Microsoft's Majorana 1 Chip Heralds New Era in Quantum Computing
Microsoft has unveiled the Majorana 1, the world's first quantum processing unit using topological qubits, promising unprecedented scalability with the potential for "a million qubits on a single chip." This breakthrough relies on topological qubits which are inherently more stable than traditional superconducting or trapped ion approaches, requiring fewer error-correcting qubits to produce workable logical qubits.
The Majorana 1 combines indium arsenide (semiconductor) and aluminum (superconductor) cooled to near absolute zero, creating what Microsoft calls a "topoconductor" — essentially a quantum transistor. Experts like Rebecca Krauthamer of QuSecure call it "one of the biggest quantum breakthroughs of the decade."
While this marks significant progress in quantum computing development, experts like Scott Aaronson note that topological qubits are still playing catch-up, having reached "parity with where more traditional qubits were 20-30 years ago." The implications for cryptography are significant, with Phil Venables of Google Cloud suggesting migration to post-quantum cryptography remains urgent regardless of whether quantum computing arrives in 5 or 10 years.
Rad Security Secures $14 Million for AI Security Platform
Rad Security has announced a $14 million Series A funding round led by Cheyenne Ventures, with participation from Forgepoint Capital, Lytical Ventures, Akamai, .406 Ventures, Vertex Ventures, and Gula Tech Adventures. This brings the total investment in the company to $20 million.
Their AI-driven defense platform aims to improve operational efficiency for security teams while enabling secure AI implementation within organizations. The platform secures cloud and AI workloads through runtime security and behavioral fingerprinting to establish baselines and identify suspicious deviations.
CEO Brooke Motta indicated that the funding will expand the platform's capabilities and grow the company's presence in key global markets, with a focus on enhancing AI-powered threat modeling. The company cites a total addressable market of approximately $84 billion.
OpenAI Shuts Down ChatGPT Accounts Used by Chinese Spy Networks
OpenAI has released its February threat intelligence report detailing how it thwarted Chinese threat actors abusing ChatGPT. The report highlights two operations, including one dubbed 'Peer Review' where ChatGPT accounts were used to develop and distribute spying tools designed to monitor social media platforms for conversations about Chinese political and social topics.
According to OpenAI, the tools were intended to identify online discussions related to Chinese political issues, especially calls to attend human rights demonstrations, and feed this information to Chinese authorities. The threat actors utilized ChatGPT for debugging code, creating promotional materials, conducting research, and translating English-language documents.
OpenAI also shut down accounts potentially linked to a Chinese disinformation campaign called Spamouflage and accounts possibly supporting North Korea's fake IT worker scheme. This follows previous actions against Iranian hackers who used ChatGPT for research into attacking industrial control systems.
NinjaOne Raises $500 Million at $5 Billion Valuation
Texas-based endpoint management company NinjaOne has secured $500 million in Series C extensions, valuing the company at $5 billion. The funding was provided by ICONIQ Growth and CapitalG (Alphabet's independent investment arm), reflecting growing investor confidence in IT operations and device management technologies.
The Austin-headquartered company plans to use the funds to advance research and development in autonomous endpoint management, including automated patching and vulnerability remediation. Additionally, the funding will support NinjaOne's pending $252 million acquisition of Dropsuite, an Australian cloud data backup and recovery security software provider.
NinjaOne boasts an impressive customer roster including Nvidia, Lyft, Cintas, Vimeo, HelloFresh, The King's Trust, and Porsche. The company remains debt-free and founder-led following this latest investment round.
Australia Bans Kaspersky Products on Government Systems
The Australian Department of Home Affairs has issued Direction 002-2025, requiring all government entities to remove Kaspersky Lab products and web services from their systems by April 1, 2025. The directive was issued under the Protective Security Policy Framework to "manage a protective security risk to the Commonwealth," suggesting concerns about potential Russian government influence over the cybersecurity company.
This move follows similar actions by other countries, including the United States, which completely banned Kaspersky software last year. After the US ban, Kaspersky sold its US customer base to UltraAV, a brand of Pango Group, though the transition faced challenges.
Kaspersky expressed disappointment with Australia's decision, stating it "stems from the current geopolitical climate and was not supported by any technical assessment." The company maintains that, as a private independent entity, it has no ties to any government.
US Charges Genesis Market User with Wire Fraud and Identity Theft
The US Justice Department has announced charges against 29-year-old Andrew Shenkosky from Michigan for buying and using credentials from the Genesis Market cybercrime marketplace. According to authorities, Shenkosky purchased approximately 2,500 stolen login credentials from Genesis Market and used them to steal money from bank accounts by transferring funds to a PayPal account under his control.
