The biggest cyber attacks and vulnerabilities from January 2025

Insights and trends from recent cyber threats and vulnerabilities from January.

Arjun Pednekar, Technical Director, Cognisys

Arjun Pednekar

3rd February 2024

In January, we witnessed issues in GitHub’s AI coding assistant, NCSC, urging vendors to eliminate “unforgivable” security flaws and a jailbreak in DeepSeek, exposing its entire system prompt, among other developments.

1. DeepSeek jailbroken: AI security concerns resurface

In a concerning development for artificial intelligence security, researchers have successfully “jailbroken” DeepSeek, a Chinese generative AI model, exposing its entire system prompt, and the internal instructions that govern its operations. This revelation has reignited concerns over DeepSeek’s security vulnerabilities, particularly after allegations of intellectual property theft from OpenAI. While the company has since addressed the issue, this incident underscores the broader challenge of securing large language models from similar exploits. The ease with which these models can be manipulated raises significant questions about the robustness of AI safety protocols, especially as related vulnerabilities continue to surface in other AI-driven applications.

2. GitHub copilot exploited

Parallel to the DeepSeek exposure, security researchers have also demonstrated methods to manipulate GitHub’s AI coding assistant, Copilot. Users can circumvent security restrictions and generate malicious outputs by embedding chat interactions within code or routing Copilot through proxy servers to interact directly with OpenAI models. GitHub has acknowledged these flaws and is working towards strengthening the security measures around Copilot to prevent such abuses. These findings highlight a persistent issue across AI applications: balancing usability with security in an era of increasingly sophisticated threats.

3. UK organisations boost cyber security budgets amid rising threats

Amid these concerns, UK organisations are ramping up their cyber defences, with a recent Infosecurity Europe survey revealing a planned 31% increase in cyber security budgets over the next year. This rise in spending reflects a heightened awareness of the evolving threat landscape and an urgent need to fortify organisational security. The primary investment areas include cloud security, incident response, managed security service provider (MSSP) outsourcing, identity management, and security awareness training. The increase in budget allocations aligns with an industry-wide recognition that cyber resilience is not just a technical necessity but a business imperative in the face of escalating cyber risks.

4. NCSC urges vendors to eliminate “unforgivable” security flaws

Further reinforcing the need for enhanced cyber security practices, the UK’s National Cyber Security Centre (NCSC) has called software vendors to eliminate a specific class of vulnerabilities it deems “unforgivable.” These security flaws, often stemming from poor coding practices, pose severe risks and have been exploited with increasing frequency. The urgency of the NCSC’s call to action is supported by the findings of Verizon’s 2024 Data Breach Investigations Report, which documented a staggering 180% rise in the exploitation of vulnerabilities as an initial attack vector between 2022 and 2023. This trend highlights the growing reliance of cyber criminals on zero-day exploits and the critical need for vendors to adopt secure-by-design principles. By addressing these vulnerabilities at their source, organisations can strengthen their cybersecurity posture and reduce their exposure to potential breaches.

5. Critical Cacti vulnerabilities discovered

The importance of timely vulnerability management has been further reinforced by discovering a critical flaw (CVE-2025-22604, CVSS 9.1) in the Cacti network monitoring framework, affecting versions before 1.2.29. This vulnerability allows authenticated users to inject malicious Object Identifiers (OIDs), leading to remote code execution. Another flaw (CVE-2025-24367, CVSS 7.2) also enables arbitrary file creation, increasing the risk of further exploitation. Security experts urge users to update to version 1.2.29 or later to mitigate these threats. Regular patching remains one of the most effective strategies for minimising cyber security risks, yet it continues to be an area where many organisations struggle to keep pace.

