Welcome to “This Month in Cybersecurity - February 2025” edition.
In February, we’ve seen major concerns around AI data privacy, sophisticated phishing techniques, and increasing government pressure on encryption technologies.
It’s a lot to keep up with, but that’s why we’re here! Let’s break down what’s been happening and why it matters.
1. Researchers say China’s DeepSeek chatbot is linked to state telecom, raising data privacy concerns
Security researchers have found that DeepSeek, a Chinese AI company with a widely used chatbot, has embedded code in its website that connects to China Mobile, a state-owned telecom banned in the U.S. The code, linked to DeepSeek’s login system, raises concerns that user data could be accessed by Chinese authorities, though no direct data transfers were observed in North America. Experts warn that DeepSeek could pose a larger security risk than TikTok, as users input sensitive business and personal information into AI systems. U.S. officials are increasingly concerned about Chinese-controlled digital services and their potential national security implications.
| Date: | Feb 5, 2025 |
|---|---|
| Source: | Independent |
| Author: | Byron Tau |
2. What is device code phishing, and why are Russian spies so successful at it?
Security researchers have discovered that Russian state-sponsored hackers are using device code phishing to hijack Microsoft 365 accounts of government agencies, research institutions, and political bodies like the EU Parliament. The technique exploits device code flow authentication, originally designed for smart TVs and printers, by tricking users into entering a legitimate authentication code on a hacker-controlled device. Attackers impersonate trusted officials on Microsoft Teams, Signal, and WhatsApp, sending phishing links to gain unauthorized access. Researchers warn this method has been more effective than years of previous phishing attempts, and Microsoft advises users to verify authentication prompts carefully to prevent compromise.
| Date: | Feb 14, 2025 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Dan Goodin |
3. Russia-aligned hackers are targeting Signal users with device-linking QR codes
Russia-aligned hackers, particularly APT44, are exploiting Signal’s “linked devices” feature by tricking users into scanning malicious QR codes disguised as group invites or security alerts. This allows attackers to hijack accounts, particularly targeting Ukrainian users amid the ongoing war. Google’s Threat Intelligence Group warns that such tactics are likely to spread beyond Ukraine. While Signal itself remains secure, attackers are using phishing and malware to compromise user data, a method also being deployed against WhatsApp and Telegram. Google advises users to stay vigilant, regularly check linked devices, and avoid unverified QR codes.
| Date: | Feb 19, 2025 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Kevin Purdy |
4. Apple pulls data protection tool after UK government security row
Apple is disabling its highest level of iCloud encryption, Advanced Data Protection (ADP), in the UK after the government demanded access to user data under the Investigatory Powers Act. Apple has long opposed backdoors in encryption, arguing they weaken security for everyone, but rather than comply, the company is removing the feature for UK users. The decision has sparked backlash from privacy advocates and even US politicians, who warn it could set a dangerous precedent for other governments. Meanwhile, child safety groups argue that encryption can hinder law enforcement efforts. Apple says it remains committed to user privacy and hopes to restore the feature in the UK in the future.
| Date: | Feb 22, 2025 |
|---|---|
| Source: | BBC |
| Author: | Zoe Kleinman |
5. Privacy tech firms warn France’s encryption and VPN laws threaten privacy
Privacy advocates Tuta Mail and the VPN Trust Initiative (VTI) warn that proposed French laws threaten encryption and online privacy. One amendment would require encrypted messaging services to implement backdoors, allowing law enforcement access within 72 hours, with heavy fines for non-compliance. Another proposal seeks to force VPN providers to block piracy sites, raising censorship and cybersecurity concerns. Privacy groups compare these measures to authoritarian internet controls in China, Russia, and Iran, urging the French government to reconsider.
| Date: | Feb 27, 2025 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Bill Toulas |
6. 12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
Security researchers have found that a dataset used to train large language models (LLMs) contains nearly 12,000 live API keys and passwords, posing a major security risk. The data, sourced from Common Crawl, includes credentials for AWS, Slack, and Mailchimp, which could be exploited for unauthorized access. Because LLMs cannot differentiate valid from invalid credentials, they may reinforce insecure coding practices. Meanwhile, AI jailbreaks and prompt injections remain a threat, with vulnerabilities found in ChatGPT, Google Gemini, and xAI Grok. Experts warn that even briefly public data can remain accessible via AI tools like Microsoft Copilot, raising concerns over long-term exposure.
| Date: | Feb 28, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
Conclusion
That’s the roundup of the month. February’s news shows the importance of staying vigilant and informed. The risks aren’t just theoretical—malicious actors are actively exploiting security gaps, whether through social engineering, AI vulnerabilities, or government mandates that weaken encryption.
What are your thoughts on this month’s cybersecurity stories? Have you come across any insights we should discuss? Join the conversation in the Passbolt community forum: https://hubs.li/Q02bCy160.
Let’s learn from each other and keep the discussion going!