Welcome to “This Month in Cybersecurity - January 2025” edition. 
Let’s kick off the first cybersecurity newsletter of the year. January brought some headlines, from government missteps to new attack techniques. Here’s a quick recap of what happened!
1. E.U. Commission fined for transferring user data to Meta in violation of privacy laws
The European General Court fined the European Commission for violating EU data privacy laws by transferring a German citizen’s IP address and browser metadata to Meta’s U.S. servers via the “Sign in with Facebook” option on an EU website in March 2022. At the time, no legal framework allowed such transfers, and the Commission failed to provide appropriate safeguards. The court ruled this a serious breach, ordering the Commission to pay €400 in damages. This marks the first time the Commission has been held liable for breaking its own data protection rules.
| Date: | Jan 9, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
2. US Cloud soon illegal? Trump punches first hole in EU-US data deal
The EU-US data deal (TADPF) is at risk after the US President removed key members of the PCLOB, the oversight body ensuring US compliance with EU privacy standards. Without it, EU data transfers to US cloud providers (Google, Microsoft, Amazon) could become illegal. The deal, based on unstable executive orders rather than solid legal protections, could be scrapped within 45 days under Trump, throwing EU businesses into legal uncertainty. Max Schrems warns companies to prepare EU-based alternatives as the deal’s future looks increasingly unstable.
| Date: | Jan 23, 2025 |
|---|---|
| Source: | NOYB |
| Author: | NOYB |
3. Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials
A security researcher discovered multiple vulnerabilities in Git’s credential retrieval protocol, potentially allowing attackers to steal user credentials. The flaws, caused by improper message handling, affected GitHub Desktop, Git LFS, and GitHub CLI, enabling credential leaks through carriage return smuggling and logic flaws. Key issues include GitHub Desktop’s credential parsing bug (CVE-2025-23040), a Git LFS newline injection (CVE-2024-53263), and GitHub CLI leaking tokens to malicious hosts (CVE-2024-53858). Git has since patched these flaws, introducing new security measures to block malicious URLs and credential leaks.
| Date: | Jan 27, 2025 |
|---|---|
| Source: | Security Affairs |
| Author: | Pierluigi Paganini |
4. Google takes action after coder reports ‘most sophisticated attack I’ve ever seen’
Google is tightening security after scammers used g.co, a legitimate Google domain, to send convincing phishing emails. The attackers posed as Google Workspace support, calling from a real Google number and nearly tricked a victim into approving a fraudulent login. Google has suspended the scam account and is working to block abuse of g.co. Similar scams targeting Google and Apple users highlight the need for stronger phishing protections and passkeys as a safer alternative. Read more in Github Gist.
| Date: | Jan 27, 2025 |
|---|---|
| Source: | The Register |
| Author: | Connor Jones |
5. New Apple CPU side-channel attacks steal data from browsers
Researchers discovered two new side-channel attacks, FLOP and SLAP, that exploit speculative execution flaws in modern Apple CPUs to steal browser data remotely. These attacks affect M2, M3, A15, and A17 processors, manipulating Load Address Prediction (LAP) and Load Value Prediction (LVP) to leak private information. FLOP enables sandbox escapes and data theft from Safari, Proton Mail, Google Maps, and iCloud Calendar, while SLAP can extract Gmail inbox data, Amazon orders, and Reddit activity. The attacks require only a malicious webpage, making them highly stealthy. Apple has acknowledged the flaws. Disabling JavaScript in Safari and Chrome may help mitigate the risk.
| Date: | Jan 28, 2025 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Bill Toulas |
6. DeepSeek AI database exposed: over 1 Million log lines, secret keys leaked
Chinese AI startup DeepSeek left a database exposed online, potentially allowing unauthorized access to chat logs, API secrets, and backend details. The vulnerability, discovered by Wiz researchers, granted full database control without authentication. DeepSeek fixed the issue after being contacted. The startup, known for its open-source AI models, has faced privacy concerns and national security scrutiny, with Italy blocking its app and regulators questioning its data practices. Meanwhile, OpenAI and Microsoft are investigating whether DeepSeek illegally used OpenAI’s API outputs for training, a practice known as distillation.
| Date: | Jan 30, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
Conclusion
Well, that concludes "This Month in Cybersecurity - January 2025” news roundup.
This month highlighted some critical cybersecurity trends—government missteps, vulnerabilities in major tech platforms, and the ever-present risk of phishing attacks. The takeaway? No system is invincible. Regular updates, strong authentication, and data privacy awareness remain the best defense.
We’d love to hear your thoughts. Don’t hesitate to share any interesting articles or insights in the Passbolt community forum: https://hubs.li/Q02bCy160.