Insights

• Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

  Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with The

  2025-04-03 17:39:00

• Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

  The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by

  2025-04-03 12:22:00

• AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

  The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone—and

  2025-04-03 11:25:00

• AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

  AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security

  2025-04-03 10:34:00

• Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

  Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target's device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed by

  2025-04-03 08:21:00

• Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices

  Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025.  Triada is the

  2025-04-03 07:34:00

• Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign

  Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro

  2025-04-03 04:45:00

• Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation

  In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material (CSAM). "A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025," Europol said in a statement. "On March 11, 2025, the server, which contained around 72,000 videos at the time, was seized by

  2025-04-03 03:58:00

• Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

  Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact

  2025-04-02 13:48:00

• Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers

  Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST

  2025-04-02 11:25:00

• Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

  Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis

  2025-04-02 10:43:00

• How SSL Misconfigurations Impact Your Attack Surface

  When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited.  This highlights how important your SSL configurations are in maintaining your web application security and

  2025-04-02 10:00:00

• FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

  The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss

  2025-04-02 06:52:00

• New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

  Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls)," Zscaler ThreatLabz researcher Muhammed Irfan V A said in

  2025-04-02 05:55:00

• Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

  Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as

  2025-04-01 17:08:00

• Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

  On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox

  2025-04-01 15:34:00

• Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

  A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable,

  2025-04-01 14:18:00

• Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

  Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate

  2025-04-01 11:28:00

• Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

  Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat

  2025-04-01 11:17:00

• Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?

  Explore how relying on CSRF tokens as a security measure against CSRF attacks is a recommended best practice, but in some cases, they are simply not enough. Introduction As per the Open Web Application Security Project (OWASP), CSRF vulnerabilities are recognized as a significant threat and are historically part of their top risks. The implications of CSRF attacks are far-reaching and could

  2025-04-01 11:03:00

• China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

  Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was

  2025-04-01 11:03:00

• Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

  Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorité de la concurrence said it's imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25,

  2025-04-01 05:47:00

• Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

  The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of

  2025-03-31 16:41:00

• Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

  Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the

  2025-03-31 12:04:00

• ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

  Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected

  2025-03-31 11:25:00

• 5 Impactful AWS Vulnerabilities You're Responsible For

  If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it's up to the customer to handle the locks, install the alarm systems,

  2025-03-31 11:00:00

• Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

  Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to

  2025-03-31 09:30:00

• RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that

  2025-03-30 05:07:00

• New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

  Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"

  2025-03-29 07:28:00

• BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

  In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract

  2025-03-29 03:52:00

• Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA

  Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.  The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. "The new vulnerabilities can

  2025-03-28 13:21:00

• CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

  Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.  "The purpose of the malware is to download and execute second-stage payloads while evading

  2025-03-28 11:57:00

• Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity

  Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is

  2025-03-28 10:15:00

• PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps

  An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first

  2025-03-28 08:06:00

• Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

  Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest

  2025-03-28 06:06:00

• Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

  Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

  2025-03-28 05:44:00

• New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

  Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind

  2025-03-27 16:58:00

• Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks

  A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in

  2025-03-27 14:10:00

• APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

  An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as

  2025-03-27 12:31:00

• New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

  Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why

  2025-03-27 11:25:00

• Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

  Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.

  2025-03-27 10:00:00

• 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

  An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor's browser," c/side security analyst Himanshu

  2025-03-27 08:13:00

• CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF

  2025-03-27 06:23:00

• NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

  A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as

  2025-03-27 06:06:00

• New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

  The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow

  2025-03-26 16:59:00

• EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

  The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,

  2025-03-26 13:53:00

• RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

  The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating

  2025-03-26 13:43:00

• Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks

  Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on

  2025-03-26 12:00:00

• Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience

  “A boxer derives the greatest advantage from his sparring partner…” — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure.

  2025-03-26 11:25:00

• Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

  Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783 (CVSS score: 8.3), has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo

  2025-03-26 11:10:00

• How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More

  When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report, 57% of companies experience over

  2025-03-26 10:15:00

• Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms

  Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a

  2025-03-26 08:53:00

• New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released

  Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

  2025-03-26 04:20:00

• Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

  A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The

  2025-03-25 13:39:00

• Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years

  A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not

  2025-03-25 11:54:00

• AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface

  Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major SaaS provider.

  2025-03-25 11:00:00

• Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps

  Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET

  2025-03-25 09:10:00

• INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust

  Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it

  2025-03-25 06:33:00

• Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

  A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of

  2025-03-24 18:55:00

• Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks

  Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to

  2025-03-24 16:19:00

• VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics

  A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as $500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said

  2025-03-24 14:06:00

• ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

  A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad fraud at scale behind

  2025-03-24 11:35:00

• VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

  Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a

  2025-03-24 11:10:00

• How to Balance Password Security Against User Experience

  If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article

  2025-03-24 11:00:00

• Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

  A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

  2025-03-24 09:17:00

• Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed

  The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,"

  2025-03-23 05:26:00

• U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

  The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration's review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring

  2025-03-22 07:32:00

• UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools

  Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim

  2025-03-21 13:54:00

• Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

  The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS

  2025-03-21 12:58:00

• 10 Critical Network Pentest Findings IT Teams Overlook

  After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the test? That’s where

  2025-03-21 11:01:00

• China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

  The China-linked advanced persistent threat (APT) group known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, Catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place

  2025-03-21 11:01:00

• Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

  Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents," the company said. "This suggests

  2025-03-21 10:28:00

• Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

  Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below -  CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an

