
DOGE days numbered?
The DOGE team faces growing backlash. The Five Eyes release guidance on protecting edge devices. A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution. Google and Mozilla release security updates for Chrome and Firefox. Multiple Veeam backup products are vulnerable to man-in-the-middle attacks. Zyxel suggests you replace those outdated routers. A former Google engineer faces multiple charges for alleged corporate espionage. CISA issues nine new advisories for ICS vulnerabilities. A house Republican introduces a cybersecurity workforce scholarship bill. On our CertByte segment, a look at ISC2’s CISSP exam. Google updates its stance on AI weapons.
Today is Wednesday February 5th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
The DOGE team faces growing backlash.
Elon Musk and his advisory team, the Department of Government Efficiency (DOGE), are facing growing backlash over their efforts to dismantle federal agencies. Cybersecurity experts, government officials, and Democrats warn that their actions could compromise national security, expose federal employees’ data, and violate federal laws.
Key concerns center around DOGE’s reported access to critical federal systems, including the Treasury’s payment system, which processes Social Security payments and federal salaries. Additionally, at the Office of Personnel Management (OPM), which stores sensitive employee records, Musk allegedly installed an unvetted private server—raising fears of a repeat of the 2015 OPM hack by Chinese hackers.
The White House insists DOGE’s access is “read-only,” but reports suggest a former Musk employee was given administrative privileges. Sen. Elizabeth Warren has demanded answers from Treasury Secretary Scott Bessant, emphasizing that these systems handle over $6 trillion in annual transactions.
Security experts argue that Musk’s actions violate federal cybersecurity laws, including FISMA, and create risks for foreign adversaries to exploit. The lack of oversight and independent logging makes it impossible to verify what information has been accessed or altered.
House Democrats warn that the new email system at OPM could enable phishing attacks targeting federal workers. Legal experts stress that granting unauthorized access to federal systems is a felony, and federal employees resisting these changes are reportedly being fired or placed on leave.
Critics liken the situation to a precarious Jenga tower—where reckless interference could trigger a catastrophic failure of government operations.
The Five Eyes release guidance on protecting edge devices.
The UK’s National Cyber Security Centre (NCSC) and its Five Eyes partners have released new guidance to improve the security of edge devices. These include routers, network-attached storage (NAS), IoT devices, and perimeter security solutions—frequent targets of cyberattacks.
The document sets baseline security standards for manufacturers and provides best practices for customers selecting network hardware. It emphasizes logging and forensic capabilities, ensuring devices can detect and investigate threats effectively.
Edge devices face growing threats from both financially motivated hackers and state-sponsored actors. A 2024 report found vulnerabilities in these devices increased by 22%, with higher severity ratings. Recent zero-day exploits, such as those targeting Ivanti and FortiGate products, highlight the risks.
A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution.
A critical macOS kernel vulnerability (CVE-2025-24118) allows privilege escalation, memory corruption, and kernel code execution. Discovered by MIT CSAIL researcher Joseph Ravichandran, the flaw affects macOS Sonoma (<14.7.3), macOS Sequoia (<15.3), and iPadOS (<17.7.4).
The issue stems from a race condition in Apple’s XNU kernel involving Safe Memory Reclamation (SMR), read-only page mapping, and unsafe use of memcpy. Improper synchronization enables unauthorized credential modification.
Ravichandran released a Proof-of-Concept exploit demonstrating the flaw. Apple has not yet patched it, so users should avoid untrusted code. The researcher recommends using atomic writes to fix the issue.
Google and Mozilla release security updates for Chrome and Firefox.
Google and Mozilla have released security updates for Chrome and Firefox, addressing multiple high-severity memory safety vulnerabilities.
Chrome 133 includes 12 security fixes, with three reported by external researchers. Two critical use-after-free flaws (CVE-2025-0444, CVE-2025-0445) affect the Skia graphics library and V8 JavaScript engine, potentially enabling code execution or sandbox escapes. Google awarded $7,000 for one bug and $2,000 for another.
Firefox 135 patches multiple vulnerabilities, including two high-severity use-after-free bugs (CVE-2025-1009, CVE-2025-1010) affecting the Custom Highlight API and XSLT. Additional fixes address code execution risks in Firefox ESR and Thunderbird.
No active exploitation has been reported, but users should update their browsers immediately.
Multiple Veeam backup products are vulnerable to man-in-the-middle attacks.
A critical vulnerability (CVE-2025-23114) in multiple Veeam backup products allows attackers to execute remote code via Man-in-the-Middle (MitM) attacks. With a CVSS score of 9.0, this flaw in the Veeam Updater component can lead to full system compromise, including data theft and ransomware attacks.
Affected products include Veeam Backup for Salesforce, AWS, Azure, Google Cloud, and others. Veeam has released urgent patches, and users must update immediately to mitigate risks. Attackers can intercept and manipulate update requests, injecting malicious code.
Zyxel suggests you replace those outdated routers.
