🚨 5 indicted in a major North Korean IT worker scam targeting U.S. companies!

⤷ $866,000 funneled through shell accounts
⤷ Remote laptop farms deceived employers into hiring fake workers
⤷ One suspect arrested, others face up to 20 years in prison

👉 Learn More: https://thehackernews.com/2025/01/doj-indicts-5-individuals-for-866k.html

🛑 Over 100 Vulnerabilities in LTE & 5G Discovered.

These flaws could give hackers a backdoor into cellular networks—disrupting communications at a city-wide level.

⤷ Attacks on phone calls, messaging, and data.
⤷ Exploiting buffer overflows and memory errors.
⤷ Non-authenticated mobile devices can exploit these flaws.

Read the full details: https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html

Learn cybersecurity risk management from the experts at Georgetown. Attend our webinar on February 6.

https://thn.news/cyber-risk-mgmt-ig

🔑 Only 14% of Organizations Can Recover SaaS Data in MINUTES!

The rest? It takes hours, or even days—putting compliance and productivity at serious risk.

Lost time = lost revenue.

🔐 Find out how to level up your data resilience in the 2025 SaaS Backup and Recovery Report: https://thehackernews.com/2025/01/insights-from-2025-saas-backup-and-recovery-report.html

⚠️ Critical Flaw in Meta’s AI Stack!

Meta's Llama AI framework is vulnerable to remote code execution through insecure deserialization.

How it works: Attacker sends crafted data to execute malicious code.

Read this article: https://thehackernews.com/2025/01/metas-llama-framework-flaw-exposes-ai.html

🚨 Cybersecurity Alert: A new malware loader, MintsLoader, is wreaking havoc across critical industries like energy & legal sectors.

⚠️ Delivered via spam links → JScript file → MintsLoader

🔗 Read analysis of this attack chain: https://thehackernews.com/2025/01/mintsloader-delivers-stealc-malware-and.html

🚨 A previously unknown group, GamaCopy, is copying the Gamaredon hacking group’s playbook in its attacks on Russian-speaking entities.

GamaCopy uses military-themed lures to deploy UltraVNC, gaining remote access to compromised systems.

Learn more: https://thehackernews.com/2025/01/gamacopy-mimics-gamaredon-tactics-in.html

🔒 OWASP’s new NHI Top 10 shines a spotlight on machine identities—API keys, service accounts, SSH keys, and more—now prime targets for attackers.

NHIs are critical connectivity enablers for services, data, and AI agents. These identities are misconfigured, over-privileged, and often misused, creating major risks.

Practice least-privilege access for all NHIs in your environment.

👉 Read the full guide: https://thehackernews.com/2025/01/do-we-really-need-owasp-nhi-top-10.html

🚨 Webinar Alert: Best Practices for Access Management in 2025

Struggling to manage user access in a way that meets the latest security standards while working within a tight budget? If you're a Google Workspace user, you're in luck

Did you know that you can configure any access-related process — provisioning roles, deprovisioning users, and conducting regular audits — using native Google Workspace capabilities? Plus a little automation!

Join us for an exclusive webinar where we’ll explore:
✅ The Top 5 Access Control Trends you need to know for 2025
✅ How to build an automation for role-based access provisioning in Google Workspace in just 5 minutes
✅ How to automate workflows for offboarding users, scheduled audits (and add this advanced project completion to your CV 💪)

📅 When: January 30

🎯 This webinar is perfect for IT teams looking to boost data security, ensure compliance, and maximize the value of their Google Workspace environment.

🔗 Register Now: https://thn.news/google-workspace-access-2025

🚨 Alert — GitHub Desktop & GitHub projects have critical vulnerabilities that can expose your credentials to attackers.

🔑 CVE-2024-53263 – Git LFS leaks credentials via crafted URLs.
⚡ CVE-2024-50338 – GitHub CLI sends tokens to attacker-controlled hosts.

Attackers can use this to gain unauthorized access to your private repositories.

🔗 Read full details: https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html

🛑 Urgent: Apple has released a software update to patch a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more.

This flaw could allow malicious apps to escalate privileges and take control of your device.

👉 Read: https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html

🚨 DeepSeek, an AI startup that became insanely popular overnight, is disrupting OpenAI’s dominance.

However, the company is now facing cyberattacks, forcing it to temporarily pause new signups to protect its services.

Explore the full story: https://thehackernews.com/2025/01/top-rated-chinese-ai-app-deepseek.html

🚨 UPDATE: PoC Released for CVE-2024-55591, a vulnerability in the jsconsole functionality that could allow attackers to add a new administrative account.

Nearly 45,000 hosts remain vulnerable as of January 27, 2025.

Read: https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html

🛑 Three Russian GRU officers are sanctioned for carrying out malicious cyber activities against Estonia.

Breach affected Estonia’s Foreign Affairs, Economic Affairs, and Health Ministries.

👉 Read more on the full story: https://thehackernews.com/2025/01/eu-sanctions-3-russian-nationals-for.html

🔑 Is Your Password Hash Secure Enough? Modern attackers use GPU-powered tools to crack even long, complex passwords protected by weak algorithms.

Don’t leave your passwords exposed. Discover how to defeat password-cracking tools and protect your accounts: https://thehackernews.com/2025/01/how-long-does-it-take-hackers-to-crack.html

🚨 ALERT: Cybercriminals are hijacking ESXi systems to tunnel traffic and remain hidden on networks for extended periods.

Native tools like SSH allow attackers to blend in with legitimate traffic, bypassing detection and making it nearly impossible to spot them.

Read: https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html

The #1 threat to technical work at scale is poor communication.

A study conducted by Harvard University, the Carnegie Foundation, and Stanford Research Center found that 85% of job success comes from soft skills (such as people skills), whereas only 15% stems from hard skills (such as technical capabilities).

Soft skills can distinguish you to help preserve or even further your career, but if they’re not developed, they can create a ceiling over your growth.

Whether sharing status updates on a virtual standup meeting or delivering a keynote tech talk at an in-person conference, how you communicate your work can either fuel its growth or snuff out its success.

If you’re looking to improve your communication and presentation skills, look no further than the new book, Luminary: Master the Art and Science of Storytelling for Technical Professionals.

Learn more about the book and how it can help you and your work advance here: https://thn.news/storytelling-technical-professionals

⚔️ Prepare for battle. Defend your network. Master your craft.

At SANS live training events, you'll:
✅ Train with cybersecurity legends
✅ Get hands-on with real-world threats
✅ Build your future with certifications

🎯 Find your next event: 👉 https://thn.news/sans-training-tel

#SANSLiveTraining #SANS

🚨 Cybersecurity experts discovered a flaw in a popular travel service that let hackers hijack accounts with a simple click.

Attackers could impersonate victims, book travel, and even use loyalty points!

Learn how: https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html

⚠️ A new phishing email campaign is taking over Poland & Germany, using fake order receipts to infect machines with Agent Tesla, Snake Keylogger, and TorNet malware.

Read the full story: https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html

🔒 SOCs Drowning in Alerts? AI-powered SOC Analysts now triage & investigate within MINUTES!

Speed, accuracy, and efficiency—ALL in one solution, reducing breach impact and costs.

Find out how AI is transforming SOCs: https://thehackernews.com/2025/01/ai-soc-analysts-propelling-secops-into.html