  2025-03-21 05:09:00

• YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

  YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and

  2025-03-20 15:39:00

• Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

  Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. "A vulnerability allowing remote code execution (RCE) by authenticated domain users," the

  2025-03-20 13:43:00

• How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model

  Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity

  2025-03-20 11:25:00

• Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data

  The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications

  2025-03-20 10:56:00

• Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers

  Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security challenges

  2025-03-20 10:00:00

• CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

  2025-03-20 09:43:00

• CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages

  The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves

  2025-03-20 06:08:00

• Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

  Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company

  2025-03-19 15:52:00

• Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia

  The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company

  2025-03-19 13:50:00

• Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen

  In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming

  2025-03-19 11:35:00

• ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

  The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The

  2025-03-19 10:59:00

• 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security

  Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small

  2025-03-19 10:30:00

• Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems

  Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially

  2025-03-19 06:59:00

• CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

  2025-03-19 05:05:00

• New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

  Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent

  2025-03-18 15:43:00

• Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017

  An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden

  2025-03-18 14:09:00

• Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security

  Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is

  2025-03-18 14:00:00

• New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

  A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

  2025-03-18 13:31:00

• How to Improve Okta Security in Four Steps

  While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this

  2025-03-18 13:15:00

• New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

  Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. "The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with

  2025-03-18 13:11:00

• China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

  Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in

  2025-03-18 10:24:00

• BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

  At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in

  2025-03-18 10:01:00

• Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets

  Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored

  2025-03-18 07:00:00

• Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

  A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions - Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It

  2025-03-17 17:08:00

• Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

  An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a

  2025-03-17 13:12:00

• Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

  Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy. "The features available in CSS allow attackers and spammers to track users' actions and

  2025-03-17 11:52:00

• ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

  From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source

  2025-03-17 11:25:00

• SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

  The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider’s storage security controls and default settings. “In just the past few months, I have witnessed two different methods for

  2025-03-17 11:00:00

• GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

  Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all

  2025-03-17 10:11:00

• Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

  Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages

  2025-03-15 05:55:00

• Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges

  A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019

  2025-03-14 15:07:00

• GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

  The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol

  2025-03-14 14:52:00

• Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom

  Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how

  2025-03-14 11:25:00

• Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right

  Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn’t have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security  Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no

  2025-03-14 11:00:00

• New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

  Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that's designed to monitor a victim's clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses

  2025-03-14 06:08:00

• OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection

  A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It's currently not known who is behind the campaign. The rootkit "has the ability to cloak or mask any file, registry key or task

  2025-03-14 05:37:00

• Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

  Microsoft has shed light on an ongoing phishing campaign that has targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant's threat intelligence team said, started in December 2024 and operates with the end goal of conducting

  2025-03-13 15:26:00

• North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

  The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

  2025-03-13 14:23:00

• GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

  Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows

  2025-03-13 12:26:00

• Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

  As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become

  2025-03-13 11:00:00

• Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

  Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font

  2025-03-13 07:13:00

• WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback

  Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said. "Without updating to Firefox

  2025-03-13 07:08:00

• Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

  The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX Series routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script

  2025-03-12 14:08:00

• Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

  Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025. The countries which

  2025-03-12 11:56:00

• Pentesters: Is AI Coming for Your Role?

  We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue the anxiety.  There have been ongoing whispers about what roles would be

  2025-03-12 10:25:00

• URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days

  Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege

  2025-03-12 09:52:00

• Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks

  Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it

  2025-03-12 04:02:00

• Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

  The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of

  2025-03-11 14:35:00

• Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices

  Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with

  2025-03-11 12:30:00

• Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

  In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is

  2025-03-11 11:25:00

• Steganography Explained: How XWorm Hides Inside Images

  Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal’s secret weapon for

  2025-03-11 10:30:00

• SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

  Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy

  2025-03-11 07:00:00

• Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches

  Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their

  2025-03-11 06:45:00

• CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore

  2025-03-11 03:58:00

• Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

  Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to

  2025-03-10 14:47:00

• Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links

  The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.

  2025-03-10 12:50:00

• Why The Modern Google Workspace Needs Unified Security

  The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different

  2025-03-10 11:00:00

• ⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact

  Cyber threats today don't just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our

  2025-03-10 09:46:00

• SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools

  A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services. Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware

  2025-03-10 04:12:00

• FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

  Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss

  2025-03-07 14:15:00

• Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide

  Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actors

  2025-03-07 13:05:00

• Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive

  Are you tired of dealing with outdated security tools that never seem to give you the full picture? You’re not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That’s why we’re excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both

  2025-03-07 11:35:00

• What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey

  Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared. Beyond fines, non-compliance exposes businesses to web skimming, third-party script attacks, and

  2025-03-07 11:00:00

• This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

  Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no longer available for download from the official registry. "Disguised as a simple utility for Python

  2025-03-07 09:51:00

• U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website

  A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex ("garantex[.]org"), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022. "The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney's

  2025-03-07 09:23:00

• Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

  Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts. The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to

  2025-03-07 05:40:00

• PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

  Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical

  2025-03-07 04:42:00

• Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

  Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25015, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. "Prototype pollution in Kibana leads to

  2025-03-06 12:33:00

• EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

  The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions," Outpost24 KrakenLabs said in a new report shared with The

  2025-03-06 12:15:00

• Outsmarting Cyber Threats with Attack Graphs

  Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths

  2025-03-06 12:14:00

• Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

  The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team shared with The Hacker News. The cybersecurity company is

