Partner Login

Monthly Threat Report February 2025: Changes in US Cybersecurity & a Busy Patch Tuesday

Written by Security Lab / 14.02.2025 /
Home » Blog » Monthly Threat Report February 2025: Changes in US Cybersecurity & a Busy Patch Tuesday

Introduction

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on the most important industry news from January 2025.

Note that this month’s threat report is one of our industry news and thought leadership editions, where we focus heavily on major cybersecurity news stories from the last month and provide commentary and guidance for readers. If you’re interested in some more data-driven discussions, be sure to read last month’s report, which is one of our quarterly data-driven editions of this monthly report.

If you’re interested in a much larger dataset and annual reports, be sure to review our recently published 2025 Cybersecurity Report.

Executive Summary

  • The Cyber Safety Review Board (CSRB) within the Dept. of Homeland Security in the US has been shut down.
  • There have been leadership changes within the Cybersecurity and Infrastructure Security Agency (CISA) and more changes are likely pending.
  • DeepSeek, a Chinese Large Language Model, has disrupted the generative AI scene, and despite many documented privacy and security concerns, continues to see rising usage.
  • There were a number of significant vulnerabilities patch by the January Microsoft Patch Tuesday. Organizations are urged to apply the patches ASAP.

Changes to the Cybersecurity Landscape

The security industry continues to evolve change, driven by real-world events (whether we want them too or not). This last month has seen some significant changes in US policy that will have an impact on the cybersecurity sector. We’ve laid out the most significant changes below, along with some other relevant industry news.

Major Incidents and Industry Events

The US Cyber Safety Review Board Shut Down

A memorandum on 20 January, shortly after President Donald Trump assumed the US presidency, has shuttered the Cyber Safety Review Board (CSRB). The CSRB was established with the mission to “improve the nation’s cybersecurity”. This was conducted by studying major cyber incidents along with the creation of detailed reports with suggested actions. These reports didn’t mince words or hold back when it came to security lapses by vendors in the technology sector.

Microsoft themselves were the subject of a detailed review by the CSRB after the Storm-0558 breach in 2023. This was also a topic that we covered extensively in one of our podcast episodes, shown below:

You are currently viewing a placeholder content from Youtube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information
Unblock Video here! Accept required service and unblock content

The disbanding of the CSRB removes a vendor-independent body that was able to suggest tangible improvements for the larger industry without having to keep news-cycles in mind, like some large corporations may be likely to do for fear of affecting stock prices. Without a body like this, less well-resourced entities and vendors themselves may sole become the source of information for these issues, which may lead to a lack of transparency and cohesion. Time will tell if another entity comes forward to fill this void.

Changes at CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has long been a community pillar in defensive security within the cybersecurity industry. The agency provides a litany of resources for the cybersecurity community, and plays a key role in helping to secure the digital infrastructure of the US Government. Therefore, any changes at CISA is important news for the community.

Jen Easterly, who has run the agency since 2021, has left the position as of Jan 20th. This leadership transition comes at a crucial time for CISA, as the agency continues to tackle an ever-evolving landscape of cyber threats, like the recent Salt Typhoon breach of US telecom systems. It’s worth mentioning that it’s not uncommon for leadership changes to occur during a US presidential transition and the departure of such key figures always has the potential to cause disruption in services, regardless of the administration making the changes. There’s a concern that these shifts could disrupt the agency’s momentum and effectiveness in addressing new and emerging cyber threats.

On a larger scale, the impact of these changes at CISA could be rather significant. As a leading authority in cybersecurity, CISA’s initiatives often set the tone for international efforts to combat cyber threats. The agency’s focus on collaboration with both public and private sector partners has been instrumental in shaping the cybersecurity landscape. We’ll continue to monitor CISA for any major organizational changes and impacts on the global security community in the coming days.

DeepSeek and Security Concerns

DeepSeek, a Chinese AI Large Language Model, has quickly become a focal point of national security and privacy concerns. The app has seen a rapid rise in popularity in the U.S and other countries. Cybersecurity experts are worried that Chinese law grants Beijing broad authority to access data from companies based in China, potentially allowing the Chinese government to access personal data of users. This has led to a growing number of countries and government bodies banning DeepSeek’s technology, citing fears of data leakage and information security risks.

This includes a bill circulating the US congress that would effectively make it illegal to use DeepSeek, and carries a hefty penalty of 20 years in prison. While the bill is  deemed unlikely to pass,  it highlights the fear of Chinese nation-state information gathering.

This is all not to mention that DeepSeek itself has already been shown to have security lapses that lead to the leaking of sensitive information. Regardless, DeepSeek is likely to have a role to play in the larger generative AI story as we continue to move into 2025.

159 Patches for Microsoft’s January Patch Tuesday

Patch Tuesday is always a big deal in the Microsoft space. January 2025 Patch Tuesday was a significant update, even moreso than usual, addressing a total of 159 vulnerabilities, including 10 critical Remote Code Execution (RCE) vulnerabilities and eight zero-day exploits. Among the fixes, CVE-2025-21362 and CVE-2025-21354 stand out, both involving vulnerabilities in Microsoft Excel that could allow remote code execution if a user opens a specially crafted file. Another critical vulnerability, CVE-2025-21311, affects Windows NTLM V1 and could allow privilege escalation, potentially giving attackers higher access levels on the system1. These updates are crucial for securing Windows operating systems and related software against potential exploitation.

Additionally, the update addressed several critical vulnerabilities in Windows Remote Desktop Services (CVE-2025-21309 and CVE-2025-21297), which could enable remote code execution through maliciously crafted connections or files. Obviously, with such a wide range of vulnerabilities addressed, it’s essential for organizations to apply the January 2025 patches immediately to ensure their systems are protected against these potential threats.

Predictions for the Coming Months

  • More changes are likely to occur within CISA in the coming weeks, as the Trump administration continues to make sweeping changes in the US federal government.
  • Without a clear mandate by any other entity, the Salt Typhoon investigation being run by the DHS CSRB is likely to go unfinished.
  • DeepSeek will continue to make waves in the AI ecosystem, despite the security concerns that have been raised by the cybersecurity community.

Expert Commentary from Hornetsecurity 

We asked some of our internal experts about the news from this month. We have posted their responses below! 

From Yvonne Bernard, CTO, on DeepSeek: 

The quick rise of DeepSeek is a great example of smart algorithms and architecture outperfoming hardware and huge cooperations. However, despite both the cost and energy efficiency of such models, I highly advise not to neglect the aspect of security when it comes to AI models. Regardless of being a cloud service or self-hosted: AI models open up new threat vectors that extend common vulnerability and dependencies scans by far. Therefore, companies using them need to be aware of and extend their security and data protection strategy upfront. 

Monthly Recommendations

  • Apply the patches from Microsoft’s patch Tuesday if you haven’t already.
  • Make sure your users are trained on the potential privacy issues with DeepSeek, and the associated data leakage concerns. Make a policy within your organization to restrict its use if needed.

About Hornetsecurity

Hornetsecurity is a leading global provider of next-generation cloud-based security, compliance, backup, and security awareness solutions that help companies and organisations of all sizes around the world. Its flagship product, 365 Total Protection, is the most comprehensive cloud security solution for Microsoft 365 on the market. Driven by innovation and cybersecurity excellence, Hornetsecurity is building a safer digital future and sustainable security cultures with its award-winning portfolio. Hornetsecurity operates in more than 120 countries through its international distribution network of 12,000+ channel partners and MSPs. Its premium services are used by more than 75,000 customers.

You might also be interested in: