The political shake-up at the FBI.

The Senate confirms Kash Patel as FBI director. The SEC rebrands its Crypto Assets and Cyber Unit. Microsoft's quantum chip signals an urgent need for post-quantum security. Chat log leaks reveal the inner workings of BlackBasta. CISA advisories highlight Craft CMS and ICS devices. Researchers release proof-of-concepts for Ivanti Endpoint Manager vulnerabilities. Warby Parker gets a $1.5 million HIPAA fine. Our guest is Steve Schmidt, Amazon CSO, with a behind the scenes look at securing a major event. Researchers explore the massive, mysterious YouTube wormhole.

Today is Friday February 21st 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The Senate confirmed Kash Patel as FBI director. 

The Senate confirmed Kash Patel as FBI director in a narrow 51-49 vote, despite concerns over his qualifications and political loyalties. A Trump loyalist, Patel has been vocal about reforming the FBI, shifting its focus from intelligence gathering to traditional law enforcement. His confirmation follows Justice Department shake-ups and demands for agent names tied to Jan. 6 investigations, raising fears of political retribution.

Patel’s past remarks, labeling FBI investigators as “criminal gangsters” and suggesting Jan. 6 rioters are “political prisoners,” alarmed Democrats. Critics fear he will use the FBI to target Trump’s adversaries, undermining its independence. Republicans, however, back him as a reformer who will restore accountability.

From a cybersecurity perspective, Patel’s leadership could impact federal investigations into cyber threats, foreign influence campaigns, and domestic extremism. His shift away from intelligence-driven operations might weaken nationwide cybersecurity efforts, leaving agencies and critical infrastructure more vulnerable to cyber threats.

The SEC rebrands its Crypto Assets and Cyber Unit. 

The SEC has rebranded its Crypto Assets and Cyber Unit as the Cyber and Emerging Technologies Unit, expanding its focus beyond cryptocurrency fraud to include hacking, social media scams, and AI-related threats. Led by Laura D’Allaird, the unit will still investigate crypto-related fraud, but critics worry the change signals a weakened enforcement stance under the Trump administration, which is seen as more crypto-friendly.

The rebrand follows SEC enforcement actions against major crypto firms like FTX and Binance, and its previous focus on unregistered asset offerings and securities violations. Some former officials argue the shift diminishes crypto oversight, while others believe it allows for a broader focus on AI and quantum tech risks.

The change reflects ongoing political shifts in U.S. crypto regulation, raising questions about how aggressively the SEC will police blockchain-related fraud and market abuses moving forward.

Microsoft's quantum chip signals an urgent need for post-quantum security. 

Microsoft has unveiled Majorana 1, the first quantum chip, accelerating the timeline for quantum computers capable of breaking encryption from decades to years. The breakthrough, powered by a new Topological Core architecture, could lead to million-qubit systems, capable of solving problems beyond the reach of classical computers.

However, this also raises serious cybersecurity risks. Quantum machines will be able to crack encryption protocols like RSA and AES, exposing sensitive data. Cybercriminals are already harvesting encrypted data to decrypt later when quantum systems mature.

To counter this, NIST formalized post-quantum cryptography standards in 2024, urging organizations to adopt quantum-secure algorithms. Yet, challenges remain, including unclear ownership of transitions and poor cryptographic visibility. The financial sector is leading in developing quantum-resistant solutions, but broader adoption is essential before quantum computers become a widespread threat.

Chat log leaks reveal the inner workings of BlackBasta. 

Internal chat logs from the BlackBasta ransomware gang have been leaked online, revealing nearly 200,000 messages detailing internal conflicts, network access, and key threat actors. The logs, spanning September 2023 to September 2024, were first shared on MEGA by a user named ExploitWhispers before being moved to Telegram.

Cybersecurity firm Prodaft confirmed the leak is likely legitimate and sheds light on BlackBasta’s decline. The group, once a major ransomware player, struggled with internal disputes, particularly over financial priorities and leadership issues. A figure known as “Tramp”, responsible for Qbot distribution, caused significant friction, leading to members leaving.

Many former BlackBasta members have since joined the Cactus and Akira ransomware groups, continuing operations under new banners. The leak provides valuable intelligence, further proving that cybercriminal groups often collapse due to internal conflicts.

