In today’s cybersecurity news…
Hegseth orders Cyber Command to stand down on Russia planning
According to an exclusive report from The Record, Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to halt “all planning against Russia, including offensive cyber actions.” The directive was given to Cyber Command chief Gen. Timothy Haugh, who relayed it to Marine Corps Maj. Gen. Ryan Heritage. The order does not extend to the National Security Agency or its signals intelligence efforts. The full scope remains unclear, but it aligns with White House efforts to normalize relations with Moscow following the Kremlin’s 2022 invasion of Ukraine. The decision marks a shift in U.S. cyber strategy amid ongoing geopolitical tensions.
SolarWinds CISO says security execs are nervous about individual liability for data breaches
Speaking at CyberLawCon, Brown, who was the highest-ranking security official during the 2020 SolarWinds hack, which was linked to Russian intelligence, noted that CISOs are increasingly uncertain about their legal risks, fearing liability while trying to implement strong security measures. Other security executives, he said, are “reevaluating how they publicly discuss their cybersecurity programs. He also noted that holding individuals liable for breaches can distract or hinder CISOs in effectively managing the aftermath of cyberattacks.”
Microsoft hangs up on Skype after 14 years
A decade and a half after being brought in as a replacement for Windows Live Messenger, users of the video call and messaging service will be asked to switch to Teams Free. Their contacts, call logs, and messages will be automatically migrated once they log into their accounts. Users who do not want to switch to Teams, can export their data, including chat history and images shared in messages, but this must all happen by May 5th.
Mark Cuban offers to fund government tech unit that was cut
SSSThe unexpected offer of support was posted on the social network Bluesky and urged the displaced engineers and designers to turn the upheaval to their advantage. Referring to the 18F technology unit of the government’s General Services Administration, he wrote, “if you worked for 18F and got fired, group together to start a consulting company,” continuing “it’s just a matter of time before DOGE needs you to fix the mess they inevitably created. They will have to hire your company as a contractor to fix it. But on your terms. I’m happy to invest and/or help.” The unit had reportedly built, among other things, Login.gov, a secure and private way for the public to access services at government agencies, including Social Security and the Department of Veterans Affairs.
Huge thanks to our sponsor, ThreatLocker
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft has discovered five flaws in the Paragon Partition Manager BioNTdrv.sys driver. One of these has been used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. These were exploited in Bring Your Own Vulnerable Driver (BYOVD) attacks where “threat actors drop the kernel driver on a targeted system to elevate privileges…or cause a denial-of-service (DoS) scenario on the victim’s machine.”
U.S. recovers $31 million stolen in 2021 Uranium Finance hack
U.S. authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance, a DeFi protocol on Binance’s BNB Chain. Hackers exploited vulnerabilities in its smart contracts, leading to its collapse and significant investor losses. Blockchain intelligence firm TRM Labs collaborated with the Southern District of New York and Homeland Security Investigations to track the stolen assets. By analyzing laundering patterns and tracing transactions through Tornado Cash and cross-chain swaps, law enforcement successfully seized the funds in February 2025, marking one of the most significant cryptocurrency recoveries in recent years.
Microsoft identifies generative AI hacking-for-hire scheme hackers
Microsoft has identified individuals from Iran, China, Vietnam, and the UK as key players in an international scheme to hijack and sell Microsoft accounts capable of bypassing generative AI safety guidelines. In December, Microsoft petitioned a Virginia court to seize infrastructure from 10 unnamed individuals accused of running a hacking-as-a-service operation using stolen API keys. These compromised accounts provided unauthorized access to Azure OpenAI, generating harmful content, including falsified celebrity imagery. Microsoft’s Digital Crimes Unit is leading the legal effort to shut down the operation, though specifics on the safety violations were not disclosed.
Philippine army suffers cyberattack
The Philippine Army confirmed a cyberattack after a local hacking group claimed to have breached its systems and accessed confidential documents. Army spokesperson Col. Louie Dema-ala described it as an “illegal access attempt” that was swiftly contained, with no detected data theft or damage. However, digital security group Deep Web Konek reported that hacker group Exodus Security claimed responsibility, alleging it had compromised 10,000 records of active and retired service members. The leaked data reportedly includes personal, military, and financial details, though its authenticity and exact volume remain unverified. Authorities continue to investigate the breach.