  2025-03-06 12:01:00

• Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

  Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[

  2025-03-06 09:57:00

• U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations

  The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun

  2025-03-06 06:40:00

• China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

  The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking

  2025-03-05 15:44:00

• Defending against USB drive attacks with Wazuh

  USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on an organization's reputation. An example is the Stuxnet worm discovered in 2010, a malware designed to

  2025-03-05 14:08:00

• Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America

  The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the malware as loaded with a "full suite of espionage features." "It could upload files, capture screenshots

  2025-03-05 13:37:00

• Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

  Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information. "These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations," Google said. "And more phone calling scammers are using spoofing techniques to hide their real

  2025-03-05 13:20:00

• Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

  The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. "Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing

  2025-03-05 11:03:00

• Identity: The New Cybersecurity Battleground

  The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector

  2025-03-05 11:00:00

• Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

  Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers

  2025-03-05 07:07:00

• Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

  Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute

  2025-03-04 16:21:00

• VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

  Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with

  2025-03-04 14:13:00

• How New AI Agents Will Transform Credential Stuffing Attacks

  Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. Stolen credentials: The cyber criminal’s weapon of choice

  2025-03-04 11:00:00

• Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector

  Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out "fewer than five" entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano. The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October

  2025-03-04 09:58:00

• Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

  Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well as offer

  2025-03-04 09:01:00

• Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-20118 (CVSS score: 6.5) - A command injection

  2025-03-04 04:39:00

• Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

  Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb,"

  2025-03-04 04:07:00

• Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

  Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to

  2025-03-03 17:26:00

• Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

  Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known

  2025-03-03 14:00:00

• U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices

  The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range to surface recommendations

  2025-03-03 13:56:00

• Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks

  Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and

  2025-03-03 13:56:00

• ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

  This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky

  2025-03-03 11:58:00

• The New Ransomware Groups Shaking Up 2025

  In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year's total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95

  2025-03-03 11:00:00

• Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

  Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries and regions. As of February 25, 2025, India has

  2025-03-03 05:17:00

• Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

  Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It

  2025-03-01 08:00:00

• Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

  A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite," the international non-governmental

  2025-02-28 16:48:00

• RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

  Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment. But here’s the

  2025-02-28 14:23:00

• Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

  Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network (CDN) to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites. "The attacker uses SEO to trick victims into

  2025-02-28 13:49:00

• Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

  Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft's Azure OpenAI Service. The tech giant is

  2025-02-28 10:33:00

• 12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

  A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users. Truffle

  2025-02-28 10:24:00

• Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

  The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a "strong resemblance" to Awaken Likho (aka Core Werewolf, GamaCopy, and

  2025-02-28 09:36:00

• Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations

  A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related applications. "The sender claimed that the malicious file attached was a list of

  2025-02-27 15:36:00

• Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

  The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian state-owned telecom company Rostelecom. It's tracking the activity under the name Erudite Mogwai. The

  2025-02-27 13:50:00

• 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

  Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The “Enterprise GenAI Data Security Report 2025” by LayerX delivers unprecedented insights

  2025-02-27 13:05:00

• New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

  Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the

  2025-02-27 13:04:00

• PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

  A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors deploying a backdoor by leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042,

  2025-02-27 09:20:00

• Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers

  The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People's Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster

  2025-02-27 07:15:00

• Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

  A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

  2025-02-26 17:19:00

• Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts

  More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an

  2025-02-26 13:54:00

• SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent

  Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an

  2025-02-26 11:28:00

• New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems

  Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized

  2025-02-26 11:04:00

• Three Password Cracking Techniques and How to Defend Against Them

  Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to

  2025-02-26 10:56:00

• CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries

  The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT). The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is designed to target the

  2025-02-26 10:53:00

• Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

  Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing. "Although automslc, which has been

  2025-02-26 10:40:00

• CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control

  2025-02-26 04:33:00

• LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

  Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that's capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in

  2025-02-25 16:07:00

• Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

  Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.  The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape,

  2025-02-25 15:54:00

• 5 Active Malware Campaigns in Q1 2025

  The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments. NetSupport RAT Exploiting the ClickFix Technique In early 2025, threat actors began exploiting a technique

  2025-02-25 11:00:00

• 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

  A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point

  2025-02-25 10:22:00

• GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

  Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. "The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables

  2025-02-25 10:13:00

• FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

  Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday

  2025-02-25 05:51:00

• Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting

  2025-02-25 04:10:00

• New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

  Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025. A notable aspect of the stealer malware is the use of a technique called dead drop

  2025-02-24 16:58:00

• ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma

  Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you understand the changing threats in our digital world. ⚡ Threat of the Week Lazarus Group Linked to

  2025-02-24 11:20:00

• Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats

  Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers. The feature, currently in preview, coexists with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC)

  2025-02-24 11:17:00

• Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense

  Ransomware doesn’t hit all at once—it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it’s too late to stop the flood.  Each stage of a ransomware attack offers a small window to detect and stop the threat before it’s too late. The problem is

  2025-02-24 11:17:00

• Australia Bans Kaspersky Software Over National Security and Espionage Concerns

  Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns. "After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data,

  2025-02-24 09:57:00

• Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack

  Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.5 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated

  2025-02-22 06:59:00

• OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

  OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models, with the accounts in question using the AI company's models to generate detailed descriptions and analyze documents

  2025-02-22 05:17:00

• Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands

  Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its

  2025-02-21 16:15:00

• Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations

  An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order

  2025-02-21 16:06:00

• Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3

  The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant

  2025-02-21 13:03:00

• Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025

  In today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities. Join us for "

