Secure World News

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. The advisory, part of the #StopRansomware campaign, outlines the attack methods, technical details, and mitigation strategies needed to defend against this persistent ransomware strain.

Microsoft’s recent announcement of the Majorana 1 chip marks a significant leap toward scalable quantum computing, potentially accelerating the timeline for a commercially viable quantum computer.

Chinese cyber espionage group Salt Typhoon has made headlines in the last year, breaching major U.S. telecommunications providers, including AT&T, Verizon, and Lumen Technologies. Now, new research from Recorded Future’s Insikt Group reveals that Salt Typhoon remains active and has expanded its campaign, compromising additional telecom networks across the globe between December 2024 and January 2025.

What is IAM, and why should you care?

Cybersecurity governance has undergone a dramatic transformation over the past few decades. From its early days, where security was an afterthought to business operations, to the present, where it has become a board-level discussion, governance has had to adapt to an ever-evolving digital landscape.

Last year saw a 110% rise in cybercrime in the lead up to Valentine’s Day. And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine’s themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect. Just as Christmas makes us a bit more likely to click on a dodgy parcel delivery text, Valentine’s Day means we are more likely to click on something romance related.

A major security incident has allegedly struck OmniGPT, a popular AI aggregator that provides users access to multiple AI models, including ChatGPT-4, Claude 3.5, Gemini, and Midjourney. A hacker claims to have breached OmniGPT’s infrastructure, leaking a staggering 30,000 user email addresses, phone numbers, and 34 million lines of chat messages. The leaked data reportedly includes API keys, credentials, and file links, raising severe cybersecurity and privacy concerns.

Deepfakes involve AI-generated synthetic media that convincingly mimics real individuals’ voices and faces. While initially popularized in entertainment and satire, cybercriminals now weaponize this technology for fraud, identity theft, and corporate deception.

The Honourable David McGuinty, Minister of Public Safety, on February 6th unveiled Canada’s National Cyber Security Strategy (NCSS), a long-term plan to protect Canadians, businesses, and critical infrastructure from an increasingly complex cyber threat landscape.

A secret order issued by the United Kingdom’s government is sparking global alarm among privacy advocates and cybersecurity experts. According to The Washington Post, the U.K. has directed Apple to create a backdoor into its encrypted iCloud backup service, a move that could have profound implications for digital privacy and security worldwide.

Thinking of connectivity as the gravity center of every modern organization’s digital ecosystem isn’t a far-fetched perspective. It’s deeply ingrained into the very fabric of collaboration, cloud computing, data sharing, remote work, and customer engagement. All these crucial areas take a major hit when a network attack happens. And, the unfortunate reality is that no network is immune.

A recent Washington Post report has revealed that the U.S. Department of Government Efficiency (DOGE) team led by Elon Musk is leveraging artificial intelligence to analyze government spending at the Department of Education (DOE). The initiative aims to identify potential budget cuts and streamline government operations, but cybersecurity experts are raising serious privacy and security concerns about the project.

The United States is taking a firm stance against potential cybersecurity threats from artificial intelligence (AI) applications with direct ties to foreign adversaries. On February 6, 2025, U.S. Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) introduced the bipartisan No DeepSeek on Government Devices Act, seeking to prohibit federal employees from using the AI-powered application DeepSeek on government-issued devices.

Grubhub recently confirmed a data breach stemming from a third-party vendor, exposing the ongoing risks associated with supply chain security. While the company assures that sensitive information like full payment details and Social Security numbers were not compromised, the incident serves as another reminder of the vulnerabilities that can arise from external partnerships.

The State of Cybersecurity in Canada 2025 report, published by the Canadian Cybersecurity Network (CCN) and the Security Architecture Podcast, delivers an in-depth analysis of the evolving threat landscape, emerging risks, and strategic recommendations for Canadian organizations. This year’s report underscores the urgency of bolstering national cybersecurity resilience in response to escalating attacks, regulatory shifts, and a persistent talent gap.

Cybercrime has been steadily on the rise for the past years. Notably, 2024 was unprecedentedly precarious with the second largest in history National Public Data breach and the biggest healthcare data breach to date with the massive attack on Change Healthcare. Nearly 3 billion records were stolen in the U.S., Canada, and the U.K., including such sensitive information as people’s full names, Social Security numbers, addresses, phone numbers, and dates of birth.

In a significant victory against cybercrime, U.S. and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. Dubbed Operation Heart Blocker, the coordinated effort targeted a cybercriminal group known as Saim Raza, also operating under the name HeartSender.

In a coordinated international effort, law enforcement agencies from the United States, Europe, and Australia have dismantled Cracked and Nulled, two of the world’s largest cybercrime marketplaces. These underground forums—home to more than 10 million users—facilitated the trade of stolen data, hacking tools, and cybercrime-as-a-service, making these illicit activities more accessible than ever.

The cybersecurity world has been rocked by yet another example of how poor security practices can put sensitive data at risk—this time involving DeepSeek, a Chinese AI startup making waves with its advanced reasoning model.

Working in cybersecurity is demanding. Analysts must investigate and remedy thousands of alerts every day while remaining adaptable to an ever-changing technological landscape.