The suspect also allegedly attempted to sell some of the stolen account data on RaidForums, a cybercrime marketplace that was dismantled in an international law enforcement operation in 2022. Shenkosky has been charged with wire fraud, aggravated identity theft, possession of unauthorized access devices, and trafficking computer access information.
Genesis Market, which had operated since 2018, was targeted by law enforcement in April 2023 when the FBI seized its domain and arrested 120 individuals. The marketplace had offered cybercriminals access to bots for malicious activities and bypassing anti-fraud systems.
$1.5 Billion Bybit Cryptocurrency Heist Linked to North Korea
Multiple security companies and experts have attributed the massive $1.5 billion Bybit cryptocurrency heist to North Korean hackers, specifically the notorious Lazarus group. The theft, which targeted the cryptocurrency exchange Bybit and involved approximately 400,000 Ethereum (ETH and stETH), is considered the largest cryptocurrency heist to date.
The attack occurred during the transfer of ETH from a cold wallet to a warm wallet, where hackers manipulated the user interface to redirect funds to addresses under their control. According to Check Point, the attackers likely identified multisig signers responsible for approving transactions and hacked their devices using malware, phishing, or a supply chain attack.
Blockchain intelligence firms including TRM Labs and Elliptic have linked the attack to North Korea based on substantial overlaps between addresses controlled by the Bybit hackers and those connected to prior North Korean thefts. The US previously blamed North Korean hackers for a $308 million heist targeting Bitcoin.DMM.com and a $600 million theft from Ronin.
Freelance Software Developers Targeted by North Korean Malware Campaign
ESET has revealed that hundreds of freelance software developers have been targeted and infected with North Korean malware over the past year in a campaign tracked as DeceptiveDevelopment. The victims, primarily associated with cryptocurrency and decentralized finance projects, were approached with fake job opportunities on platforms like LinkedIn, Upwork, and Freelancer.com.
The attackers posed as software development recruiters, convincing victims to download seemingly benign software projects that contained hidden malware. When victims inspected and executed the code, their systems were infected with BeaverTail (an information stealer and downloader) and InvisibleFerret (a modular Python-based spyware and backdoor).
These malware families allowed the hackers to harvest cryptocurrency wallets and credentials while deploying additional tools like AnyDesk for remote access. The campaign has targeted Windows, Linux, and macOS devices, with attacks directed at freelancers ranging from junior developers to highly experienced professionals.
Apple Pulls Advanced Data Protection for UK Users Amid Backdoor Demands
Apple has discontinued its Advanced Data Protection (ADP) feature for new users in the United Kingdom, a move clearly linked to UK government demands for backdoor access to encrypted cloud storage. Current UK users will eventually need to disable this security feature to continue using their iCloud accounts.
While not explicitly stating the reason, Apple expressed being "gravely disappointed" and reiterated its stance: "We have never built a backdoor or master key to any of our products or services and we never will." This suggests the company received a secret order from British authorities requiring blanket access to encrypted content stored in iCloud.
ADP, which offers end-to-end encryption for iCloud data, remains available outside the UK. Apple emphasized that while the withdrawal affects nine iCloud data categories (including Backup, Drive, Photos, and Notes), the 14 categories encrypted by default (such as Keychain and Health data) remain protected.
Cisco Details 'Salt Typhoon' Network Hopping and Credential Theft Tactics
Cisco's Talos Intelligence Group has confirmed that the Chinese state-sponsored hacking group Salt Typhoon successfully compromised US telecommunications networks using a combination of old vulnerabilities, stolen credentials, and "living-off-the-land" tactics.
In at least one confirmed incident, Salt Typhoon exploited CVE-2018-0171, a remote code execution vulnerability in Cisco's Smart Install feature that was patched in 2018. The attackers primarily gained access using valid login credentials, capturing network traffic to steal SNMP, TACACS, and RADIUS credentials. They also exfiltrated device configurations containing sensitive authentication material.
The researchers observed Salt Typhoon pivoting between compromised telecom networks, using one company's infrastructure as a jumping point to attack another. This "machine to machine" pivoting allowed the threat actors to move within trusted infrastructure where suspicious communications might not be flagged by network defenders.
Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers
OPSWAT researchers have discovered two critical vulnerabilities in the Mongoose Object Data Modeling (ODM) library for MongoDB that could allow attackers to achieve remote code execution (RCE) on Node.js application servers. The first vulnerability, tracked as CVE-2024-53900, enables exploitation of the $where value to potentially execute malicious code. The second issue, CVE-2025-23061, is a bypass for the patch implemented for the first vulnerability.