  2025-02-21 11:40:00

• AI-Powered Deception is a Menace to Our Societies

  Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said, ‘The first casualty is the truth.’  While these forms of communication

  2025-02-21 11:00:00

• Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

  Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple

  2025-02-21 07:38:00

• CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

  A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the

  2025-02-21 07:26:00

• North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware

  Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,

  2025-02-20 13:37:00

• China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

  A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a now-patched security flaw

  2025-02-20 11:21:00

• PCI DSS 4.0 Mandates DMARC By 31st March 2025

  The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary

  2025-02-20 11:21:00

• Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

  A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)

  2025-02-20 11:12:00

• Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now

  For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks

  2025-02-20 10:00:00

• Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

  Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0. It has been described as a case of improper privilege management that could

  2025-02-20 04:36:00

• Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

  Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "

  2025-02-20 04:29:00

• Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

  Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate 'linked devices' feature that enables Signal to be used on multiple

  2025-02-19 16:59:00

• New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

  A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links,

  2025-02-19 12:45:00

• The Ultimate MSP Guide to Structuring and Selling vCISO Services

  The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges

  2025-02-19 11:00:00

• Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

  Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of the campaign include individuals and

  2025-02-19 09:35:00

• CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS

  2025-02-19 04:48:00

• New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

  Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 (CVSS score: 6.8) - The

  2025-02-18 15:34:00

• Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

  The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,

  2025-02-18 15:09:00

• New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

  Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake

  2025-02-18 13:00:00

• Debunking the AI Hype: Inside Real Hacker Tactics

  Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a

  2025-02-18 12:20:00

• Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

  Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or

  2025-02-18 12:18:00

• Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

  The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41

  2025-02-18 09:52:00

• New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

  Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP

  2025-02-18 07:04:00

• Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

  Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to

  2025-02-18 05:26:00

• Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

  Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to

  2025-02-17 16:30:00

• South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

  South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains

  2025-02-17 11:36:00

• CISO's Expert Guide To CTEM And Why It Matters

  Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the face of evolving attacks. It also

  2025-02-17 11:00:00

• ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

  Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack

  2025-02-17 09:19:00

• New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

  Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis

  2025-02-17 09:04:00

• Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

  Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt

  2025-02-15 10:26:00

• New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

  Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report

  2025-02-14 18:42:00

• Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

  The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that's associated with a profile named "

  2025-02-14 18:28:00

• AI-Powered Social Engineering: Ancillary Tools and Techniques

  Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals' tactics.’ This article explores some of the impacts of this GenAI-fueled acceleration. And examines what

  2025-02-14 11:00:00

• Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

  Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas

  2025-02-14 10:27:00

• RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally

  The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors

  2025-02-14 10:17:00

• PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

  Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An

  2025-02-14 05:03:00

• Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners

  A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to

  2025-02-13 15:13:00

• North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks

  A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet

  2025-02-13 14:26:00

• Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams

  Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secure Deployments." This isn’t another tech talk full of buzzwords—it's a down-to-earth session that

  2025-02-13 12:25:00

• RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset

  An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had

  2025-02-13 11:58:00

• AI and Security - A New Puzzle to Figure Out

  AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security

  2025-02-13 11:00:00

• Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

  Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an

  2025-02-13 09:39:00

• FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

  Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,

  2025-02-13 09:11:00

• Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries

  A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the

  2025-02-12 17:02:00

• Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability

  Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All

  2025-02-12 14:04:00

• How to Steer AI Adoption: A CISO Guide

  CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings.  We’ve pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption—providing them with the

  2025-02-12 11:20:00

• North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

  The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a

  2025-02-12 10:43:00

• Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

  Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge

  2025-02-12 09:38:00

• Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

  Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy

  2025-02-12 05:57:00

• Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification

  Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for

  2025-02-11 15:13:00

• 4 Ways to Keep MFA From Becoming too Much of a Good Thing

  Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it’s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels

  2025-02-11 13:30:00

• Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

  Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical

  2025-02-11 11:52:00

• Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks

  Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS

  2025-02-11 11:25:00

• Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

  Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200 (CVSS score: 4.6), the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber

  2025-02-11 11:16:00

• Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

  Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn’t buy a car without knowing its

  2025-02-11 10:07:00

• Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

  Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download

  2025-02-11 09:55:00

• FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites

  Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor

  2025-02-11 07:03:00

• Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

  Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent

  2025-02-10 15:16:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

  In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question

  2025-02-10 12:13:00

• Don't Overlook These 6 Critical Okta Security Configurations

  Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for

  2025-02-10 11:00:00

• DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

  Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and

  2025-02-10 09:44:00

• Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

  Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting

  2025-02-10 09:09:00

• XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

  Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime

  2025-02-10 05:14:00

• Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

  Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "

  2025-02-08 06:17:00

• DeepSeek App Transmits Sensitive User and Device Data Without Encryption

  A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and

  2025-02-07 14:58:00

• CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could

  2025-02-07 12:52:00

• AI-Powered Social Engineering: Reinvented Threats

  The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks:

  2025-02-07 11:10:00

• Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks

  Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET

  2025-02-07 11:01:00

• India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud

  India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a

  2025-02-07 10:32:00

• Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware

  Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a

  2025-02-07 05:19:00

• Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

  Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles

  2025-02-06 14:34:00

• Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023

  Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined,

  2025-02-06 14:03:00

• SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

  A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets.  The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,

  2025-02-06 11:32:00

• The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

  Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner

  2025-02-06 11:20:00

• North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

  The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC). The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document.

