Top 5 Cybersecurity Headlines to Know this Month

BARR Advisory Cybersecurity Consulting Director Mitch Evans has curated five security and compliance headlines from the past month that you need to know. Take a look at his top features for January—plus, scroll to see his CISO Pick of the Month for an in-depth report on the state of data privacy as we tee up for Data Privacy Week later this month.

AI Brings Big Challenges for CISOs in 2025

In 2025, CISOs face heightened challenges as artificial intelligence (AI) becomes increasingly embedded in enterprise systems, introducing vulnerabilities like those in large language models (LLMs) that malicious actors may exploit. The rise of AI-powered attacks demands that organizations adopt AI-driven defenses while ensuring compliance with evolving cybersecurity regulations, particularly in regions like the EU and California. Despite the risks, AI also offers opportunities to enhance security by automating vulnerability detection and improving collaboration between developers and security teams. To navigate this landscape, CISOs must address proprietary LLM vulnerabilities, counter AI-augmented attacks, and ensure adherence to regulatory and ethical standards in AI deployments.

➡️ Read more

Taiwan Faces Surge in Cyberattacks from China

Last year, Taiwan experienced a significant increase in cyberattacks, with daily attempts doubling to 2.4 million, predominantly from Chinese sources. These attacks targeted government agencies, telecommunications firms, and critical infrastructure, employing tactics such as phishing emails and zero-day exploits. The surge reflects escalating geopolitical tensions and China’s intensified cyber operations aimed at reconnaissance, data theft, and system infiltration. Taiwan’s National Security Bureau emphasizes the need for enhanced cybersecurity measures to counter these persistent threats.

➡️ Read more

N. Korean Hackers Use Russian Emails for Phishing

The North Korean threat actor Kimsuky initiated phishing attacks using Russian email services like Mail.ru to steal credentials in late 2024. Previously, they used Japanese and Korean email services, but from mid-September, they began sending phishing emails from Russian domains such as mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. These emails impersonated financial institutions and services like Naver’s MYBOX cloud storage, creating a false sense of urgency to deceive recipients into clicking malicious links. Notably, Kimsuky utilized compromised legitimate email servers, including one from Evangelia University, to dispatch these phishing emails, thereby evading traditional security measures. The primary objective of these campaigns was credential theft, enabling account hijacking and subsequent attacks on associated individuals or organizations.

➡️ Read more

U.S. Treasury Admits It Was Hacked By China

The U.S. Treasury Department experienced a significant cybersecurity breach attributed to a China state-sponsored Advanced Persistent Threat (APT) actor. The attackers exploited vulnerabilities in BeyondTrust’s remote tech support software, obtaining an authentication key that allowed them to bypass defenses and access Treasury workstations and certain unclassified documents. Upon discovery, the compromised service was taken offline, and there is currently no evidence of continued unauthorized access. The Treasury Department is collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency, and private forensic investigators to assess the breach’s impact. This incident underscores concerns about persistent cybersecurity vulnerabilities in software used by government agencies.

➡️ Read more

Zoom Patches Several Vulnerabilities, Urges Users to Update 

Zoom addressed several vulnerabilities across its applications, notably CVE-2025-0147—a high-severity type confusion flaw in the Zoom Workplace App for Linux versions before 6.2.10—that could allow attackers to escalate privileges via network access. Other issues included untrusted search paths in Windows installers (CVE-2025-0145) and out-of-bounds write vulnerabilities in Linux applications (CVE-2025-0143), potentially leading to denial-of-service attacks. Zoom has released patches for these vulnerabilities and strongly advises users to update their applications to the latest versions to maintain security.

➡️ Read more

Mitch Evans,
Director, Cybersecurity Consulting

CISO Pick of the Month:

Report: Candy Crush, Tinder, and More—Thousands of Apps Have Been Hijacked to Spy on Your Location

This new article from WIRED breaks down the recent hack of Gravy Analytics, a location data company, and how it exposed that thousands of popular apps—including Candy Crush, Tinder, and MyFitnessPal—have been exploited to collect users’ location data without their knowledge. This data harvesting occurs through the advertising ecosystem, specifically real-time bidding (RTB) processes, rather than through code embedded by app developers. Consequently, both users and developers are often unaware of this covert data collection. The breach has raised significant privacy concerns, highlighting the extensive and opaque nature of location data tracking facilitated by the ad industry. 

➡️ Read the full report from WIRED

Get The Scoop

Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.