The CyberWire Daily Podcast 2.3.25
Ep 2237 | 2.3.25

Federal agencies in power struggle crossfire.

Transcript

Federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.Texas expands its ban on Chinese-backed AI and social media apps. Data breaches expose the personal and medical information of over a million people.NVIDIA patches multiple critical vulnerabilities. Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from CyberScoop has the latest from Senate confirmation hearings. The National Cryptologic Museum rights a wrong.

Today is Monday February 3rd 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Federal agencies become battlegrounds in an unprecedented power struggle.

This past weekend, chaos erupted within key federal agencies as Elon Musk’s task force moved swiftly to seize control of critical government operations. 

The U.S. Agency for International Development (USAID) is facing deep uncertainty as President Trump continues his push to slash foreign aid and restructure federal agencies. The agency’s independence is at risk, and sweeping layoffs are expected. Two top security officials, John Voorhees and Brian McGill, were placed on administrative leave after denying access to representatives from Elon Musk’s team, who sought entry into classified systems. USAID’s chief of staff, Matt Hopson, has also resigned.

Musk, appointed to lead a controversial government restructuring initiative, has publicly criticized USAID, calling it a “criminal organization” and pushing for its shutdown. His influence extends to the Office of Personnel Management (OPM), where his appointees have locked out career civil servants from critical personnel databases containing sensitive government employee data. Federal workers have raised cybersecurity concerns, noting that Musk’s team now controls systems without oversight.

The situation has sparked protests outside OPM, where government employees accuse Musk’s team of orchestrating a “hostile takeover.” Meanwhile, an unsecured email system at OPM led to a massive spam attack targeting federal employees, highlighting the vulnerabilities of the rushed transition.

Amid the turmoil, Musk’s self-named Department of Government Efficiency (DOGE) is overseeing a dramatic downsizing of the federal workforce, offering employees buyouts to resign. Agencies like CISA have been excluded from these offers, raising further concerns about the restructuring’s national security implications.

The events reflect a broader shift in Trump’s second-term governance, with Musk playing a central role in reshaping federal institutions.

 

XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. 

XE Group, a cybercriminal organization active for over a decade, has evolved from credit-card skimming to exploiting zero-day vulnerabilities, posing significant threats to global supply chains. Originally known for targeting e-commerce platforms, the group has shifted to infiltrating manufacturing and distribution sectors.

By 2024, XE Group exploited two zero-day vulnerabilities in VeraCore, a supply chain management software, using an upload validation flaw and an SQL injection vulnerability to exfiltrate data and maintain persistent access. The group demonstrated patience, reactivating a webshell planted in 2020.

Using customized webshells and PowerShell-based payloads, XE Group has automated its attacks, focusing on long-term infiltration. Researchers believe the group operates from Vietnam but is likely not state-sponsored due to minimal operational security measures.

 

WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.

WhatsApp has uncovered a zero-click spyware attack linked to Israeli firm Paragon, targeting nearly 100 journalists, activists, and civil society members worldwide. The spyware required no user interaction, making it especially dangerous.

WhatsApp disrupted the attack, alerted affected users, and collaborated with Citizen Lab, which helped analyze the breach. Victims, including Italian journalist Francesco Cancellato, are investigating the extent of data exposure. The spyware could access messages, activate microphones, and steal passwords, raising major privacy concerns.

Paragon, which markets itself as an “ethical” alternative to NSO Group, had been seeking entry into the U.S. market. However, recent scrutiny and national security concerns have paused key contracts. This incident underscores the urgent need for stronger regulations on commercial spyware and government surveillance tools.

 

Texas expands its ban on Chinese-backed AI and social media apps. 

Texas Governor Greg Abbott has expanded the state’s ban on Chinese-backed AI and social media apps, prohibiting six additional platforms—including DeepSeek, Lemon8, and RedNote—on government-issued devices. The order aims to prevent data-harvesting and potential espionage by the Chinese Communist Party.

This follows Abbott’s 2022 ban on TikTok and a 2023 law granting him authority to block apps posing security risks. The move comes amid heightened concerns over Chinese technology influence, especially as platforms like RedNote gain popularity among U.S. users.

 

Data breaches expose the personal and medical information of over a million people.

Three separate data breaches have exposed the personal and medical information of over a million people.

Asheville Eye Associates (AEA) in North Carolina confirmed a cyberattack affecting 193,306 patients. Stolen data includes medical treatment details and insurance information, but not Social Security or financial data. The DragonForce ransomware group claimed responsibility in December 2024.