CISA advisories highlight Craft CMS and ICS devices. 

CISA has added CVE-2025-23209, a high-severity remote code execution (RCE) vulnerability in Craft CMS, to its Known Exploited Vulnerabilities (KEV) catalog. Though Craft CMS has a small market share, over 41,000 instances may be affected.

The flaw was patched in January 2025 (versions 5.5.8 and 4.13.8) and affects installations where the security key is already compromised. While no public reports confirm attacks, federal agencies must patch by March 13.

Another RCE vulnerability, CVE-2024-56145, was actively exploited in late 2024, though it has not yet been added to CISA’s KEV catalog. The growing exploitation of Craft CMS flaws highlights the importance of timely patching to prevent web server compromises.

CISA has issued seven advisories detailing critical vulnerabilities in Industrial Control Systems (ICS) from ABB, Siemens, Mitsubishi Electric, and others. These flaws pose severe risks to critical infrastructure and require urgent patching.

The vulnerabilities affect:

• ABB FLXEON Controllers (CVE-2024-48841, CVSS 10.0) – Allows remote code execution and sensitive data exposure.

• Siemens SiPass Integrated (CVE-2024-48510, CVSS 9.3) – A directory traversal flaw enabling arbitrary code execution.

• Elseta Vinci Protocol Analyzer (CVE-2025-1265, CVSS 9.4) – An OS command injection bug that grants privilege escalation.

• Mitsubishi Electric CNC (CVE-2024-7316, CVSS 8.2) – A DoS vulnerability affecting CNC systems.

CISA urges organizations to apply patches immediately to mitigate exploitation risks and safeguard critical infrastructure from cyber threats.

Researchers release proof-of-concepts for Ivanti Endpoint Manager vulnerabilities. 

Security engineers have released a proof-of-concept (PoC) exploit for four critical vulnerabilities in Ivanti Endpoint Manager, all rated 9.8/10 on the CVSS severity scale. The flaws (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159) were patched in January 2025, but unpatched systems remain at risk.

The vulnerabilities allow unauthenticated attackers to leak NTLMv2 hashes by tricking the software into authenticating with a remote server, enabling account impersonation and system compromise. Researcher Zach Hanley (Horizon3.ai) discovered the flaws and published the technical details and PoC exploit on February 21.

Ivanti states there is no evidence of active exploitation, but with the PoC now public, the risk has increased. The company urges immediate patching, including a V2 patch update that fixes issues caused by the original January patch.

Warby Parker gets a $1.5 million HIPAA fine. 

Eyeglass retailer Warby Parker has been hit with a $1.5 million HIPAA fine by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) over credential-stuffing attacks that compromised nearly 200,000 customer accounts.

The attacks, which occurred between September and November 2018, allowed hackers to access electronic protected health information (ePHI), including names, addresses, payment card details, and eyewear prescriptions. Subsequent breaches in 2020 and 2022 prompted further investigations.

OCR found three HIPAA Security Rule violations, citing Warby Parker’s failure to conduct risk assessments, implement security measures, and review system activity logs. Though notified in September 2024, the company waived its right to a hearing, likely to avoid further scrutiny of its security practices.

 

 

Today, I speak with Amazon CSO Steve Schmidt about integrating physical and logical security measures. And, <kicker preview> We’ll be right back

Welcome back. You can find the link to Steve’s blog about the security measures taken at re:Invent in our show notes.

Researchers explore the massive, mysterious YouTube wormhole. 

And finally, YouTube is turning 20, and while we know it’s a global juggernaut, there’s a lot Google won’t say—like exactly how many videos exist or how much time humanity spends glued to it.

So, researchers took matters into their own hands, running a randomized number generator to guess video URLs. The result? An estimated 14.8 billion videos live on YouTube, with users watching the equivalent of millions of years of content every month.

But here’s the twist: Most of it goes unnoticed. Nearly 4% of videos have never been watched, 74% have no comments, and the median view count is just 41. While YouTube sells itself as a stage for superstars, the reality is far messier.

As we enter YouTube’s third decade, one thing is clear: it’s everywhere, it’s massive, and we still don’t fully understand it.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.