Good morning, Security Gang! This comprehensive rundown covers the latest cybersecurity developments presented in the CyberHub Podcast. From concerns surrounding network edge devices and their newly exposed vulnerabilities, to a surprising dip in ransomware payments and fresh exploits by Russian and Chinese threat actors, there’s plenty of ground to cover. Critical Veeam patches, essential browser updates from Google and Mozilla, and unfortunate layoffs at Okta also feature prominently in this update.
Below is a detailed look at the major talking points from the February 5th show.
Zyxel Zero-Days Won’t Be Patched
Zyxel has announced that two exploited zero-day vulnerabilities affecting several legacy DSL CPE products will remain unpatched. Though roughly 1,500 devices are impacted, this is still a serious concern, particularly for small to medium-sized businesses that might unknowingly be using these end-of-life devices. One of the main issues is that organizations with limited IT resources often fail to stay on top of hardware upgrade cycles, opening the door to potential breaches. Managed service providers are encouraged to reach out to former clients who might still be using these devices, even if official support contracts have lapsed, to warn them of this vulnerability.
Five Eyes Urge Better Forensic Visibility on Network Edge Devices
The Five Eyes intelligence alliance—encompassing the U.S., UK, Canada, Australia, and New Zealand—has released new guidance stressing that network edge device manufacturers must improve forensic capabilities on their products. This call extends to firewalls, routers, VPN gateways, IoT systems, and OT devices, many of which lack robust logging, firmware updates, and strong authentication mechanisms. Without adequate logging, security teams face unnecessary challenges when investigating breaches. Although some devices are compatible with add-on security tools like intrusion detection or prevention systems, there is a clear need for improved built-in forensic visibility and consistent firmware support.
Ivanti and Security Edge Device Concerns
A growing area of apprehension involves Ivanti’s recurring zero-day vulnerabilities, underscoring a broader worry about whether certain network edge tools are more trouble than they are worth. Although these solutions may be feature-rich, the frequency of security gaps raises questions about their net benefit. The discussion underscores that cybersecurity priorities are shifting to ensure that edge devices not only provide functionality but also keep pace with evolving threats and do not introduce exploitable weaknesses into the environment.
Ransomware Payments Show a Surprising Drop
Recent data indicates that ransomware payments have decreased by about 35%, dropping from $1.25 billion to $812 million. Interestingly, the decline took place predominantly in the second half of 2024, even though the first six months suggested a possible record-breaking year for ransomware incidents. The shift has been partially attributed to successful disruption of major ransomware groups and enhanced law enforcement pressure. While the downward trend is a welcome change, experts caution that ransomware remains a formidable threat and could surge again if these adversarial groups reorganize.
Russian Espionage Exploiting a 7-Zip Vulnerability
According to Trend Micro, Russian-backed threat actors have targeted Ukrainian government entities by exploiting CVE-2025-0411, a vulnerability found in the 7-Zip archiver tool. By bypassing Windows’ Mark of the Web protection, attackers are able to execute arbitrary code under the privileges of the current user. The exploit has been featured in a campaign linked to the Smoke Loader malware, emphasizing Russia’s continued focus on breaching Ukraine’s cyber defenses. Users are advised to update to 7-Zip version 24.09 or newer in order to mitigate exposure to this exploit.
Chinese Actors Hijacking SSH Daemons for Persistent Access
Attacks attributed to “Evasive Panda” inject malware into SSH daemon processes on network appliances to enable persistent and covert system access. Initially discovered by Fortinet FortiGuard researchers, the campaign revolves around a suite dubbed Elf SSHDinjector.A!TR and has been active since November 2024. While the initial method of compromise remains unclear, once a device is infected, the malware checks for root privileges and existing infections. This technique further highlights the importance of enhanced monitoring, logging, and layered defenses, particularly for critical edge devices.
Veeam Patches a Critical Backup Software Flaw
Veeam has released patches to address CVE-2025-0020, a critical vulnerability that could lead to arbitrary code execution in its Backup & Replication software. Impacted versions run across multiple environments, including Windows, Nutanix, Red Hat Virtualization, and popular cloud platforms. Users are advised to apply the relevant patches immediately to minimize the risk of exploitation.
Browser Security Updates from Google and Mozilla
Google has rolled out Chrome 133, which resolves 12 security flaws. While official details remain limited, it includes bug bounty payouts, such as a $7,000 reward for uncovering a vulnerability in Skia. Mozilla’s Firefox 135 patch addresses seven medium and low-severity issues that could allow code execution, spoofing attacks, and improper certificate checks. Both companies urge users to update as soon as possible to ensure they receive the latest security protections.
Okta Announces Third Round of Layoffs
Okta, a major identity security provider, has confirmed a 3% workforce reduction, amounting to roughly 180 employees. This marks the third consecutive year of February layoffs, following cuts in both 2023 and 2024. Although Okta cites strategic realignment of resources toward critical growth areas, the move comes after the company has faced high-profile security incidents and stiff market competition. The organization says it will offer severance packages, but this unfortunate development affects a significant number of cybersecurity professionals. Members of the industry are encouraged to connect with those impacted in an effort to help them locate new opportunities.
Conclusion
This CyberHub Podcast review highlights how network edge security has emerged as a major discussion point. While a drop in ransomware payments is encouraging, it is too soon to celebrate, as threat actors continue exploring new avenues for compromise, including exploiting critical zero-day bugs and hijacking SSH processes. With fresh patches from Veeam and important browser updates from both Google and Mozilla, it is clear that staying current on security updates remains paramount. Lastly, Okta’s latest round of layoffs underscores the challenges of maintaining profitability and stability in an increasingly competitive and security-conscious market.
Action List
Audit legacy equipment to identify any end-of-life network devices, particularly Zyxel DSL CPE products that will no longer receive patches.
Replace outdated hardware to minimize exposure to unpatched vulnerabilities.
Enhance forensic logging and visibility in accordance with Five Eyes guidance, focusing on network edge devices.
Apply critical updates promptly for Veeam, 7-Zip, Chrome, and Firefox to stay ahead of evolving threats.
Extend support and networking assistance to Okta employees impacted by layoffs to maintain a healthy cybersecurity community.
✅ Story Links:
https://www.securityweek.com/zyxel-issues-no-patch-warning-for-exploited-zero-days/
https://www.cybersecuritydive.com/news/network-security-defects-erode-defense/738387/
https://therecord.media/ransomware-payments-drop-2024-chainalysis-report
https://www.securityweek.com/russian-hackers-exploited-7-zip-zero-day-against-ukraine/
https://thehackernews.com/2025/02/new-veeam-flaw-allows-arbitrary-code.html
https://www.securityweek.com/chrome-133-firefox-135-patch-high-severity-vulnerabilities/
https://www.bankinfosecurity.com/okta-carries-out-another-round-layoffs-axing-180-workers-a-27445
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post