  2025-02-06 11:05:00

• Top 3 Ransomware Threats Active in 2025

  You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get

  2025-02-06 11:00:00

• Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

  Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote

  2025-02-06 07:40:00

• Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign

  The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of

  2025-02-05 14:55:00

• Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

  Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public

  2025-02-05 13:03:00

• Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

  A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report

  2025-02-05 12:46:00

• New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

  Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code

  2025-02-05 12:16:00

• Navigating the Future: Key IT Vulnerability Management Trends 

  As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams

  2025-02-05 11:00:00

• AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

  A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems

  2025-02-05 09:40:00

• CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized

  2025-02-05 05:05:00

• Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

  Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to

  2025-02-04 14:16:00

• Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

  A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. "The vulnerability was

  2025-02-04 12:28:00

• North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

  The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or

  2025-02-04 12:11:00

• Watch Out For These 8 Cloud Security Shifts in 2025

  As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a

  2025-02-04 11:00:00

• Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

  Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks. "Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia. "DeepSeek

  2025-02-04 09:32:00

• AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

  A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local

  2025-02-04 08:58:00

• Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

  Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service

  2025-02-04 05:08:00

• Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

  Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead

  2025-02-04 04:51:00

• Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

  Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf

  2025-02-04 04:29:00

• 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

  As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before

  2025-02-03 13:57:00

• PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

  The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said. In doing so, the idea is to

  2025-02-03 12:30:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February]

  This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference.  Let’s take a

  2025-02-03 11:59:00

• Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

  Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week. The

  2025-02-03 11:39:00

• What Is Attack Surface Management?

  Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important. In this

  2025-02-03 11:00:00

• Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

  A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer. "Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a

  2025-02-03 05:30:00

• U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

  U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and

  2025-02-01 08:14:00

• BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

  BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged

  2025-02-01 06:40:00

• Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

  Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said it has reached

  2025-02-01 05:29:00

• Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

  Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. "These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jérôme Segura, senior

  2025-02-01 03:22:00

• CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA

  2025-01-31 13:10:00

• Top 5 AI-Powered Social Engineering Attacks

  Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

  2025-01-31 11:15:00

• Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

  Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wanted

  2025-01-31 11:04:00

• Google Bans 158,000 Malicious Android App Developer Accounts in 2024

  Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with

  2025-01-31 10:45:00

• Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

  Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin

  2025-01-31 05:49:00

• Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

  Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat

  2025-01-30 16:25:00

• Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

  An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a

  2025-01-30 13:15:00

• Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

  Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in

  2025-01-30 12:33:00

• SOC Analysts - Reimagining Their Role Using AI

  The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.

  2025-01-30 10:30:00

• DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

  Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal

  2025-01-30 10:09:00

• Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

  Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The

  2025-01-30 07:21:00

• New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

  A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor

  2025-01-30 06:41:00

• Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

  The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's

  2025-01-29 16:56:00

• AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts

  Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing

  2025-01-29 11:46:00

• New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

  A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the

  2025-01-29 10:49:00

• How Interlock Ransomware Infects Healthcare Organizations

  Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.  This breach shows just how deeply ransomware

  2025-01-29 10:30:00

• Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

  A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. "Due to a flaw in the multi-line SNMP result parser, authenticated users can inject

  2025-01-29 10:21:00

• UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

  The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063's operations, particularly documenting their expansion beyond their initial focus on Central Asia,

  2025-01-29 05:52:00

• Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

  Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. "A malicious user with network access may be able to use specially crafted SQL queries to gain database

  2025-01-29 05:29:00

• Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

  Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert

  2025-01-29 05:11:00

• PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

  A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so

  2025-01-28 16:34:00

• OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

  Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including

  2025-01-28 14:02:00

• AI SOC Analysts: Propelling SecOps into the future

  Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. Security

  2025-01-28 11:20:00

• Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations

  Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia

  2025-01-28 11:01:00

• How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

  While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them

  2025-01-28 10:30:00

• Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks

  DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in

  2025-01-28 10:16:00

• E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries

  The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said. Per the council decision, all the

  2025-01-28 10:16:00

• Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

  Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085 (CVSS scores: 7.3/7.8), has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to

  2025-01-28 03:23:00

• GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

  Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws

  2025-01-27 14:17:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]

  Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we'll equip you with sharp insights to

  2025-01-27 12:39:00

• Do We Really Need The OWASP NHI Top 10?

  The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.  Non-human identity security represents an emerging

  2025-01-27 11:20:00

• GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

  A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.

  2025-01-27 07:59:00

• MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

  Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"

  2025-01-27 07:16:00

• Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

  A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.  The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a

  2025-01-26 10:15:00

• RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

  A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,

  2025-01-24 12:58:00

• 2025 State of SaaS Backup and Recovery Report

  The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this

  2025-01-24 11:00:00

• DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

  The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions. The action targets Jin Sung-Il (진성일), Pak

  2025-01-24 09:53:00

• Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

  Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the

  2025-01-24 07:20:00

• CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

  2025-01-24 05:39:00

• Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

  An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn't expect to see

  2025-01-23 15:13:00

• Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

  Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at

  2025-01-23 15:00:00

• New Research: The State of Web Exposure 2025

  Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here. New research by web exposure management specialist Reflectiz reveals several

  2025-01-23 14:56:00

• Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

  Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.  "J-magic campaign marks the rare occasion of malware designed&