6. NAO warns of growing cyber threat to UK government

Meanwhile, the UK’s National Audit Office (NAO) has warned about the accelerating cyber threat facing government departments. An assessment in 2024 uncovered significant cyber resilience gaps in 58 critical IT systems, with vulnerabilities in at least 228 legacy systems remaining unidentified. The NAO further highlighted that one-third of government cyber security positions were either vacant or temporarily filled during 2023-24, exacerbating the risk of cyber incidents. Recent attacks on institutions such as the British Library and NHS Foundation trusts serve as reminders of the urgent need to bolster public sector cyber resilience. While new legislation and initiatives aim to improve cyber skills and accountability, the persistent shortage of skilled professionals and the continued reliance on outdated IT systems remain significant obstacles.

7. Rising API supply chain attacks threaten private sector security

The escalating threat of API supply chain attacks in the private sector has also become a pressing concern. A report from Salt Security warns that these attacks, which exploit weaknesses within interconnected digital ecosystems, pose a substantial risk to millions of users. The recent breach of the US Treasury Department is a stark reminder of the need for organisations to strengthen their API security measures. Experts recommend adopting robust monitoring and threat detection strategies to safeguard against these evolving threats, particularly as cyber criminals increasingly leverage API vulnerabilities to bypass traditional security barriers.

8. Critical zero-day vulnerability found in Fortinet FortiGate

Another critical zero-day vulnerability (CVE-2024-55591) has been identified in Fortinet FortiGate firewalls, affecting FortiOS and FortiProxy versions across multiple iterations. Attackers have exploited this flaw to create new administrator accounts and configure SSL VPN connections, granting themselves super-admin access. Fortinet released patches on 14 January 2025, urging administrators to update immediately. Additionally, organisations are advised to restrict public access to firewall management interfaces, restrict access to administration ports, and audit their systems for any signs of unauthorised activity. These measures are essential in mitigating potential breaches and maintaining robust network security.

9. TalkTalk data breach exposes 18.8 million customers

In a high-profile data breach, UK telecommunications company TalkTalk is investigating an incident involving a third-party supplier’s system. A hacker known as “b0nd” claims to have stolen the personal data of approximately 18.8 million current and former customers in January 2025. The compromised information reportedly includes names, email addresses, last-used IP addresses, and phone numbers. TalkTalk disputes these figures, stating that the number of affected customers is “wholly inaccurate and significantly overstated.” The breach is believed to have originated from CSG Ascendon’s subscription management platform, though CSG Ascendon denies any direct compromise of its technologies. Both companies are conducting further investigations to determine the full scope of the incident. This case serves as yet another reminder of the vulnerabilities associated with third-party supply chains and the importance of robust vendor risk management practices.

10. Over 15,000 exposed developer secrets found in Git Tools vulnerability

Adding to the growing list of cyber vulnerabilities, security engineer Bill Demirkapi has uncovered flaws in Git tools that have exposed millions of developers to credential theft. His research identified over 15,000 exposed developer secrets, including API keys and authentication tokens, which could grant attackers unauthorised access to company systems. His findings, presented at the Defcon security conference, reinforce the importance of proactive security research and the need for organisations to scrutinise unconventional datasets when evaluating cyber security risks.

11. Sophos identifies ransomware gangs using Office 365 to breach organisations

Meanwhile, Sophos Managed Detection and Response (MDR) has identified two emerging ransomware campaigns exploiting Microsoft Office 365 features to infiltrate organisations. These campaigns use “email bombing” tactics to overwhelm victims with spam, creating urgency and distraction before attackers pose as internal IT support via Microsoft Teams. Exploiting default settings that permit external communications, attackers deceive employees into granting remote access, which is then used to install malware. One group, STAC5143, has been linked to the FIN7 cybercrime gang, while another, STAC5777, has connections to the Storm-1811 threat actor, deploying Black Basta ransomware. Sophos has documented over 15 such incidents in the past three months, signalling a growing trend. Organisations are strongly encouraged to restrict external communications on Microsoft Teams, limit the use of remote access tools, and educate employees on the dangers of social engineering attacks.

Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cyber security community is crucial for our collective safety. Why not talk to us about your cyber security requirements?

Subscribe to receive the latest cyber insights