In today’s episode, we explore a range of topics—from controversial Chinese AI chatbots and North Korean spear-phishing campaigns to newly issued CISA directives that demand immediate attention.

Below is a detailed breakdown in paragraph format, ensuring you stay informed about the evolving cyber threat landscape.

DeepSeek Chatbot Linked to Chinese State-Owned Telecom

Recent security research indicates that DeepSeek, previously one of the most downloaded chatbot apps in the United States, includes computer code that transmits user login data to China Mobile—a state-owned telecom company barred from operating in the U.S. This discovery heightens concerns about Chinese surveillance and data collection, especially given the chatbot’s rise in global popularity.

In its privacy policy, DeepSeek admits to storing user information on servers located within the People’s Republic of China. The U.S. government has long warned against China Mobile, considering its reported ties to the Chinese military. President Biden’s administration subsequently imposed sanctions limiting U.S. investments in the company. Against this backdrop, DeepSeek’s potential link to the Chinese state raises serious red flags. Analysts also suggest DeepSeek may have appropriated parts of OpenAI’s ChatGPT code, pointing to broader intellectual property theft by Chinese tech companies.

Thailand Cuts Power to Scamming Hubs in Myanmar

In a bold tactic to fight cybercrime, Thai authorities recently shut down power in three specific areas in Myanmar—Myawaddy, Payatensu, and Tachileik—where criminal syndicates operate large-scale scam hubs. The move follows a meeting between China’s Assistant Minister of Public Security and Thailand’s Cyber Crime Investigation Bureau, during which both parties agreed more had to be done to curb online fraud.

These criminal networks reportedly force trafficked individuals into running fraudulent schemes, often targeting people in China and elsewhere. Thailand’s decision to disable electricity in these enclaves coincides with the Thai prime minister’s diplomatic visit to China, aimed at reinforcing the country’s commitment to clamp down on cybercrime. The measure not only disrupts scam operations but also serves as a firm statement on cross-border cooperation against cyber threats.

CISA Directives and New Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal entities to patch critical flaws in their systems. Chief among these is CVE-2024-53104, a high-severity vulnerability in Linux kernel version 2.6.26 and beyond, which is already being exploited in active attacks. Agencies have three weeks to apply the necessary patches, underscoring the urgency of this threat.

Meanwhile, Cisco has released patches to address multiple vulnerabilities in its Identity Services Engine (ISE). Two critical flaws, identified as CVE-2025-20124 and CVE-2025-20125, could allow remote code execution for attackers possessing read-only administrative rights. Additionally, Java byte streams in the ISE APIs were found to be insecurely deserialized, offering another attack vector. Finally, CISA has expanded its Known Exploited Vulnerabilities (KEV) catalog to include further vulnerabilities affecting Microsoft .NET and Apache OFBiz, urging organizations to update their systems promptly to avoid exposure.

North Korea’s Kimisky Group and “ForceCopy” Malware

The North Korea-linked hacking collective Kimisky has launched spear-phishing campaigns designed to deploy a malware known as ForceCopy. Their method involves sending phishing emails with Windows shortcut (.lnk) files disguised as Microsoft Office or PDF documents. When opened, these files activate a sequence of PowerShell commands or legitimate Microsoft binaries that download and run the payload.

Beyond ForceCopy, the campaign also delivers a trojan called Pebbledash and a modified version of a remote desktop tool known as RDP Wrapper. These findings indicate a growing sophistication in North Korean cyber operations, which increasingly rely on creative phishing and backdoor techniques to harvest sensitive information from targeted networks.

Criminals Abuse Legitimate HTTP Client Tools

Cybercriminals have begun exploiting genuine HTTP client tools—Axios and Node-Fetch—to perform account takeover attacks against Microsoft 365 environments. While using HTTP libraries for brute force attacks is not entirely new, recent campaigns have ratcheted up their volume and scope.

Proofpoint researchers discovered that attackers often focus on high-value individuals, such as executives and financial personnel in sectors like healthcare, construction, and IT. Adversaries typically employ adversary-in-the-middle and brute force methods, leveraging these popular open-source tools to automate malicious login attempts. The reliance on legitimate libraries complicates detection, making it essential for organizations to strengthen monitoring and limit suspicious login requests.

Share

Spanish Police Arrest Suspected Hacker

Spanish law enforcement took into custody a suspect in El Caliente who is believed to have orchestrated at least 40 cyberattacks targeting both national and international entities. The list of victims includes the Guardia Civil, Spain’s Ministry of Defense, NATO, the U.S. Army, and various universities. Among the charges are unauthorized database access, theft of personal data, and the subsequent sale of stolen information on dark web forums.

Although the suspect faced a judge, he was released with his passport confiscated to prevent him from leaving Spain. Critics highlight that European border policies can sometimes allow travel without a passport, raising concerns that the hacker could still evade more stringent legal consequences. Nonetheless, the arrest signals an important step in international cooperation against cybercrime, given the expansive range of targets.

Deloitte Pays $5 Million to Rhode Island Over Data Breach

Deloitte has agreed to pay $5 million to the State of Rhode Island to offset expenses incurred from a December data breach in the RI Bridges social services system, which Deloitte manages. Beyond the settlement, Deloitte is covering the cost of call centers and identity protection services for impacted residents.

The hacking group calling itself BrainCypher claimed responsibility for the breach, further highlighting the vulnerabilities within government-run social service platforms. Given Deloitte’s management role, it remains under scrutiny regarding security protocols and contractual obligations. The payment will go toward immediate and unexpected state costs, as well as ongoing remediation efforts.

Action List

1. Review DeepSeek Policies: If your organization or employees use DeepSeek, evaluate the security and privacy implications carefully.

2. Patch Linux Kernel Immediately: Update any system running kernel 2.6.26+ to address CVE-2024-53104, which is actively exploited.

3. Update Cisco ISE: Deploy the latest patches to mitigate critical vulnerabilities, especially in ISE APIs.

4. Monitor .NET and Apache OFBiz: Check versions and apply recommended security updates to guard against remote code execution risks.

5. Educate Against Phishing: Train employees to identify disguised .lnk files and avoid opening suspicious attachments.

6. Scrutinize HTTP Client Tools: Implement monitoring and rate-limiting to detect unusual login attempts via Axios, Node-Fetch, or other libraries.

7. Assess Third-Party Vendors: Ensure consultants, managed services, and SaaS providers have robust cybersecurity measures in place.

   
   From the CyberHub Podcast bunker, stay informed, stay prepared, and—above all—stay cyber safe.

✅ Story Links:

https://www.securityweek.com/researchers-link-deepseeks-blockbuster-chatbot-to-chinese-telecom-banned-from-doing-business-in-us/

https://therecord.media/thailand-cuts-power-scam-compounds-myanmar

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-linux-kernel-bug-exploited-in-attacks/

https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-enterprise-management-product/

https://www.bleepingcomputer.com/news/security/cisa-tags-microsoft-net-and-apache-ofbiz-bugs-as-exploited-in-attacks/

https://thehackernews.com/2025/02/north-korean-apt-kimsuky-uses-lnk-files.html

https://thehackernews.com/2025/02/cybercriminals-use-axios-and-node-fetch.html

https://www.bleepingcomputer.com/news/legal/spain-arrests-suspected-hacker-of-us-and-spanish-military-agencies/

https://www.cybersecuritydive.com/news/deloitte-5m-rhode-social-services/739309/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.