Date: 1.29.25

---

🚨 Top Headlines

OpenAI says DeepSeek used its models illegally, and it has evidence to prove it, new report claims

Summary: According to a new article by the Financial Times, OpenAI claims to have evidence that DeepSeek, the Chinese startup that has thrown the US tech market into financial turmoil, used the company’s proprietary models to train its own open-source LLM, called R1. This would represent a potential breach of intellectual property, as it goes against the OpenAI terms of service agreement.

Source: TechRadar

Smiths Group Scrambling to Restore Systems Following Cyberattack

Summary: The company said it was managing the attack, which it described as a cybersecurity incident that resulted in unauthorized access to some of its systems.

“We are currently managing a cyber incident involving unauthorized access to our systems. As soon as we became aware of this activity, we rapidly isolated the affected systems and activated business continuity plans,” a Smiths spokesperson told SecurityWeek.

Source: Security Week

DeepSeek: The Silent AI Takeover That Could Cripple Markets and Fuel China’s Cyberwarfare

Summary: Artificial Intelligence is no longer just an innovation: it’s a weapon. As AI systems like ChatGPT, Gemini, and Apple AI revolutionize industries, a new threat looms on the horizon: DeepSeek. Developed and deployed by China, this cutting-edge AI is not just lowering costs; it’s opening the floodgates to an era of AI-powered cyberwarfare and economic manipulation. Bloomberg recently reported that as of January 25th, the DeepSeek mobile app has been downloaded over 1.6 million times, making it number one in the iPhone app store in several of its largest global markets.

Source: Security Boulevard

---

🔍 Emerging Threats and Indicators

Malware Campaigns

Fake DeepSeek Campaign Attacking macOS Users to Deliver Poseidon Malware

Summary: A new cyberattack campaign, dubbed the “Fake DeepSeek Campaign,” has been discovered targeting macOS users. DeepSeek, a Chinese-developed AI chatbot, has rapidly gained popularity globally. Threat Actors started exploiting its popularity to deliver malware & infect users’ computers.

Source: Cybersecurity News

FleshStealer, A New Infostealer Attacking Chrome & Mozilla Users

Summary: A new strain of information-stealing malware, dubbed FleshStealer, has emerged as a significant threat to internet users worldwide. This advanced infostealer targets Chromium and Mozilla-based web browsers, exploiting their vulnerabilities to steal sensitive data, including credentials, cryptocurrency wallet information, and two-factor authentication (2FA) codes.

Source: Cybersecurity News

How Interlock Ransomware Infects Healthcare Organizations

Summary: Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.

Source: The Hacker News

Phishing Campaigns

New phishing campaign targets users in Poland and Germany

Summary: An ongoing phishing campaign, presumably by an advanced persistent threat (APT) actor, is seen dropping a new backdoor on victim systems enabling stealthy C2 operations. The backdoor, which Cisco’s Talos Intelligence Unit is tracking as TorNet, was found connecting victim machines to the decentralized and anonymizing TOR network for C2 communications.

Source: CSO

---

🌐 Global Threat Landscape

Notable APT Activities:

How Lazarus Group built a cyber espionage empire

Summary: Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework.

Source: Helpnet Security

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

Summary: The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.

Source: The Hacker News

Critical Vulnerabilities Released (CVE’s): 

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

Summary: A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.

“Due to a flaw in the multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response,” the project maintainers said in an advisory released this week.

Source: The Hacker News

---

⚠️ Critical Alerts from Official Channels

CISA: 

CISA warns of critical, high-risk flaws in ICS products from four vendors

Summary: The US Cybersecurity and Infrastructure Security Alliance has issued advisories for 11 critical and high-risk vulnerabilities in industrial control systems (ICS) products from several manufacturers. The issues include OS command injection, unsafe deserialization of data, use of broken cryptographic algorithms, authentication bypass, improper access controls, use of default credentials, sensitive information leaks, and more. The flaws affect products from B&R Industrial Automation, Schneider Electric, Rockwell Automation, and BD (Becton, Dickinson and Co.).

Source: CSO

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.