The CyberWire Daily Podcast 1.30.25
Ep 2235 | 1.30.25

Cracked and Nulled taken down.

Transcript

International law enforcement takes down a pair of notorious hacking forums. Wiz discovers an open DeepSeek database. Time Bandit jailbreaks ChatGPT. Ransomware hits one of the largest U.S. blood centers. A cyberattack takes the South African Weather Service offline. Researchers describe a new “browser syncjacking” attack. TeamViewer patches a high-severity privilege escalation flaw. Over three dozen industry groups urge Congress to pass a national data privacy law. CISA faces an uncertain future. N2K’s Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of H4XLabs. OpenAI Cries Foul After Getting a Taste of Its Own Medicine.

Today is Thursday January 30th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Law enforcement takes down a pair of notorious hacking forums.

Authorities have dismantled two of the largest hacking forums, Cracked and Nulled, in Operation Talent, seizing 17 servers and arresting two suspects. With over 10 million users, these forums served as hubs for cybercriminal activity, offering stolen credentials, hacking tools, and cybercrime-as-a-service.

Europol described them as entry points into cybercrime, providing “configs” for credential-stuffing tools like OpenBullet and hosting AI-based hacking tools. In a coordinated effort across multiple countries, authorities seized 12 domains, including Cracked, Nulled, StarkRDP, and SellIX, the latter two being integral to the forums’ operations.

Law enforcement searched seven properties, confiscating over 50 electronic devices and €300,000 ($312,000) in cash and cryptocurrency. The FBI took over the domains, replacing their nameservers with FBI-controlled addresses.

The seized data, including email and IP addresses, will aid future investigations. While forum staff acknowledged the takedown, law enforcement emphasized its impact on disrupting cybercriminal infrastructure.

Wiz discovers an open DeepSeek database. 

It started with a routine scan. The Wiz Research team was mapping DeepSeek’s external attack surface—nothing unusual for cybersecurity researchers. DeepSeek, after all, was making waves with its DeepSeek-R1 reasoning model, a rival to OpenAI’s best. But within minutes, the team stumbled upon something alarming.

An open ClickHouse database—completely exposed, no passwords, no authentication. Just sitting there, waiting to be accessed. With a simple query, the researchers found themselves staring at over one million logs filled with chat history, API keys, backend operations, and other sensitive data. Worse, the database allowed full administrative control, meaning an attacker could not just read but potentially alter or escalate privileges within DeepSeek’s systems.

Realizing the gravity of the situation, the Wiz team immediately reported the issue. DeepSeek responded swiftly, locking down the exposure. But the incident highlighted a growing problem: AI startups are scaling fast—often without proper security measures. While the world worries about AI’s long-term risks, the real dangers are often much simpler—accidental data leaks like this one.

The lesson? AI companies must prioritize security just as cloud providers do—or risk exposing their users, their data, and their reputation.

Time Bandit jailbreaks ChatGPT. 

AI researcher David Kuszmar made a chilling discovery—“Time Bandit,” a jailbreak that lets users bypass ChatGPT’s safety filters to access dangerous instructions on weapons, malware, and nuclear topics. The flaw exploits ChatGPT’s temporal confusion, tricking it into thinking it’s in the past while using modern knowledge.

Realizing the severity, Kuszmar frantically tried to alert OpenAI, but struggled to find a direct contact. Even after reaching out to CISA, the FBI, and government agencies, he was met with silence. His anxiety grew as weeks passed. Eventually, through CERT Coordination Center, OpenAI was contacted, confirming the exploit.

While OpenAI has implemented partial fixes, the jailbreak still works in some cases. 

Ransomware hits one of the largest U.S. blood centers. 

The New York Blood Center (NYBC), one of the largest U.S. blood centers, has suffered a ransomware attack, causing service disruptions. Detected on January 26, the breach forced NYBC to take systems offline, affecting blood donation processing and hospital supply chains.

The attack comes amid a blood emergency, with supplies at dangerously low levels. NYBC is working to restore systems but has no clear timeline. It’s unknown who is behind the attack or if patient data was compromised.

A cyberattack takes the South African Weather Service offline. 

A cyberattack has taken the South African Weather Service (SAWS) offline, disrupting critical weather services for airlines, farmers, and regional allies like Mozambique and Zambia. The attack, which began Sunday evening, took down SAWS’ website, email systems, and aviation/marine services, forcing the agency to share updates via social media.

This marks the second attempted attack in two days, with no ransomware group claiming responsibility. South Africa has faced numerous cyberattacks on public institutions, including its Defense Department, pension system, and national lab service. SAWS is working with ICT service providers to restore systems but has no timeline for full recovery.

Researchers describe a new “browser syncjacking” attack. 

Imagine installing what seems like an innocent browser extension—only to unknowingly hand over full control of your browser, data, and even your device to an attacker.

