Top 5 Cybersecurity News Stories February 14, 2025

By Editorial Team | February 14, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

Threat actors are exploiting Google Tag Manager (GTM) to inject credit card skimmer malware into Magento-based e-commerce sites. Security firm Sucuri discovered the malicious script, disguised as a GTM analytics tag, stealing payment data during checkout.

The malware is loaded from the Magento database and transmits stolen details to a remote server. This follows previous GTM abuse and recent cybercrime charges.

2. DeepSeek App Transmits Sensitive User and Device Data Without Encryption

A security audit of DeepSeek’s iOS app has uncovered major vulnerabilities, including transmitting sensitive data without encryption, exposing users to cyber threats. The app disables Apple’s App Transport Security and uses weak encryption methods, raising concerns over data safety.

Additionally, DeepSeek’s ties to China have prompted security warnings and government bans in multiple countries. Cybercriminals are also exploiting its popularity for scams and malware attacks.

3. Hacker leaks account data of 12 million Zacks Investment users

Zacks Investment Research has reportedly suffered another data breach, exposing sensitive details of 12 million accounts. A threat actor claims to have stolen user data, including names, emails, and hashed passwords, and leaked it on a hacker forum.

The breach follows past incidents in 2023 and 2020. While Zacks has not confirmed the attack, Have I Been Pwned has verified the data.

4. Chinese espionage tools deployed in RA World ransomware attack

China-based hacking group Emperor Dragonfly has been linked to a ransomware attack using tools previously associated with espionage. The group deployed RA World ransomware against an Asian software company, demanding $2 million.

Researchers suggest potential overlap between state-backed espionage and financially motivated cybercrime. The attack exploited a Palo Alto vulnerability and used espionage techniques before encrypting data.

5. Cisco Hacked – Ransomware Group Allegedly Breach Internal Network & Gained AD Access

Cisco has reportedly suffered a major data breach, with credentials from its internal network leaked online by the Kraken ransomware group. The stolen data includes usernames, NTLM password hashes, and domain credentials, potentially enabling privilege escalation and ransomware attacks.

The breach raises concerns about deep network access and unauthorized persistence. While Cisco has not confirmed the incident, experts recommend immediate security measures to mitigate risks.