Apple’s race to secure your iPhone.

Apple releases emergency security updates to patch a zero-day vulnerability. CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. The man accused of hacking the SEC’s XTwitter account pleads guilty. Law enforcement seizes the leak site of the 8Base ransomware gang. Researchers track a massive increase in brute-force attacks targeting edge devices. Experts question the U.K. government’s demand for an encryption backdoor in Apple devices. Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." And it’s international day for women and girls in science. 

Today is Tuesday February 11th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Apple releases emergency security updates to patch a zero-day vulnerability. 

Apple has released emergency security updates to patch a zero-day vulnerability (CVE-2025-24200) that was exploited in highly sophisticated, targeted attacks. The flaw, reported by Citizen Lab’s Bill Marczak, affects USB Restricted Mode—a security feature designed to block unauthorized data extraction from locked iPhones and iPads. Attackers could bypass this protection through a physical exploit, potentially using forensic tools like GrayKey or Cellebrite.

Apple addressed the issue with improved state management. The vulnerability affects various iPhone and iPad models, including iPhone XS and later. Though the attack was limited to specific targets, users are urged to update immediately. 

CISA places election security workers on leave. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed 17 staffers on administrative leave, raising concerns about election security support. These employees, including 10 regional election security specialists, provided cybersecurity and physical security training to state and local election officials. 

Both Republican and Democratic election officials have defended CISA’s work, highlighting its crucial role in securing elections. The move comes amid political pressure, with Trump administration figures criticizing CISA’s past efforts to counter misinformation. The agency remains without a permanent director, and its leadership was absent from recent election security meetings. Despite the suspensions, CISA has assured states that cybersecurity and physical security services will continue to be available.

Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. 

Elon Musk and a group of investors have made a $97.4 billion unsolicited bid to acquire OpenAI, escalating his ongoing feud with CEO Sam Altman. Altman dismissed the offer on X, jokingly offering to buy Twitter for $9.74 billion, to which Musk responded, “Swindler.”

Musk’s consortium, which includes Baron Capital and Valor Management, seeks to restore OpenAI’s original open-source mission. Musk argues that OpenAI has strayed from its founding principles, while his own x.AI follows the values he was promised.

The bid complicates Altman’s efforts to take OpenAI private, as the for-profit arm must fairly value the nonprofit’s assets. Musk also urged California’s attorney general to open competitive bidding.

Musk co-founded OpenAI in 2015 but left in 2018. His ongoing legal battles against OpenAI focus on its shift toward profit-driven AI.

In other OpenAI news, a hacker named ‘emirking’ claimed on BreachForums to be selling 20 million OpenAI credentials, but experts believe the data originates from infostealer malware, not an OpenAI breach.

OpenAI investigated and found no evidence of a compromise. Threat intelligence firm Kela analyzed the data and confirmed it matches infostealer logs, likely collected from malware like Redline, RisePro, and Vidar. The hacker’s post was later deleted, reinforcing suspicions that the claim was exaggerated. BreachForums is known for hosting misleading data breach claims.

The man accused of hacking the SEC’s XTwitter account pleads guilty. 

Eric Council Jr., 25, pleaded guilty to conspiracy to commit identity theft and fraud after hacking the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. His actions caused wild swings in Bitcoin’s price by falsely announcing SEC approval of crypto-based ETFs. He faces a maximum sentence of five years, with sentencing set for May 16.

Council used SIM-swapping techniques to take over the SEC account, posing as an FBI employee to obtain a victim’s phone number. He then used it to reset security codes and hijack the @SECGov account.

Prosecutors say he was paid in Bitcoin for the hack, which aimed to manipulate the crypto market. 

Law enforcement seizes the leak site of the 8Base ransomware gang. 

Law enforcement agencies seized the leak site of the 8Base ransomware gang, replacing it with a takedown notice. The action coincided with the arrest of four suspects Thailand, accused of stealing $16 million from over 1,000 victims worldwide.

Authorities from Switzerland and the U.S. had issued warrants for the suspects, two men and two women, who now face wire fraud and conspiracy charges. Europol, the FBI, and other agencies supported the operation, named “PHOBOS AETOR.”