  2025-01-23 14:55:00

• Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

  An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are

  2025-01-23 14:00:00

• How to Eliminate Identity-Based Threats

  Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of

  2025-01-23 11:20:00

• SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

  SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the

  2025-01-23 10:24:00

• QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

  Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber Intelligence team told The Hacker News. "The BackConnect(s) in use were 'DarkVNC' alongside the IcedID

  2025-01-23 09:43:00

• Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

  Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This

  2025-01-23 06:21:00

• Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

  The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory

  2025-01-23 06:00:00

• TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

  Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th

  2025-01-23 05:35:00

• Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

  The recent decision by the Trump administration to terminate all memberships of advisory committees within the Department of Homeland Security (DHS) has significant implications for Company Executives

  2025-01-22 18:50:20

• Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

  Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some

  2025-01-22 13:53:00

• Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks

  As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have

  2025-01-22 10:31:00

• President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison

  U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending more than 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full

  2025-01-22 10:30:00

• PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

  A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper – a

  2025-01-22 08:49:00

• Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

  Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable

  2025-01-22 07:25:00

• Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

  Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated

  2025-01-22 06:19:00

• Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

  Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh

  2025-01-21 14:00:00

• 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

  A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This

  2025-01-21 12:46:00

• Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties

  A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to

  2025-01-21 10:52:00

• HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects

  Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest

  2025-01-21 10:30:00

• PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

  Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing

  2025-01-21 05:45:00

• CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

  The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to

  2025-01-21 05:27:00

• Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

  New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor

  2025-01-20 15:08:00

• DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

  The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the

  2025-01-20 14:53:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

  As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with

  2025-01-20 12:02:00

• Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

  Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting

  2025-01-20 11:10:00

• Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

  Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool

  2025-01-20 05:45:00

• TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025

  Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a pop-up message. "We're working to restore our service in the U.S. as soon as possible

  2025-01-19 05:24:00

• U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

  The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent

  2025-01-18 06:06:00

• Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

  Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker

  2025-01-17 14:08:00

• Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

  Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis. "These attacks

  2025-01-17 13:06:00

• How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

  Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,

  2025-01-17 10:21:00

• U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

  The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. "These

  2025-01-17 10:07:00

• New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

  Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting

  2025-01-17 10:07:00

• European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

  Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data

  2025-01-17 04:14:00

• Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign

  The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. "Star Blizzard's targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or international relations

  2025-01-16 18:12:00

• Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

  The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It's simply not built for today's fast-paced, hybrid environments. You need a

  2025-01-16 12:25:00

• The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

  You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as

  2025-01-16 11:30:00

• New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

  Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new

  2025-01-16 11:23:00

• Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

  Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a

  2025-01-16 11:20:00

• Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

  Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report

  2025-01-16 11:15:00

• Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

  Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named

  2025-01-16 06:45:00

• Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

  Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern instances of absolute path traversal that allow a remote

  2025-01-16 06:39:00

• Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

  Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages," Jérôme Segura, senior director of

  2025-01-15 15:48:00

• Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99

  The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat

  2025-01-15 15:37:00

• North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains

  Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker

  2025-01-15 13:32:00

• Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

  As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys,

  2025-01-15 12:26:00

• The High-Stakes Disconnect For ICS/OT Security

  Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT

  2025-01-15 11:30:00

• FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

  The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC

  2025-01-15 06:14:00

• 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

  Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344, CVSS score: 6.7), has not

  2025-01-15 05:15:00

• Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

  Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows -

  2025-01-15 05:10:00

• Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

  Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug

  2025-01-14 16:53:00

• Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

  New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said

  2025-01-14 16:38:00

• 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

  What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party

  2025-01-14 10:08:00

• Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions

  The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024. Huione Guarantee, part

  2025-01-14 09:29:00

• Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces

  Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm

  2025-01-14 09:13:00

• Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

  Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia's General Staff Main

  2025-01-14 09:10:00

• CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could

  2025-01-14 03:21:00

• Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

  A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in

  2025-01-13 13:33:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]

  The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead

  2025-01-13 12:05:00

• Ransomware on ESXi: The Mechanization of Virtualized Attacks

  In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the

  2025-01-13 11:30:00

• WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

  Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment

  2025-01-13 06:40:00

• Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems

  No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for command-and-control (C2). In partnership with the

  2025-01-13 06:01:00

• Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation

  Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant's Digital Crimes Unit (DCU) said it has observed the threat actors "develop

  2025-01-11 07:54:00

• DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering

  The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands' Financial Intelligence and Investigative Service, Finland's National Bureau of

  2025-01-11 06:45:00

• Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

  Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote

  2025-01-10 15:39:00

• Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs

  Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to

  2025-01-10 11:59:00

• AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

  Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "

  2025-01-10 11:58:00

• Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity

  Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks.

  2025-01-10 10:22:00

• RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns

  Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an

  2025-01-10 09:31:00

• CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

  Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said. "Victims are prompted to

  2025-01-10 09:09:00

• Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

  Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and

  2025-01-09 17:29:00

• New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption

  Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to

  2025-01-09 13:40:00

• Product Walkthrough: How Reco Discovers Shadow AI in SaaS

  As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a

  2025-01-09 11:55:00

• MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

  Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan's national

  2025-01-09 10:44:00

• Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

  Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join

  2025-01-09 10:44:00

• Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

  Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then

  2025-01-09 09:35:00

• Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

  Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2

  2025-01-09 07:13:00

• E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

  The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc's own data privacy regulations. The development marks the first time the Commission has been held liable for infringing stringent data protection laws in the region. The court determined that

  2025-01-09 07:13:00

• Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

  Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys

  2025-01-08 18:09:00

• Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

  Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques," Cyfirma said in a technical analysis published last week. "It employs

  2025-01-08 13:37:00

• Top 5 Malware Threats to Prepare Against in 2025

  2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter

  2025-01-08 11:02:00

• Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

  A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.