That’s exactly what researchers at SquareX have uncovered in a new technique they’re calling “browser syncjacking.” It’s a three-stage attack that turns a simple extension into a full-scale cyber weapon.

First, a user—maybe an employee—installs a malicious extension. That extension silently authenticates them into an attacker-controlled Google Workspace profile, allowing hackers to disable security settings and make changes to the browser.

Next, they take over the entire browser. The extension waits for a normal download—then swaps it out for a malicious file. That file registers the victim’s Chrome browser as managed by the attacker, giving them full control.

And finally, the worst part—device hijacking. The attacker can now use the compromised browser to record screens, capture audio, turn on cameras, and even install malware—without the user ever knowing.

The researchers say there’s no easy way to track or stop it. Traditional security tools like EDR and secure web gateways simply don’t catch these kinds of browser-based attacks.

SquareX is calling this a massive blind spot in enterprise security. And unless organizations start monitoring what extensions their employees install, this kind of attack could become a huge problem.

TeamViewer patches a high-severity privilege escalation flaw. 

TeamViewer has patched a high-severity privilege escalation flaw (CVE-2025-0065, CVSS 7.8) that could allow local attackers to gain elevated privileges on Windows systems. The vulnerability affects multiple versions and has been fixed in the latest updates.

Although there’s no evidence of exploitation in the wild, TeamViewer urges users to update immediately, as threat actors have previously abused TeamViewer for malware deployment. The flaw was reported via Trend Micro’s Zero Day Initiative (ZDI).

Security experts warn that remote access tools like TeamViewer can increase the attack surface, especially in industrial and operational technology environments, making regular updates crucial.

Over three dozen industry groups urge Congress to pass a national data privacy law. 

Over three dozen industry groups are urging Congress to pass a national data privacy law that would override state regulations. In a letter to House and Senate Commerce Committee leaders, they argue that a unified standard would help businesses operate more efficiently and lower consumer costs.

Despite bipartisan interest, past privacy bills have failed due to disagreements over preempting state laws and allowing individuals to sue over violations. If enacted, federal law could replace strong state protections, such as California’s privacy law and Illinois’ biometric data rules.

The letter, backed by big tech and automotive groups, does not mention data brokers. It proposes transparency requirements, consumer opt-out rights, and limits on data collection, but exempts small businesses. Critics warn the proposal mirrors weaker state laws and could reduce consumer protections rather than strengthen them.

CISA faces an uncertain future. 

The Cybersecurity and Infrastructure Security Agency, or CISA, has played a major role in protecting election systems across the U.S. But now, its future is uncertain.

Since its creation in 2018, CISA has worked with state officials to strengthen voting security. But President Donald Trump and his allies have criticized the agency, accusing it of censoring conservatives and interfering in the 2020 election. CISA denies these claims.

Now, with Trump back in office, there’s no clear leader for the agency. His Homeland Security Secretary, Kristi Noem, has suggested reining in CISA’s authority. And a Republican policy plan, Project 2025, proposes moving CISA to the Transportation Department and limiting its role in elections.

Many state officials say CISA has been critical in improving election security. But as political battles continue, the question remains: Will CISA’s mission change before the next election?

 

Today, N2K’s Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of BMNT Ventures, about the venture model, why it exists, how it works, and its impact. We’ll be right back.

Welcome back.

OpenAI Cries Foul After Getting a Taste of Its Own Medicine. 

And finally, in a biting, razor-sharp article for 404 Media, Jason Koebler describes how OpenAI and Microsoft are now complaining that DeepSeek may have used OpenAI’s own models to train its AI? The same OpenAI that’s currently being sued by The New York Times for hoovering up its articles without permission? Oh, the irony.

The claim is that DeepSeek engaged in something called “distillation”—a standard AI technique where a smaller model learns from a bigger one by asking a ton of questions. It’s a widely accepted method, even backed by AI legend Geoffrey Hinton, and has been used for years to make AI models more efficient. But now that OpenAI is on the receiving end, suddenly, it’s “unfair.”

Koebler maintains this whole thing is hilarious because OpenAI’s entire business model is built on scraping vast amounts of data from the internet—mostly without permission—while arguing that it’s totally fine under fair use. But now, when someone else does it? Suddenly, OpenAI is clutching its pearls and running to the government for protection.

And of course, President Trump’s new “AI czar,” venture capitalist David Sacks, is jumping in, claiming there’s “substantial evidence” that DeepSeek siphoned knowledge from OpenAI. Meanwhile, Sam Altman took a passive-aggressive swipe at DeepSeek on Twitter, basically saying, copying is easy, real innovation is hard.

But let’s not forget: OpenAI didn’t invent AI. It built on research from Google, academia, and open-source communities—the same way DeepSeek and every other AI company does. That’s how science works.

So now OpenAI is complaining to the government about “protecting U.S. technology,” while trying to gatekeep an industry it dominated by using the exact same tactics. If that’s not the pot calling the kettle machine-learned, I don’t know what is.

 

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.