Urgent iOS update fixes critical USB security flaw
Even if you just updated your Apple phone to the latest version, go ahead and do it again. On Monday, Apple released an urgent patch for a zero-day vulnerability (CVE-2025-24200) in iOS and iPadOS 18.3.1 that allowed attackers with physical access to disable USB Restricted Mode on locked devices. Discovered by Citizen Lab’s Bill Marczak, the flaw was used in an “extremely sophisticated” attack, likely for nation-state surveillance. USB Restricted Mode, introduced to block forensic tools from extracting data, could be bypassed due to an authorization issue in Apple’s OS logic.
(Security Week), (Bleeping Computer)
CISA officials placed on administrative leave
Several members of CISA’s election security team were placed on administrative leave late last week, primarily those working on misinformation and disinformation efforts, according to CyberScoop. The move follows the Trump administration’s pressure to scale back CISA’s role in countering election-relate d falsehoods, despite the agency’s past efforts to combat foreign influence and assist local election officials. Former election security lead Kim Wyman warns that shutting down these efforts will hit smaller jurisdictions the hardest, leaving them more vulnerable to misinformation. As of this recording, CISA has not responded to CyberScoop’s request for comment.
Cyber attack disrupts newspaper giant’s operations
Extra, extra, read all about it! Lee Enterprises, one of the largest newspaper groups in the U.S., with a daily circulation of over 1.2 million and a digital reach of 44 million, confirmed a cyberattack on February 3 that caused widespread outages and disrupted operations, including printing and delivery. The company has not yet determined if any data was compromised but warned that the ongoing investigation could take weeks. According to BleepingComputer, the attack caused “chaos” across the printing group, with VPNs not working and journalists unable to access files. This marks the second major cyber incident for Lee Enterprises in recent years, following a 2020 breach linked to Iranian hackers.
(Bleeping Computer), (Dark Reading)
UK military drops basic training requirements for cyber recruits
In a move to fill a growing need, the UK’s Ministry of Defence is fast-tracking cyber specialists by cutting basic training from 10 weeks to four, followed by three months of cyber-specialist training. As an added bonus, successful applicants will earn a starting salary far higher than their fellow recruits and will either work on securing military networks or conducting cyber operations against adversaries as part of the National Cyber Force. With plans to expand in 2026, the initiative aims to address a critical skills shortage, as the MoD says it has faced more than 90,000 “sub-threshold” attacks in the past two years.
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks.
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Global sting takes down Phobos ransomware hackers
A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four European suspects in Thailand and the takedown of 8Base’s dark web sites. The hackers allegedly extorted $16 million in Bitcoin from over 1,000 victims, including at least 17 Swiss companies. Authorities across multiple countries coordinated raids, seizing laptops, cryptocurrency wallets, and other evidence. Swiss officials sought extradition for the high-profile ransomware group linked to attacks on organizations like the United Nations Development Programme (UNDP) and Japanese tech giant, Nidec Corporation.
U.S. hacker sentenced for $37 million crypto theft
At just 22 years old, Indiana resident Evan Light was sentenced to 20 years in federal prison for hacking an investment holdings company’s servers and stealing over $37 million in cryptocurrency. Using a stolen identity of an investment holdings client, Light accessed client data of hundreds of other clients, which he then used to drain 571 accounts, and laundered the funds through mixing services and gambling sites. Prosecutors say he previously stole millions more, bringing the total amount stolen to a whopping $80 million.
Hacker behind SEC X account breach pleads guilty
An Alabama man pleaded guilty to highjacking the SEC’s X account in a January 2024 SIM-swappi ng attack, enabling a fake Bitcoin ETF approval post that briefly sent Bitcoin’s price soaring. The man behind the attack, Eric Council, used a fraudulent ID to take over the SEC’s phone number, reset the X account password, and grant access to co-conspirators who paid him $50,000 in Bitcoin. He now faces up to five years in prison, with sentencing set for May.
Georgia hospital hit by ransomware
Memorial Hospital and Manor, a small rural hospital in Bainbridge, Georgia, is notifying 120,000 individuals that their personal and health information was stolen in a November 2024 ransomware attack, with leaked data now publicly available. To put this into perspective, a 2023 census estimated that the city of Bainbridge has just over 14,000 residents. The Embargo ransomware gang claimed responsibility, saying it stole 1.15 terabytes of data, including Social Security numbers, medical records, and insurance details. The hospital is offering a year of free identity protection but says there’s no evidence of misuse at this time.