Zyxel has announced it will not release patches for two actively exploited vulnerabilities (CVE-2024-40890 and CVE-2024-40891) affecting its end-of-life (EOL) routers, despite warnings from security researchers. Threat intelligence firm GreyNoise reported that attackers are using these flaws to execute arbitrary commands, leading to full system compromise.
The vulnerabilities were discovered by VulnCheck in mid-2023 but remained unpatched. Zyxel claims it was unaware until January 29, after GreyNoise reported active exploitation. The company advises customers to replace affected routers instead of expecting fixes.
Security researchers argue that many impacted devices remain in use and even available for purchase online. Censys reports nearly 1,500 vulnerable routers exposed to the internet, and GreyNoise warns botnets like Mirai are exploiting the flaws in large-scale attacks.
A former Google engineer faces multiple charges for alleged corporate espionage.
Former Google engineer Linwei “Leon” Ding faces multiple charges for allegedly stealing AI trade secrets for a Chinese company. Prosecutors say Ding copied over 1,000 confidential files related to Google’s AI supercomputing infrastructure between 2022 and 2023. He allegedly transferred this data using Apple Notes to bypass security measures.
Ding was later offered a CTO position at Beijing Rongshu Lianzhi Technology while still employed at Google. After leaving Rongshu, he founded a Chinese AI startup, Shanghai Zhisuan Technology, which sought government funding to develop AI infrastructure.
Google detected the theft in December 2023, revoked Ding’s access, and notified authorities. He was arrested in March 2024. If convicted, he faces up to 15 years per economic espionage charge and 10 years per trade secret theft count, plus millions in fines.
CISA issues nine new advisories for ICS vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued nine new advisories highlighting critical vulnerabilities in Industrial Control Systems (ICS). These flaws impact major vendors like Rockwell Automation, Schneider Electric, and AutomationDirect, posing risks to energy, manufacturing, and transportation sectors.
Key vulnerabilities include remote code execution, denial-of-service attacks, and unauthorized access, with CVSS scores reaching 9.3. Affected devices range from routers and PLCs to industrial software. Some vendors have issued patches, while others recommend network segmentation or device replacement.
GreyNoise reports botnets actively exploiting certain vulnerabilities, emphasizing the urgency of mitigation. CISA urges organizations to apply updates immediately to protect critical infrastructure from cyber threats.
Additionally, former DHS and Energy Department cyber executive Karen Evans has joined CISA as a senior advisor for cybersecurity. While her role is currently advisory, sources suggest she may be named executive assistant director for cybersecurity or move into a top DHS position.
Evans previously served as DHS CIO and led cybersecurity efforts at the Energy Department. Since leaving government in 2020, she worked in the private sector and co-led a national study on CISA’s cybersecurity workforce role.
Her return comes as agencies combat Chinese-backed cyber threats like Volt Typhoon. Meanwhile, CISA’s future under the Trump administration remains uncertain, with Homeland Security Secretary Kristi Noem advocating for a “smaller, more nimble” agency and criticizing its involvement in countering misinformation during elections. Key cybersecurity leadership roles in the administration remain unfilled.
A house Republican introduces a cybersecurity workforce scholarship bill.
House Homeland Security Committee Chairman Mark Green (R-TN) is reintroducing the PIVOTT Act, a bill aimed at addressing the U.S. cyber workforce shortage by creating an ROTC-like scholarship for two-year cybersecurity degrees. The legislation, which previously had unanimous committee support, stalled last session but remains a priority due to growing cyber threats, particularly from Chinese-backed hacking groups like Volt Typhoon.
Under the bill, students at community colleges and technical schools would receive scholarships in exchange for two years of government cyber service at any level. The program, managed by CISA, also seeks to expedite security clearances and place 10,000 new cyber professionals in the workforce.
Despite internal Republican debates over CISA’s role, Green argues the agency is critical to national cybersecurity and workforce development efforts.
We’ve got our CertByte segment up next. N2K’s Chris Hare is joined by Steven Burnley to break down a question from N2K’s ISC2® CISSP Practice Test, that’s Certified Information Systems Security Professional. And, Google revises their “do no harm” mindset. We’ll be right back.
Welcome back. Be sure to visit our show notes for links to the practice test and other helpful resources that Chris and Steven talked about. We’ll be right back.
Google updates its stance on AI weapons.
And finally, our terms and conditions desk points out that Google just quietly updated its AI ethics playbook, deleting its previous pledge not to use AI for weapons or surveillance—because, you know, times change, and so do corporate priorities. The company says the update reflects a “new geopolitical reality” where democratic nations (read: the U.S. government) should lead in AI development.
Gone are the days when Google employees protested Pentagon contracts. Now, Google joins OpenAI, Microsoft, and Amazon in cozying up to defense agencies. The move follows rising U.S.-China tensions over AI dominance, with Google aligning itself with national security interests.
Critics see this as yet another example of tech giants quietly ditching their past moral stances. But Google insists it’s still all about “human rights”—just with more government contracts on the side. As for past promises? Well, those seem to have been lost, somewhere between government funding and geopolitical tension.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.