Delta County Memorial Hospital reported a May 2024 breach affecting 148,363 individuals. Hackers accessed Social Security numbers, medical data, and financial records. Victims will receive free identity theft protection.

Globe Life Insurance is notifying 850,000 individuals of a data theft incident linked to an extortion attempt. The compromised data includes insurance policy details and personal identifiers, though the company states no business operations were disrupted. Globe Life is working with regulators and offering credit monitoring services to affected customers.

 

NVIDIA patches multiple critical vulnerabilities. 

NVIDIA has released critical security updates to patch multiple vulnerabilities in its GPU Display Driver and Virtual GPU (vGPU) software. These flaws, affecting both Windows and Linux platforms, could lead to information disclosure, denial of service, data tampering, or code execution.

Key issues include a buffer overflow (CVE-2024-0150, High severity, CVSS 7.1) and a memory corruption flaw in vGPU (CVE-2024-0146, CVSS 7.8). Affected products include GeForce, NVIDIA RTX, Quadro, NVS, and Tesla GPUs.

NVIDIA urges users to update immediately via the Driver Downloads page to mitigate security risks. 

 

Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. 

Arm has disclosed critical security vulnerabilities affecting its Mali GPU Kernel Drivers and firmware, impacting Bifrost, Valhall, and 5th Gen GPU architectures. One flaw, CVE-2024-4610, has been actively exploited, allowing local attackers to access freed memory, potentially leading to further system compromise.

Nine additional vulnerabilities could cause system crashes, privilege escalation, or data leaks. Affected users—especially those on smartphones and tablets—are urged to immediately update drivers and firmware to mitigate risks.

 

The UK government aims to set the global standard for securing AI. 

The UK government has introduced a new AI Code of Practice, aiming to set a global standard for securing AI through the European Telecommunications Standards Institute (ETSI). Developed with the National Cyber Security Centre (NCSC) and industry stakeholders, the voluntary code outlines 13 principles covering secure AI design, deployment, and maintenance.

The code applies to AI vendors and organizations using AI, but excludes vendors selling AI models without deploying them. These will be governed by separate cybersecurity regulations. Key principles include threat modeling, secure infrastructure, software supply chain security, and regular updates.

NCSC CTO Ollie Whitehouse emphasized its role in fortifying UK AI security while promoting innovation. The UK aims to lead globally in AI safety, following recent efforts to criminalize deepfake creation. The government hopes this framework will enhance AI resilience and protect digital ecosystems from security threats.

 

After the break, we have Senior Reporter from CyberScoop Tim Starks discussing two of his recent articles: one on FBI nominee Kash Patel and one about USAID falling victim to cryptojacking. And, righting a wrong. We’ll be right back.

Welcome back

 

The National Cryptologic Museum rights a wrong. 

And finally, in a recent Bluesky post, Larry Pfeiffer, former CIA Chief of Staff and current Director of the Hayden Center, highlighted a concerning action taken in response to President Trump’s anti-diversity directive. He noted that at the National Cryptologic Museum at NSA, images of notable figures such as Elisabeth Friedman and Ann Caracristi from the Women in American Cryptology Hall of Honor, as well as Wash Wong and Ralph Adams from the People of Color in Cryptologic History honorees, were covered over with brown paper. This act has sparked discussions about the implications of the administration’s stance on diversity and its impact on recognizing the contributions of marginalized groups in national security history.

The museum responded to an inquiry from Mr Pfeiffer, stating, “We are dedicated to presenting the public with historically accurate exhibits and we have corrected a mistake that covered an exhibit. We look forward to visitors exploring the museum and its rich history.”

The decision to obscure the images of trailblazing cryptologists at the museum—whether intentional or out of misplaced caution—reflects the deep fear and uncertainty gripping government employees under the Trump administration’s crackdown on diversity initiatives. This act, seemingly preemptive, underscores how agencies are scrambling to avoid political backlash, even at the cost of erasing historical contributions. It’s a troubling sign of how policies rooted in ideology, rather than merit, can lead to self-censorship and a chilling effect on truthful storytelling in public institutions.

 

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

Don’t forget to check out the “Grumpy Old Geeks'' podcast where I contribute to a regular segment on Jason and Brians’s show, every week. You can find “Grumpy Old Geeks'' where all the fine podcasts are listed.  </Mondays>

 

And that’s the CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.