Zero Trust Cybersecurity Newsletter

February 2025

This is the monthly zero trust cybersecurity newsletter highlighting key news and actionable insights for enterprises looking to stop the next cyberattack by land, by sea, or in space. Our Cyber Risk Roundup offers a quick peek at this month's big stories.

🏢 A high-severity vulnerability (CVE-2025-0994) in Trimble Cityworks, an asset management tool widely used by local governments and infrastructure organizations, is being actively exploited, prompting CISA to urge immediate patching.

⌛🪱 Russian-backed hacking group Sandworm (Seashell Blizzard) is expanding its “BadPilot” initial access campaign beyond Eastern Europe and Asia, now targeting critical infrastructure in the US, UK, and Australia.

🎖️🪪 Hundreds of compromised credentials linked to DOD agencies and defense contractors have surfaced for sale, some including active session cookies that could allow attackers to bypass MFA.

₿⬇️ Ransomware payments declined 35% in 2024 ($813.55M vs. $1.25B in 2023), largely due to increased law enforcement action and victims refusing to pay. At the same time, nation-state-backed groups are increasingly using ransomware as a revenue stream.

Get the above stories and more in our February Cyber Risk Roundup. Keep scrolling for cyber guides, deep dives, and upcoming events.

Highlights

Gartner® Report: Innovation Insight – CPS Secure Remote Access Solutions

Traditional VPNs are no longer enough to protect critical infrastructure—enterprises need secure remote access solutions tailored for cyber-physical systems (CPS). This Gartner® report explores emerging SRA technologies, key benefits. Download now to stay ahead of evolving cybersecurity challenges and understand why Xage is recognized as a representative provider.

Read the Gartner Report

0225_0003_Navigating-the-NERC-CIP-Recent-Revisions-with-Xage

NERC CIP 2025 Updates: Key Changes, Utility Implications & Compliance Solutions

Stay ahead of the NERC CIP 2025 updates with expanded cybersecurity requirements for BES Cyber Systems. Learn about new compliance mandates, their impact on utilities, and how Xage’s Zero Trust security solutions can help you meet NERC CIP standards.

Read the Blog

Technical Whitepaper: Xage Extended Privileged Access Management (XPAM)

Traditional privileged access management (PAM) solutions fall short in protecting distributed, cyber-physical environments. This technical whitepaper explores how Xage XPAM delivers zero-trust, granular access control across IT, OT, and cloud, ensuring seamless security without disrupting operations.

Read the Technical Whitepaper

Strengthening Boardroom Cyber Resilience

Cyber threats are escalating, and corporate boards must take a proactive role in defense—this blog post explores key strategies to enhance cybersecurity governance and resilience. Readers will gain actionable insights on how to integrate robust cyber protections into boardroom decisions, ensuring their organizations stay ahead of evolving threats.

Read the Blog

Events

Cyber Risk Alliance Cyber Security Summits

Make plans to connect with Xage Security at the upcoming Cyber Summit. Join us in New York March 6th and Seattle March 13th. As proud sponsors of this premier series, we’re excited to engage with attendees, share insights, and discuss cutting-edge cybersecurity solutions. Don’t miss the chance to meet our team!

Learn More

Securing Industrial Modernization: Managing OT-IT Convergence Risks with Darktrace & Xage

As industrial modernization accelerates, operational technology (OT) assets are increasingly coming online, creating new security challenges. How can organizations protect these critical systems while ensuring seamless IT and OT convergence? Join Xage Security’s Vishal Gupta and Darktrace’s Dr. Oakley Cox as they explore drivers and key security challenges of OT/IT convergence, as well as risk mitigation controls that organizations should put into place to keep pace with industrial modernization.

Watch Now

Xage Security In the News