Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection.

Let these stories spark your interest and help you understand the changing threats in our digital world.

⚡ Threat of the Week

Lazarus Group Linked to Record-Setting $1.5 Billion Crypto Theft — The North Korean Lazarus Group has been linked to a "sophisticated" attack that led to the theft of over $1.5 billion worth of cryptocurrency from one of Bybit's cold wallets, making it the largest ever single crypto heist in history. Bybit said it detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a planned routine transfer process on February 21, 2025, at around 12:30 p.m. UTC. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).

🔔 Top News

OpenAI Bans ChatGPT Accounts for Malicious Activities — OpenAI has revealed that it banned several clusters of accounts that used its ChatGPT tool for a wide range of malicious purposes. This included a network likely originating from China that used its artificial intelligence (AI) models to develop a suspected surveillance tool that's designed to ingest and analyze posts and comments from platforms such as X, Facebook, YouTube, Instagram, Telegram, and Reddit. Other instances of ChatGPT abuse consisted of creating social media content and long-form articles critical of the U.S., generating comments for propagating romance-baiting scams on social media, and assisting with malware development.

‎️‍🔥 Trending CVEs

Your go-to software could be hiding dangerous security flaws—don't wait until it's too late! Update now and stay ahead of the threats before they catch you off guard.

This week's list includes — CVE-2025-24989 (Microsoft Power Pages), CVE-2025-23209 (Craft CMS), CVE-2024-12284 (Citrix NetScaler Console and NetScaler Agent), CVE-2025-26465, CVE-2025-26466 (OpenSSH), CVE-2025-21589 (Juniper Networks Session Smart Router), CVE-2024-12510, CVE-2024-12511 (Xerox VersaLink C7025 Multifunction printer), CVE-2025-0366 (Jupiter X Core plugin), CVE-2024-50379, CVE-2024-56337, CVE-2024-52316, CVE-2024-50379, CVE-2024-56337 (Atlassian), CVE-2024-53900, CVE-2025-23061 (Mongoose library), CVE-2025-26776 (NotFound Chaty Pro plugin), CVE-2025-26763 (MetaSlider Responsive Slider by MetaSlider plugin), CVE-2024-54756 (ZDoom Team GZDoom), CVE-2024-57401 (Uniclare Student Portal), CVE-2025-20059 (Ping Identity PingAM Java Policy Agent), CVE-2025-0868 (DocsGPT), CVE-2025-1023, CVE-2025-1132, CVE-2025-1133, CVE-2025-1134, CVE-2025-1135 (ChurchCRM), CVE-2024-57045 (D-Link DIR-859 router), CVE-2024-57050 (TP-Link WR840N v6 router), CVE-2024-57049 (TP-Link Archer c20 router), CVE 2025-26794 (Exim), CVE-2024-50608, CVE-2024-50609 (Fluent Bit), CVE-2024-54961 (Nagios XI), CVE-2025-23115, and CVE-2025-23116 (Ubiquiti UniFi Protect Camera).

📰 Around the Cyber World

U.S. Army Soldier Pleads Guilty to AT&T and Verizon Hacks — Cameron John Wagenius (aka Kiberphant0m), a 20-year-old U.S. Army soldier, who was arrested early last month over AT&T and Verizon hacking, has pleaded guilty to two counts of unlawful transfer of confidential phone records information in 2024. He faces up to 10 years of prison for each count. Wagenius is also believed to have collaborated with Connor Riley Moucka (aka Judische) and John Binns, both of whom have been accused of stealing data from and extorting dozens of companies by breaking into their Snowflake instances.

🎥 Expert Webinar

Webinar 1: Build Resilient Identity: Learn to Reduce Security Debt Before It Costs You — Join our exclusive webinar with Karl Henrik Smith and Adam Boucher as they reveal the Secure Identity Assessment—a clear roadmap to close identity gaps, cut security debt, and future-proof your defenses in 2025. Learn practical steps to streamline workflows, mitigate risks, and optimize resource allocation, ensuring your organization stays one step ahead of cyber threats. Secure your spot now and transform your identity security strategy.

Build Resilient Identity: Learn to Reduce Security Debt Before It Costs You — Join our exclusive webinar with Karl Henrik Smith and Adam Boucher as they reveal the Secure Identity Assessment—a clear roadmap to close identity gaps, cut security debt, and future-proof your defenses in 2025. Learn practical steps to streamline workflows, mitigate risks, and optimize resource allocation, ensuring your organization stays one step ahead of cyber threats. Secure your spot now and transform your identity security strategy. Webinar 2: Transform Your Code Security with One Smart Engine — Join our exclusive webinar with Palo Alto Networks' Amir Kaushansky to explore ASPM—the unified, smarter approach to application security. Learn how merging code insights with runtime data bridges gaps in traditional AppSec, prioritizes risks, and shifts your strategy from reactive patching to proactive prevention. Reserve your seat today.

🔧 Cybersecurity Tools

Ghidra 11.3 — It makes your cybersecurity work easier and faster. With built-in Python3 support and new tools to connect source code to binaries, it helps you find problems in software quickly. Built by experts at the NSA, this update works on Windows, macOS, and Linux, giving you a smart and simple way to tackle even the toughest challenges in reverse engineering.

RansomWhen — It is an easy-to-use open-source tool designed to help you protect your data in the cloud. It works by scanning your CloudTrail logs to spot unusual activity that might signal a ransomware attack using AWS KMS. By identifying which identities have risky permissions, RansomWhen alerts you before an attacker can lock your S3 buckets and hold your data for ransom. This tool gives you a simple, proactive way to defend against sophisticated cyber threats.

🔒 Tip of the Week

Easy Steps to Supercharge Your Password Manager — In today's digital world, using an advanced password manager isn't just about storing passwords—it's about creating a secure digital fortress. First, enable two-factor authentication (2FA) for your password manager to ensure that even if someone gets hold of your master password, they'll need an extra code to gain access. Use the built-in password generator to create long, unique passwords for every account, mixing letters, numbers, and symbols to make them nearly impossible to guess. Regularly run security audits within your manager to spot weak or repeated passwords, and take advantage of breach monitoring features that alert you if any of your credentials show up in data breaches. When you need to share a password, use the manager's secure sharing option to keep the data encrypted. Finally, ensure your password database is backed up in an encrypted format so you can safely restore your data if needed. These simple yet advanced steps turn your password manager into a powerful tool for keeping your online life secure.

Conclusion

We've seen a lot of action in the cyber world this week, with criminals facing charges and new scams coming to light. These stories remind us that keeping informed is key to online safety. Thanks for joining us, and we look forward to keeping you updated next week.