DJBSEC's CyberNews 2-24-25

Story 1: Bybit Confirms Record-Breaking $146 Million Crypto Heist

Cryptocurrency exchange Bybit has confirmed a record-breaking security breach resulting in the theft of $146 million in cryptocurrency. The attack targeted Bybit’s Ethereum cold wallet and involved sophisticated manipulation of transactions during a routine transfer. Blockchain intelligence firms believe North Korea’s Lazarus Group may be responsible, marking one of the largest crypto thefts in history. Bybit is cooperating with authorities and assures that other wallets remain secure.

Story 2: OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

OpenAI has suspended several accounts misusing ChatGPT for developing AI-powered surveillance systems and conducting influence operations. Some of these activities, reportedly linked to Chinese entities, included monitoring social media for anti-China protests in Western countries. Additionally, networks from North Korea and Iran allegedly used ChatGPT for fraudulent job applications and propaganda generation. OpenAI reiterated its commitment to preventing the misuse of its technologies for malicious purposes.

Story 3: Apple Pulls End-to-End Encryption from UK After Government Demands

Apple has withdrawn its Advanced Data Protection feature, which offers end-to-end encryption for iCloud data, from users in the United Kingdom. The move follows demands from the UK government for law enforcement access to encrypted data. While existing users can temporarily retain the feature, new activations are blocked, and all users will eventually have to disable it. Apple expressed disappointment, citing the need for robust data protection amid rising cyber threats.

Story 4: Black Basta Ransomware Group Goes Dark Amid Infighting

The ransomware group Black Basta has reportedly ceased operations following internal disputes, as revealed by leaked chat logs. The logs, covering September 2023 to September 2024, show disagreements among members over attack strategies and controversial targets. These internal conflicts led to a sharp decline in the group’s activities, challenging their previously perceived image as a highly efficient ransomware organization.

Story 5: Data Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service Operations

A data leak from Chinese cybersecurity firm TopSec has revealed its involvement in providing censorship-as-a-service solutions to public and private sector clients. The leaked data includes infrastructure details and employee work logs, showing TopSec’s role in monitoring and controlling web content. The company reportedly collaborated with state-owned enterprises to suppress politically sensitive information, highlighting China’s extensive digital censorship practices.

Story 6: NSA Allegedly Hacked Northwestern Polytechnical University in China

Chinese cybersecurity authorities claim that the U.S. National Security Agency (NSA) conducted a prolonged cyber-espionage campaign against Northwestern Polytechnical University (NPU), a key institution in aerospace and defense research. Reports allege that the NSA’s Tailored Access Operations unit used over 40 custom malware strains between 2020 and 2022 to extract sensitive research data. The alleged operation involved advanced techniques, including zero-day exploits and compromised edge devices.

Story 7: CISA Adds Microsoft Power Pages Flaw to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Power Pages vulnerability (CVE-2025-24989) to its Known Exploited Vulnerabilities catalog. The flaw allows unauthorized access and control over affected systems. CISA urges organizations using Microsoft Power Pages to apply the latest patches immediately to mitigate exploitation risks.

Story 8: BlackBastaGPT – ChatGPT-Powered Tool Analyzes Ransomware Group Tactics

Researchers have developed BlackBastaGPT, an AI-powered chatbot trained on over one million leaked internal messages from the Black Basta ransomware group. This tool allows cybersecurity professionals to analyze the gang’s operations, including financial strategies and attack methodologies, through natural language queries. The chatbot provides unique insights into the group’s internal communications and negotiation tactics during ransomware incidents.

Story 9: PayPal “New Address” Feature Abused to Send Phishing Emails

Cybercriminals are exploiting PayPal’s “New Address” feature to send phishing emails that appear legitimate. Victims receive notifications about a new shipping address linked to a high-value purchase, along with a customer service number to dispute the transaction. The attackers aim to trick users into calling the provided number, leading to potential scams or unauthorized access to sensitive information. Users are advised to verify such alerts directly through their PayPal accounts.

Story 10: Former NSA Chief Paul Nakasone Warns U.S. Falling Behind in Cyberspace

Retired General Paul Nakasone, former head of the NSA and U.S. Cyber Command, warned that the United States is lagging behind adversaries in cyberspace. Speaking at a cybersecurity conference, Nakasone highlighted breaches of U.S. telecommunications and critical infrastructure as evidence of national vulnerabilities. He emphasized the urgent