  2025-01-08 10:29:00

• FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance

  The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear

  2025-01-08 09:56:00

• CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker

  2025-01-08 04:21:00

• Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

  Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. "The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard

  2025-01-07 14:22:00

• Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

  It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to

  2025-01-07 11:50:00

• New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities

  Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. "The key

  2025-01-07 09:46:00

• CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it's working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts. "The security of federal systems and the data they

  2025-01-07 08:43:00

• Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers

  Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows - CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain

  2025-01-07 07:44:00

• India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements

  The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday. "Citizens are empowered with rights to demand data erasure,

  2025-01-06 14:26:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]

  Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks

  2025-01-06 12:05:00

• From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

  In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout

  2025-01-06 11:30:00

• FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices

  An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore – a popular app store in the Russian Federation,"

  2025-01-06 11:10:00

• Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages

  Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,

  2025-01-06 09:28:00

• Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

  A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The

  2025-01-04 14:29:00

• PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

  Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Mandiant Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had

  2025-01-04 07:52:00

• U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns

  The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or

  2025-01-04 07:30:00

• New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%

  Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and

  2025-01-03 11:14:00

• LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

  A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (

  2025-01-03 08:16:00

• Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption

  Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program

  2025-01-03 06:49:00

• Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations

  Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the

  2025-01-03 05:43:00

• Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

  Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML

  2025-01-02 12:53:00

• Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

  In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS

  2025-01-02 10:53:00

• Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

  Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user

  2025-01-02 07:45:00

• Three Russian-German Nationals Charged with Espionage for Russian Secret Service

  German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.

  2025-01-02 07:25:00

• New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

  Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.

  2025-01-01 13:24:00

• Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

  The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence

  2025-01-01 09:59:00

• New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

  The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA) to enhance cybersecurity in healthcare organizations.

  2024-12-31 18:31:59

• New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy

  The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our

  2024-12-31 11:26:00

• Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

  The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.  "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based

  2024-12-31 05:42:00

• Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

  Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators

  2024-12-31 04:35:00

• New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

  The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the

  2024-12-30 12:43:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [30 Dec]

  Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in

  2024-12-30 12:15:00

• When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

  News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in

  2024-12-30 10:40:00

• Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft

  A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to

  2024-12-29 17:54:00

• 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

  A high-severity flaw impacting select Four-Faith industrial routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it

  2024-12-28 06:25:00

• North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign

  North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into

  2024-12-27 17:42:00

• Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

  The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code," Kaspersky researcher Oleg

  2024-12-27 11:10:00

• Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

  Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions 10.2.8 and later or prior to 11.2.3. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS

  2024-12-27 07:34:00

• FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

  Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings

  2024-12-27 07:11:00

• Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

  The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java's

  2024-12-27 06:46:00

• Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

  A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S. Department of

  2024-12-26 14:42:00

• Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks

  Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if

  2024-12-25 13:45:00

• Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

  The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection

  2024-12-25 13:30:00

• Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

  The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first

  2024-12-25 10:24:00

• Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

  Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down.

  2024-12-24 13:22:00

• North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

  Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social

  2024-12-24 09:40:00

• CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that

  2024-12-24 09:25:00

• Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

  The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that

  2024-12-24 06:06:00

• AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

  Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers

  2024-12-23 13:48:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

  The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps.

  2024-12-23 12:14:00

• Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

  An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last

  2024-12-23 11:21:00

• Top 10 Cybersecurity Trends to Expect in 2025

  The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here’s a closer look at ten emerging challenges and threats set to shape the

  2024-12-23 09:37:00

• U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case

  Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. "The limited evidentiary record before the court does show that defendants' Pegasus code was sent through plaintiffs'

  2024-12-23 09:20:00

• Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations

  Italy's data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its service in violation of the European Union's General Data Protection Regulation (GDPR). The authority

  2024-12-23 06:42:00

• LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

  A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a

  2024-12-21 09:22:00

• Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

  The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are

  2024-12-20 10:44:00

• Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

  The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest

  2024-12-20 08:39:00

• Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

  Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -

  2024-12-20 08:13:00

• Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

  A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted

  2024-12-20 06:25:00

• CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that

  2024-12-20 04:30:00

• Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

  Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are

  2024-12-19 13:56:00

• Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

  Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai

  2024-12-19 13:37:00

• Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

  Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It was originally fixed by Fortinet back on August 18, 2023, but without a CVE designation. The list of supported FortiOS

  2024-12-19 10:31:00

• CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,

  2024-12-19 10:00:00

• Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

  The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data

  2024-12-19 09:26:00

• UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

  The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the

  2024-12-19 08:40:00

• HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft

  Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,

  2024-12-18 14:10:00

• Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

  Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS

  2024-12-18 13:36:00

• Not Your Old ActiveState: Introducing our End-to-End OS Platform

  Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the

  2024-12-18 11:55:00

• APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

  The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously

  2024-12-18 11:15:00

• ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

  Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK

  2024-12-18 10:30:00

• BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

  BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.

