As cyber threats grow in complexity and frequency, recent events have underscored the critical need for robust cybersecurity strategies across industries. From new vulnerabilities in BeyondTrust and Ivanti systems to nation-state attacks leveraging VPNs and firewalls, the risks to sensitive networks and critical infrastructure continue to escalate. Adding to the uncertainty, shifts in federal cybersecurity policy and the recent FCC mandates for telecommunications providers highlight the evolving regulatory landscape.
Every edition of the Cyber Risk Roundup, we break down the top stories of the month. Here’s what you need to know for January 2025.
More BeyondTrust Zero-Days
CISA recently added two BeyondTrust vulnerabilities to the KEV catalog (CVE-2024-12356, CVE-2024-12686), linking them to the December 2024 cyberattack on the U.S. Treasury Department by the Chinese-linked group Silk Typhoon.
In this attack, the threat actors exploited weaknesses in BeyondTrust’s credential and privilege management systems to escalate privileges and gain access to sensitive networks. Once inside, they moved laterally, leveraging interconnected systems to amplify the breach. This incident highlights the inherent vulnerabilities of architectures with single points of failure, particularly in remote access and privileged access platforms, where a compromise can turn security tools into attack vectors.
Learn how Xage’s zero-trust approach can mitigate these risks.
Nation-States Continue to Exploit VPN & Firewalls
Nation-states continue to exploit VPNs and firewalls as key attack vectors, showing no signs of slowing down.
This month, two new Ivanti VPN zero-day vulnerabilities (CVE-2025-0282 and CVE-2025-0283) were disclosed, with CVE-2025-0282 already actively exploited by the Chinese-linked espionage group UNC5221, according to Mandiant. While Ivanti has issued patches, the urgency for organizations to address these vulnerabilities cannot be overstated.
Additionally, a two-year-old breach of FortiGate firewalls has resurfaced with leaked configuration data and passwords, many stored in plaintext. Although continuous password rotation can mitigate some risks, FortiGate does not enforce this practice, leaving many organizations vulnerable to stale credentials. Worse, unchanged firewall configurations offer hackers valuable insights, and the leak includes around 12,000 site-to-site IPsec VPN configurations, providing direct access to internal networks for potential attackers.
FCC Releases New Telecommunications Mandates
The fallout from the Salt Typhoon cyber-espionage campaign, linked to a Chinese hacking group targeting sensitive telecommunications systems, continues to unfold. Recent revelations have named three additional breached telcos—Charter, Consolidated Communications, and Windstream—bringing the total number of known victims to seven out of nine, with two still unidentified. Meanwhile, AT&T, Verizon, and Lumen have announced they successfully removed Salt Typhoon from their networks.
In response to these incidents, the FCC has issued new mandates requiring all telecommunications providers to secure their networks against foreign hacking threats. The ruling obligates carriers to implement robust cybersecurity risk management plans and submit annual certifications to demonstrate compliance.
New US Federal Administration Signal Changes to Cybersecurity Initiatives
Cybersecurity Investigations Disrupted
On the first day of the Trump administration, all members of the Department of Homeland Security’s advisory committees, including the Cyber Safety Review Board (CSRB), were dismissed. The CSRB, established under a 2021 executive order, was actively investigating Salt Typhoon and other significant cyber incidents. Its abrupt termination has raised concerns about the continuity of critical cybersecurity investigations.
Charter Changes for CISA
Further uncertainty looms as DHS Secretary nominee Kristi Noem proposed downsizing the Cybersecurity and Infrastructure Security Agency (CISA) during her nomination hearing. Her plan involves shifting CISA’s focus away from election misinformation and disinformation to concentrate solely on securing and defending the nation’s critical infrastructure—a move that aligns with broader efforts to streamline federal cybersecurity operations.
Biden’s Capstone Cybersecurity Executive Order
Biden signed a cybersecurity-focused executive order on his way out, building on previous directives, designed to strengthen federal defenses and establish defensible networks in both government and private sector. Although the Trump administration could rescind the directive, its non-partisan focus on national security and cyber resilience make that unlikely.