8Base emerged in 2023, targeting manufacturing firms and entities like the United Nations Development Programme. It has ties to RansomHouse and Phobos ransomware. The takedown follows similar law enforcement crackdowns on ransomware groups like LockBit and BlackCat, contributing to a 35% drop in ransom payments in 2024.

 Researchers track a massive increase in brute-force attacks targeting edge devices. 

Security researchers have observed a massive increase in brute-force attacks targeting edge devices, often launched from malware-infected routers and firewalls. The Shadowserver Foundation reports that 2.8 million unique IP addresses daily have been used in these attacks, with the highest concentrations coming from Brazil, Turkey, Russia, and Argentina.

The attacks primarily target devices from Palo Alto Networks, Ivanti, and SonicWall, with over 100,000 MikroTik devices implicated. The cause of these infections remains unclear, though some speculate malware may be bundled with popular software in Brazil.

Hackers, including state-sponsored groups like China’s “Salt Typhoon”, often exploit unpatched vulnerabilities in edge devices. The surge highlights ongoing cybersecurity risks for firewalls, VPN gateways, and email security appliances, which remain prime targets for cyberattacks.

Experts question the U.K. government’s demand for an encryption backdoor in Apple devices. 

A Wall Street Journal editorial from Johns Hopkins Cryptographer Matthew Green and Sentinel One CISO Alex Stamos warns that the U.K. government’s demand for an encryption backdoor in Apple devices poses a grave risk to global security. The order would allow British authorities to access any iPhone user’s private data worldwide, setting a dangerous precedent that could weaken security for billions.

The editorial argues that Congress must act immediately to prohibit U.S. tech companies from complying with such demands, creating a legal conflict that Apple could fight in U.K. courts. The authors highlight the growing cyber threats from Russia and China, pointing to recent hacks targeting U.S. telecoms, the Treasury, and political figures. Even the FBI now supports encryption to protect Americans from cyber threats.

If Britain succeeds, China and other nations will follow, undermining security for all. The editorial urges lawmakers to ensure strong encryption remains unbreakable by any foreign government, safeguarding American privacy and national security.

After the break, our guest John Fokker, Head of Threat Intelligence at Trellix, joins me to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." And, plague-themed phishing tests taking it too far.

We’ll be right back.

Welcome back. You can find a link to the blog John discussed in our show notes. 

It’s a day worth celebrating, and here’s N2K’s Maria Varmazis with more. 

Today, February 11th, is the International Day of Women and Girls in science. 

This one's personal. I grew up in a house where science and engineering were revered and encouraged at every turn. My peer group in high school were other science-minded girls like me. There's a photo in my high school yearbook of our computer club that always makes me chuckle - there I am off to the side, the only girl. It's a dynamic you get used to. Even at engineering school in college, not unlike high school, it wasn't unusual to be the only young woman in a lab, or maybe one of a handful in a large seminar. It was easy for us to remember each other - us engineering school women would often become friends, toiling away at problem sets in study rooms for hours every day, sharing notes, helping each other prep for exams, rotating who would go to office hours. And it's funny, outside of engineering many of us probably wouldn't have been friends - we really didn't have much at all in common interests-wise, but we knew what we were up against, so we banded together for survival.

I'll skip to the chase. We were the class of 2005 - so it's been twenty years. Many of the women I knew from those days went into their chosen fields after graduating, but now these decades on, of the dozens of women I knew starting their careers in science and engineering, maybe four are still working in them. Career changes happen for all sorts of reasons, like in my case, where quite simply it's just not the right field for you. It happens. But sometimes it's the result of a slow fade, when over the years you have to keep fighting an invisible war, and sometimes you simply get tired of it.

Whatever you want to call it, a retention problem, a cultural problem, it goes way beyond any federal mandate or national border. And there are conversations happening, said and unsaid, especially right now, about whose stories are celebrated, whose competence and credibility is celebrated, who rises in the ranks with likeminded peers, whose accomplishments are worth a damn, who is a 'merited' hire. In other words, in science and engineering, who belongs? 

Women do. This is only the 10th anniversary of International Girls and Women in Science day. So, all you trailblazers toiling long hours over problem sets, labs, trials, reams and reams of data, connecting with that spark of joy that ignited that love of science: Ladies, I see you. Our world needs your perspective and your expertise more than ever. Keep fighting, out of spite for the haters if nothing else. And please remember even if you are the only one in the room, you belong there.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.