  2024-12-18 09:15:00

• INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

  INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming

  2024-12-18 09:10:00

• Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

  Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

  2024-12-18 05:43:00

• Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

  A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a

  2024-12-17 16:35:00

• Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

  A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the

  2024-12-17 14:11:00

• Even Great Companies Get Breached — Find Out Why and How to Stop It

  Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what’s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good

  2024-12-17 12:05:00

• Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

  A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint

  2024-12-17 11:07:00

• 5 Practical Techniques for Effective Cyber Threat Hunting

  Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are

  2024-12-17 10:52:00

• Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

  Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ

  2024-12-17 09:03:00

• The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

  A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets

  2024-12-17 06:55:00

• CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted

  2024-12-17 05:47:00

• DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

  Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over

  2024-12-16 14:22:00

• NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool

  A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the

  2024-12-16 12:45:00

• ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

  This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins

  2024-12-16 12:11:00

• Data Governance in DevOps: Ensuring Compliance in the AI Era

  With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes

  2024-12-16 11:00:00

• New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

  Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest

  2024-12-16 10:17:00

• New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

  Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (

  2024-12-16 09:09:00

• Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

  The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency,

  2024-12-16 06:44:00

• Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

  Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains

  2024-12-14 11:33:00

• Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

  Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not

  2024-12-14 10:16:00

• 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

  A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that

  2024-12-13 20:00:00

• Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

  A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the

  2024-12-13 16:48:00

• DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

  The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for

  2024-12-13 15:51:00

• Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

  Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable

  2024-12-13 11:44:00

• How to Generate a CrowdStrike RFM Report With AI in Tines

  Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their

  2024-12-13 11:30:00

• New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

  Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with

  2024-12-13 09:11:00

• FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

  The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox[.]ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested.

  2024-12-13 06:06:00

• Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

  Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API

  2024-12-12 14:24:00

• Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

  The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both

  2024-12-12 13:35:00

• Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

  Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

  2024-12-12 12:35:00

• SaaS Budget Planning Guide for IT Professionals

  SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.  In this article, we’ll break down this topic

  2024-12-12 11:30:00

• WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

  Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it

  2024-12-12 09:18:00

• Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

  A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and

  2024-12-12 06:15:00

• Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

  The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically

  2024-12-11 18:02:00

• New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

  A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "

  2024-12-11 15:13:00

• Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

  Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

  2024-12-11 14:32:00

• ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

  Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell

  2024-12-11 14:07:00

• Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

  Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as

  2024-12-11 11:02:00

• What is Nudge Security and How Does it Work?

  Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to

  2024-12-11 11:02:00

• Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

  A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team

  2024-12-11 11:00:00

• Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

  Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the

  2024-12-11 07:16:00

• U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

  The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been

  2024-12-11 06:29:00

• Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

  Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote

  2024-12-11 02:59:00

• Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

  Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom,

  2024-12-10 15:57:00

• Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

  Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report. "As part of their fraudulent hiring process, the

  2024-12-10 14:13:00

• The Future of Network Security: Automated Internal and External Pentesting

  In today’s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay

  2024-12-10 11:50:00

• Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

  Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash,

  2024-12-10 11:19:00

• Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

  A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, cybersecurity companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared with The Hacker News, adding

  2024-12-10 11:00:00

• Ongoing Phishing and Malware Campaigns in December 2024

  Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats.  Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems  The analyst

  2024-12-10 10:01:00

• CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

  The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022. "The phishing emails mimicked official messages

  2024-12-10 09:12:00

• Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

  The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7

  2024-12-09 17:44:00

• ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

  This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to

  2024-12-09 13:11:00

• Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

  Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print

  2024-12-09 11:55:00

• Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

  Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let’s look at seven ways to add

  2024-12-09 11:00:00

• Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

  A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysis

  2024-12-09 10:44:00

• Bluesky Faces Growing Pains: Malicious Moderators and DMCA Compliance Concerns Undermine Its Popularity

  Affected users indicate that certain moderators are abusing their administrative privileges, transferring handles from legitimate users to themselves.

  2024-12-09 00:10:10

• Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

  In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures

  2024-12-07 10:54:00

• Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

  Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes.

  2024-12-07 10:54:00

• Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

  Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company

  2024-12-07 08:18:00

• Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

  In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on

  2024-12-07 07:25:00

• FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

  A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto's Citizen Lab. "The spyware placed on his device allows the operator to track a target device's

  2024-12-06 16:15:00

• Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

  Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first

  2024-12-06 11:28:00

• Conquering the Complexities of Modern BCDR

  The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex IT ecosystems.

  2024-12-06 11:00:00

• More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

  The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on

  2024-12-06 08:22:00

• Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

  The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.

  2024-12-06 07:03:00

• This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

  As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro

  2024-12-05 15:58:00

• Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

  Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input

  2024-12-05 14:56:00

• Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

  Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices

  2024-12-05 14:55:00

• Want to Grow Vulnerability Management into Exposure Management? Start Here!

  Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management

  2024-12-05 12:46:00

• Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

  A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a

  2024-12-05 12:43:00

• Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

  A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally

  2024-12-05 11:00:00

• ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

  The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. "An interesting aspect of this campaign is the comeback of a backdoor

  2024-12-05 07:30:00

• NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

  The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks

  2024-12-05 05:47:00

• CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions

  2024-12-05 05:09:00

• Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities

  The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding

  2024-12-04 17:23:00

• Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

  Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted

  2024-12-04 12:20:00

• 7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

  Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and

  2024-12-04 11:50:00

• How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

  Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy

  2024-12-04 10:30:00

• Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

  Why does this news below matter to the average network engineer?

  2024-11-24 22:52:38

• Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

  What does this mean for the average Linux user?

  2024-11-23 04:43:27