CSRB fired, vendor credentials leaked, Silk Road pardon
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Trump administration fires members of cybersecurity review board in ‘horribly shortsighted’ decision
The Department of Homeland Security has terminated all advisory committees, including the Cyber Security Review Board (CSRB). All advisors are encouraged to reapply but were told that “committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS’s strategic priorities.” The CSRB investigates major cybersecurity incidents, such as the Salt Typhoon hacks.?
Major Cybersecurity Vendors’ Credentials Found on Dark Web
Researchers at threat intelligence firm Cyble have discovered thousands of leaked credentials for at least 14 major cybersecurity vendors on the dark web since the start of 2025, including CrowdStrike, Palo Alto Networks, and McAfee. In a report published January 22nd, Cyble says these credentials were likely extracted from infostealer logs and include access to internal accounts and customer platforms. While many accounts may have additional security layers like MFA, the findings highlight the importance of dark web monitoring to prevent potential cyberattacks.
Trump Pardons Creator of Silk Road Drug Marketplace
President Trump pardoned Ross Ulbricht, the creator of the Silk Road marketplace, fulfilling a campaign promise that resonated with some cryptocurrency communities. Ulbricht was sentenced to life in prison in 2015 for running Silk Road, which facilitated $200 million in illegal transactions. Prosecutors linked him to drug-related deaths and alleged murder-for-hire plots, but others argued his sentence was excessive for a nonviolent crime.
Trump’s SEC launching ‘crypto task force’ to develop clear regulations for industry
The SEC, under acting Chair Mark Uyeda, announced a new ‘crypto task force’ to create clear regulations for digital assets, fulfilling President Trump’s promise of a crypto-friendly administration. Led by SEC Commissioner Hester Peirce, the task force will focus on developing rules for coin registration and fostering innovation while protecting investors. Bitcoin rose 2.4% on the news, as the announcement signals a stark shift from the Biden-era SEC, which was seen as hostile to the crypto industry.
领英推荐
(CNBC)
Thanks to today’s episode sponsor, Vanta
PowerSchool hacker claims they stole data of 62 million students
Hackers who breached education tech giant PowerSchool claimed to have stolen personal data for over 62.4 million students and 9.5 million teachers across 6,500 school districts in the U.S., Canada, and beyond. BleepingComputer reports that an FAQ stated that sensitive information, such as Social Security Numbers, medical information, and grades, was stolen for a subset of students impacted by the breach. This FAQ also stated that PowerSchool paid a ransom to prevent the stolen data from being leaked privately, seeing a video of the threat actor claiming to delete the data.PowerSchool is offering two years of free identity protection and credit monitoring for all affected individuals, though exact numbers remain unclear as investigations continue.
The Internet is (once again) awash with IoT botnets delivering record DDoSes
IoT-driven DDoS attacks are on the rise, along with a surge in botnets using infected home routers, cameras, and other devices. Notably, Cloudflare reported a record 5.6 terabit-per-second DDoS attack from 13,000 IoT devices, while other security firms like Qualys and Trend Micro have tracked multiple botnets leveraging Mirai variants. Experts warn that IoT devices remain vulnerable to compromise due to outdated security, and are urging users to update passwords, disable remote management, and install patches promptly.
UK government wades into private sector territory with mDL, digital wallet
The UK government’s announcement of the Gov.uk digital wallet has sparked some confusion in the digital identity ecosystem, as it’s designed to support both public and private sector use cases, creating overlap with the Digital Identity and Attributes Trust Framework (DIATF). Digital ID providers are now dealing with a “twin-track” system. The wallet will store only government-issued credentials, leaving DIATF-certified providers facing some unexpected competition.?
Critical zero-days impact premium WordPress real estate plugins
Two critical flaws in the RealHome theme and Easy Real Estate plugins for WordPress allow unauthenticated attackers to gain admin privileges, leaving 32,600 websites vulnerable. Despite the discovery in September 2024, no patches have been released by InspiryThemes, and both flaws remain exploitable. Administrators should immediately disable the affected plugins, restrict user registration, and apply mitigations to prevent potential exploitation.