Exposures, Exposed! Weekly Round-up January 27 – February 2

As we welcome the Year of the Snake, cyber threats are slithering their way into your digital world! In this Lunar New Year edition of “Exposures Exposed”, we’re uncovering the latest breaches, vulnerabilities, and exposures that could put your security at risk. Our experts have identified critical threats you won’t want to ignore—so don’t leave your defenses to luck. Read on for the insights you need to stay secure this new year!

DeepSeek Confirms Cyberattack Amid AI Security Concerns??

DeepSeek reported a cyberattack that disrupted new user registrations on its website. The company stated that existing users remained unaffected. While details remain limited, the incident appears to be a distributed denial-of-service (DDoS) attack.??

DeepSeek, founded in 2023, recently launched its open-source R1 model, claiming performance comparable to ChatGPT and Gemini with lower computational costs. Security researchers have started analyzing the model for vulnerabilities. Threat intelligence firm Kela identified several security flaws, stating that its red team successfully bypassed safety mechanisms. The model allegedly generated harmful content, including ransomware code and weapon instructions.??

Privacy and data protection concerns have also surfaced. Experts warn users to evaluate how AI platforms handle sensitive data, particularly when operated by foreign entities.??

The Takeaway: Users should verify the security and data practices of AI platforms before inputting sensitive information. Learn more here.

Apple Processors Contain Security Flaws Allowing Data Exposure??

Apple’s latest processors contain vulnerabilities that may expose sensitive user data, according to cybersecurity researchers. An international team, including experts from Georgia Institute of Technology and Ruhr University Bochum, identified two flaws affecting Apple’s M- and A-series chips.??

The first issue, documented in a paper titled "FLOP," involves the Load Value Predictor (LVP), which attempts to optimize processing speed. Researchers found that incorrect predictions could bypass memory security checks, making it possible to extract sensitive information from web browsers. A second flaw, detailed in a paper called "SLAP," involves the Load Address Predictor (LAP). Errors in its predictions could allow attackers to access emails and browser activity.??

The research team disclosed these findings to Apple in May and September last year. Their results will be presented at IEEE SP 2025 and USENIX Security 2025.??

The Takeaway: Users should apply Apple’s latest security updates to mitigate these risks. Learn more here.

GitHub Desktop Flaws Expose User Credentials to Attackers

Security researchers identified multiple vulnerabilities in GitHub Desktop and related Git projects that could allow attackers to steal user credentials. The issues, collectively called Clone2Leak, affect GitHub Desktop, Git Credential Manager, Git LFS, and GitHub CLI.

The vulnerabilities include CVE-2025-23040, CVE-2024-50338, CVE-2024-53263, and CVE-2024-53858, which exploit flaws in credential handling to leak authentication tokens. GitHub released updates addressing these issues, including CVE-2024-52006 and CVE-2024-50349.

The Takeaway: Apply security updates or disable credential helpers when cloning untrusted repositories. Learn more here.

Chinese Hackers Exploited Unpatched Telecom Systems Worldwide

A Chinese nation-state hacking group exploited known vulnerabilities in global telecom networks, targeting unpatched systems. Security firm Tenable reported that 91% of 30,000 Microsoft Exchange Servers remained vulnerable to CVE-2021-26855, despite a patch issued in 2021.

The group, tracked as Salt Typhoon, has been linked to attacks on at least nine U.S. telecom companies. The U.S. Treasury recently sanctioned a Chinese firm and an individual tied to China's Ministry of State Security for involvement.

Salt Typhoon used vulnerabilities such as CVE-2022-3236, CVE-2023-48788, CVE-2024-21887, and CVE-2023-46805 to infiltrate systems. Officials criticized some telecoms for inadequate defenses, warning that attackers erased logs to avoid detection.

The Takeaway: Organizations must patch vulnerabilities, monitor logs, and strengthen cybersecurity to prevent nation-state attacks. Learn more here.

Firewall Security Flaws Expose Palo Alto Networks Devices

A security analysis of Palo Alto Networks firewalls uncovered multiple vulnerabilities affecting device firmware and security features. Security firm Eclypsium identified flaws, collectively named PANdora’s Box, in PA-3260, PA-1410, and PA-415 models.

The vulnerabilities include CVE-2020-10713, CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, CVE-2021-45970, and CVE-2023-1017. Some allow attackers to bypass Secure Boot, execute malicious code, or escalate privileges.

Palo Alto Networks stated that these flaws require prior system compromise and do not pose a risk under standard configurations. The company is collaborating with third-party vendors to develop necessary firmware updates.

The Takeaway: Organizations should update PAN-OS software, follow security best practices, and monitor for new firmware updates. Learn more here.

Rockwell Automation Patches Critical Flaws in Key Products

Rockwell Automation has released six new security advisories addressing critical- and high-severity vulnerabilities in its products. The issues affect the FactoryTalk industrial automation software, DataMosaix Private Cloud platform, ICE2 controller, and PowerFlex 755 product.

The FactoryTalk View Machine Edition has a critical flaw that allows remote arbitrary command execution and a high-severity vulnerability that can be exploited locally. Two high-severity flaws in FactoryTalk View Site Edition allow local code execution and unauthorized system configuration access.

Rockwell also fixed a critical SQLite vulnerability in DataMosaix, a high-severity path traversal flaw, a DoS vulnerability in ICE2, and a credential exposure issue in PowerFlex 755.

CVE-2023-3825, a KEPServer DoS vulnerability, was also addressed. The vulnerabilities have not been exploited, but Rockwell advises organizations to apply the patches promptly.

The Takeaway: Organizations should patch Rockwell products to mitigate critical vulnerabilities. Learn more here.

That’s all for this week – have any exposures to add to our list? Let us know!

Read our latest blog "Exposure Management: Healthcare’s Preventive Medicine":