.

Orathai claimed she was also deceived, saying she met a Nigerian man in Malaysia in 2017 who convinced her to open bank accounts for his “business”. She allegedly received 6,500 baht per account but insists she had no control over the funds. Authorities had been tracking her since she fled to Malaysia, monitoring her return to Thailand.

Grubhub Data Breach Exposes Customer Information

Grubhub, the U.S. food delivery giant, has disclosed a data breach affecting customers, merchants, and drivers after hackers accessed its internal systems through a third-party service provider. The company detected unusual activity, identified unauthorized access, and immediately terminated the provider’s account to contain the breach.

The compromised data includes names, email addresses, phone numbers, and partial payment card details, specifically the last four digits of some campus diners’ cards. Hashed passwords from legacy systems were also accessed, though bank details and Social Security numbers were not affected. The breach impacted users who interacted with Grubhub’s customer care service and Campus Dining program.

Grubhub has not disclosed the number of affected individuals or when the breach occurred. The company, which was acquired by Wonder Group last fall for $650 million, says it has taken immediate action to secure its systems and prevent further intrusions.

Cybercriminals Exploit Legitimate Tools for ATO

Cybercriminals are increasingly using legitimate HTTP client tools like Go Resty, Node Fetch, and Axios to carry out account takeover (ATO) attacks on Microsoft 365 environments. Security firm Proofpoint has observed these tools being exploited for brute-force attacks, Adversary-in-the-Middle (AitM) techniques, and credential theft, leading to widespread compromise of cloud accounts.

Since early 2024, 78% of Microsoft 365 tenants have faced at least one ATO attempt, with a peak in May 2024, when attackers hijacked millions of residential IPs for large-scale attacks. A recent password spraying campaign using Node Fetch and Go Resty recorded 13 million login attempts between June and November 2024, though the success rate remained low at 2%.

High-value targets included executives, financial officers, and IT personnel, while education sector accounts were also heavily targeted due to weaker security. Attackers continue evolving their methods, frequently switching HTTP client tools to evade detection and enhance attack efficiency.

CISA Flags Four Active Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The flaws include CVE-2024-45195, a forced browsing vulnerability in Apache OFBiz, and CVE-2024-29059, an information disclosure flaw in Microsoft .NET Framework. Additionally, two older vulnerabilities, CVE-2018-9276 and CVE-2018-19410, affecting Paessler PRTG Network Monitor, have also been flagged for active threats.

While all vulnerabilities have been patched by their respective vendors, there are no public reports detailing real-world exploitation methods. Federal Civilian Executive Branch (FCEB) agencies have been urged to apply fixes by February 25, 2025, to mitigate potential cyber threats.

Interesting Read

Marcus Walsh, writing for Cybernews, writes in this article about big changes around AI ethics at Google. Sure, the shift reminds us just how flimsy any of these policies are. But what exactly is changing?

Google reversed its stance on AI for surveillance and weapons development, reflecting a broader trend of tech giants adapting their ethics to financial and political pressures. While Google previously dropped its military AI contract (Project Maven) in 2018 due to employee protests, its new shift raises concerns about renewed military partnerships.

Other companies have followed similar paths. Microsoft canceled a Pentagon cloud AI contract in 2021 over ethical concerns, only to pursue military contracts under different names. Amazon and IBM wavered on facial recognition, with Amazon pausing but later resuming law enforcement sales, while IBM distanced itself publicly but continued working with police departments.

Google is investing $75 billion in AI this year, accelerating its Gemini integration while potentially deepening ties to AI-driven warfare and surveillance.

Weekly Arora-Inspired Opinion & Analysis

This weekly column has been created based on a deep analysis of how Nikesh Arora, CEO of Palo Alto Networks, strategizes in the cybersecurity space, drawing inspiration from his leadership style, forward-thinking approach, and innovative insights. While not an exact representation, the column embodies key elements of his strategic mindset and vision for the future of cybersecurity.

-

This week brought another round of cybersecurity flashpoints, underscoring the fragile balance between technological innovation and national security. WhatsApp’s accusation against Israeli spyware firm Paragon highlights the persistent shadow war between surveillance firms and tech giants. That Paragon sells to the U.S. government adds layers of complexity, governments rely on these tools while simultaneously condemning them when exposed. This contradiction isn’t new, but as spyware incidents mount, regulatory pressure will grow, possibly leading to tighter controls on commercial surveillance tech.

DeepSeek R1 remains at the center of controversy, with Australia joining the list of governments banning its use. The rapid response to security risks linked to China underscores how AI is now a geopolitical chess piece. The upcoming AI Action Summit, where nearly 100 nations will discuss governance, will set the tone for global AI policy. The question remains: will the U.S. push for restrictive measures, or will economic interests override security concerns? France’s bet on AI sustainability is a reminder that innovation isn’t just about intelligence, it’s also about power consumption.

Meanwhile, cybersecurity threats continue evolving. Russian hackers exploited a 7-Zip vulnerability to bypass security protocols, targeting Ukrainian institutions. The lesson? Even ubiquitous software tools can become attack vectors. The Spanish teen hacker arrested for breaching high-profile organizations is another reminder that cybercrime isn’t just the domain of nation-states, it’s also an individual’s game.

Grubhub’s data breach and the rise of ATO attacks using legitimate HTTP client tools highlight the vulnerabilities in cloud-based services. As cybercriminals weaponize everyday tech, enterprises must reassess authentication and security protocols. The overarching theme of the week? The intersection of cybersecurity, AI, and geopolitics is only getting more entangled. Businesses and governments alike must prepare for an era where digital conflicts define global power plays.

Until next week,

Arora Avatar

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team