The security flaws exist in a Mongoose function that improves working with relationships between documents. When processing retrieved data, this function would pass the $where value to an external library without proper input validation, creating a significant security risk. While a patch for CVE-2024-53900 added checks to prevent exploitation, attackers could bypass this protection by embedding the $where operator in the $or operator.
OPSWAT has released proof-of-concept exploit code for both vulnerabilities and recommends updating Mongoose to version 8.9.5 or later to apply the complete fixes.
How China Pinned University Cyberattacks on NSA Hackers
Australian researcher Lina Lau has analyzed multiple reports detailing how Chinese government agencies and private firms attributed cyberattacks against Northwestern Polytechnical University to the NSA. In September 2022, China's National Computer Virus Emergency Response Center (CVERC) accused the NSA of thousands of cyberattacks against Chinese networks, with specific focus on the university.
According to the reports, attribution was based on several factors: IP addresses allegedly purchased by NSA through cover entities; operational patterns matching US working hours (with pauses during US holidays); use of American English keyboard layouts; human error that exposed a working directory; and tools linked to those exposed in the Shadow Brokers leak.
The reports claim the NSA deployed at least 41 malware strains, with 23 showing approximately 97% similarity to tools in the Shadow Brokers leak. The attackers allegedly used sophisticated techniques including zero-day exploitation, man-in-the-middle attacks, and various persistence tools to systematically steal classified research data and sensitive documents.
CISA Warns of Attacks Exploiting Craft CMS Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-23209, a vulnerability in the Craft content management system (CMS), to its Known Exploited Vulnerabilities (KEV) catalog, indicating it's being actively exploited in the wild. The high-severity remote code execution vulnerability, patched in mid-January with versions 5.5.8 and 4.13.8, affects Craft installations where the security key has already been compromised.
While specific details about current attack campaigns are limited, CISA has instructed federal agencies to address the vulnerability by March 13. Netlas reports over 41,000 Craft instances may be affected by this vulnerability.
Interestingly, a different Craft CMS vulnerability, CVE-2024-56145, which was patched in mid-November 2024, was confirmed by Craft developers to be exploited in the wild in December 2024, but has not yet been added to CISA's KEV catalog.
Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls
Palo Alto Networks has warned customers that a second PAN-OS vulnerability patched in February is being exploited in the wild. CVE-2025-0111, a file read issue in PAN-OS that allows an authenticated attacker to read files on the filesystem, is being chained with previously known vulnerabilities CVE-2025-0108 (an authentication bypass flaw) and CVE-2024-9474 to compromise unpatched firewalls.
The cybersecurity firm has updated its advisory for CVE-2025-0111, elevating it from medium to high severity and changing the urgency rating from "moderate" to "highest." GreyNoise has detected attack attempts coming from over 30 unique IP addresses, while Shadowserver Foundation reports more than 3,000 internet-exposed PAN-OS management interfaces vulnerable to exploitation.
CISA has added CVE-2025-0111 to its Known Exploited Vulnerabilities catalog, instructing federal agencies to address it by March 13. Palo Alto Networks is urging customers to immediately apply patches or restrict access to the management interface to trusted internal IP addresses.
Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
Researchers at Symantec and Trend Micro have independently discovered sophisticated tools previously used exclusively for Chinese state-sponsored espionage appearing in financially motivated ransomware attacks. Symantec documented an incident where a toolset typically linked to China-based espionage, including a variant of the notorious PlugX backdoor, was deployed alongside RA World ransomware with demands reaching $2 million.
Separately, Trend Micro reported that Shadowpad, a modular malware family long associated with Chinese threat actors like APT41, unexpectedly appeared alongside an undisclosed ransomware variant during incident response cases across Europe. After gaining network access, attackers deployed Shadowpad for both espionage operations and data encryption.
This overlap between state-sponsored tools and criminal ransomware campaigns suggests either deliberate collusion or the possibility that members of APT groups are moonlighting as ransomware operators. Technical analysis revealed string and code similarities between PlugX and Shadowpad, indicating a close link between their developers.
Mining Company NioCorp Loses $500,000 in BEC Hack
US-based mining company NioCorp Developments has informed the SEC that it recently lost approximately $500,000 after its email systems were compromised in what appears to be a business email compromise (BEC) scheme. The company discovered the cybersecurity incident on February 14, which resulted in "misdirected vendor payments."
The attackers likely leveraged their access to the company's email systems to send legitimate-looking messages designed to convince recipients to redirect payments to bank accounts controlled by the cybercriminals. NioCorp has notified financial institutions and law enforcement in an effort to recover the stolen funds.
While the company believes the incident is limited to the misdirected payments, its investigation remains ongoing, and the full scope and impact are not yet known. According to FBI reports, BEC attacks caused losses totaling $2.9 billion in 2023 and $55 billion between 2013 and 2023.