Googleβs OAuth login exposes a critical vulnerability, allowing attackers to access old employee accounts simply by purchasing a defunct domain from a failed startup.
Learn how this vulnerability could affect your organization: https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html
Learn how this vulnerability could affect your organization: https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html
π16π±9π5π€―5π2
π New macOS flaw (CVE-2024-44243) discovered!
Attackers could have bypassed crucial protections to install persistent malware and rootkits, potentially letting them take full control of your system.
Explore the details: https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html
Attackers could have bypassed crucial protections to install persistent malware and rootkits, potentially letting them take full control of your system.
Explore the details: https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html
π₯13π6π±6π1
π¨ UPDATE: Fortinet Confirms Critical Zero-Day π¨
CVE-2024-55591 in FortiOS & FortiProxy (CVSS 9.6) allows attackers to gain super-admin access & hijack firewalls.
Affected versions: FortiOS 7.0.0-7.0.16 & FortiProxy 7.0.0-7.2.12.
Upgrade now to 7.0.17+ or 7.0.20+ to mitigate risk.
https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html
CVE-2024-55591 in FortiOS & FortiProxy (CVSS 9.6) allows attackers to gain super-admin access & hijack firewalls.
Affected versions: FortiOS 7.0.0-7.0.16 & FortiProxy 7.0.0-7.2.12.
Upgrade now to 7.0.17+ or 7.0.20+ to mitigate risk.
https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html
π₯29π17β‘6π2
π΄ Critical Alert: Microsoft has just released a massive patch for 161 vulnerabilities across its software, including 3 zero-day flaws that have been actively exploited.
β€· CVE-2025-21333
β€· CVE-2025-21334
β€· CVE-2025-21335
Patch now: https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
β€· CVE-2025-21333
β€· CVE-2025-21334
β€· CVE-2025-21335
Patch now: https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
π28π₯18π6π3β‘2
π¨ Critical Flaws Discovered in SimpleHelp Software!
An attacker could exploit these flaws to execute remote code, steal sensitive data, and bring your entire system down.
β Action required NOW:
β€· SimpleHelp has released critical patches.
β€· Change admin passwords immediately.
β€· Restrict logins to trusted IP addresses.
Read: https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html
An attacker could exploit these flaws to execute remote code, steal sensitive data, and bring your entire system down.
β Action required NOW:
β€· SimpleHelp has released critical patches.
β€· Change admin passwords immediately.
β€· Restrict logins to trusted IP addresses.
Read: https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html
π7β‘3π₯3π€2
π₯ FBI removes PlugX malware from 4,250+ compromised computers.
$7 β thatβs all it took for the FBI to sink a hacker-controlled server and trigger a "self-delete" command.
Learn more: https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html
$7 β thatβs all it took for the FBI to sink a hacker-controlled server and trigger a "self-delete" command.
Learn more: https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html
β‘23π7π4π₯1
π¨ Six critical security flaws disclosed in Rsync could allow attackers to execute arbitrary code on clients.
Any server with a public mirror could be exploited, putting SSH keys and other critical files at risk.
Read the full advisory: https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html
Any server with a public mirror could be exploited, putting SSH keys and other critical files at risk.
Read the full advisory: https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html
π₯15π8π€―4
β οΈ Cyber-attacks on ICS/OT are escalatingβAre YOU prepared?
β€· ICS/OT security demands custom strategies, not IT playbooks.
β€· Cyber-attacks are growing, threatening power grids, water systems, and more.
π Check out the SANS Five ICS/OT Cybersecurity Critical Controls: https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html
β€· ICS/OT security demands custom strategies, not IT playbooks.
β€· Cyber-attacks are growing, threatening power grids, water systems, and more.
π Check out the SANS Five ICS/OT Cybersecurity Critical Controls: https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html
π11π€2π₯1
π North Korean hackers behind IT worker fraud linked to 2016 crowdfunding scam!
These attacks arenβt slowing down. With DPRK-backed groups like Lazarus leading crypto thefts, the scale of cybercrime has reached alarming levels.
π Read the full report: https://thehackernews.com/2025/01/north-korean-it-worker-fraud-linked-to.html
These attacks arenβt slowing down. With DPRK-backed groups like Lazarus leading crypto thefts, the scale of cybercrime has reached alarming levels.
π Read the full report: https://thehackernews.com/2025/01/north-korean-it-worker-fraud-linked-to.html
π24π₯2π€2
π΄ Warning: North Koreaβs Lazarus Group is targeting Web3 and cryptocurrency developers!
Fake recruiters on LinkedIn are tricking developers with βcoding projectsβ that lead to malware.
π Learn more about their tactics: https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html
Fake recruiters on LinkedIn are tricking developers with βcoding projectsβ that lead to malware.
π Learn more about their tactics: https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html
π17π₯10β‘3
π§ A new malvertising campaign is targeting businesses by stealing Google Ads credentials! Hereβs how it works:
β€· Ads that look legitimate lead to fraudulent login pages.
β€· Phishers steal 2FA codes and credentials.
β€· The goal? Hijack Google Ads accounts to run fraudulent ads.
π Read more here: https://thehackernews.com/2025/01/google-ads-users-targeted-in.html
β€· Ads that look legitimate lead to fraudulent login pages.
β€· Phishers steal 2FA codes and credentials.
β€· The goal? Hijack Google Ads accounts to run fraudulent ads.
π Read more here: https://thehackernews.com/2025/01/google-ads-users-targeted-in.html
π17π±7π₯5β‘4π€―2
π¨ URGENT: A Python-based backdoor is now used in RansomHub ransomware attacks after initial access via a fake browser update.
π
Want to learn more? Read: https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html
π
Want to learn more? Read: https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html
β‘13π2π₯2
π¨ Ivanti has released urgent security updates to fix four critical vulnerabilities affecting EPM, Avalanche, and Application Control Engine. These flaws have been rated 9.8/10 on the CVSS scale, and if left unpatched, could allow remote attackers to leak sensitive data.
Learn more: https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html
Learn more: https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html
β‘9π6π₯1
π¨ New phishing campaigns are using hidden code in images to deploy VIP Keylogger and 0bj3ctivity Stealer.
From the email to a PowerShell script to a .NET loaderβeverything is designed to bypass defenses.
π Find out more about this rising threat: https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html
From the email to a PowerShell script to a .NET loaderβeverything is designed to bypass defenses.
π Find out more about this rising threat: https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html
β‘14π4π₯1
π A new flaw (CVE-2024-7344) in UEFI systems has been discovered, letting attackers run unsigned code during system bootβeven with Secure Boot enabled.
Read more β‘οΈ https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html
Read more β‘οΈ https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html
π€―26π8β‘5π4π₯2π±2
π΄ NTLMv1 Not Dead Yet!
Researchers uncover that a misconfiguration in on-premise apps can easily bypass Active Directoryβs Group Policy meant to disable NTLMv1 authentication.
Learn How: https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html
Researchers uncover that a misconfiguration in on-premise apps can easily bypass Active Directoryβs Group Policy meant to disable NTLMv1 authentication.
Learn How: https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html
π15π±7β‘3π1
π Stolen credentials are responsible for 80% of web app breaches in 2023-2024!
β€· Infostealer malware is fueling this rise, with credentials being sold for as little as $10.
β€· Even large companies with high security budgets are falling victim.
Learn how to tackle stolen credentials before they destroy your organizationβs security.
π Full article here: https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html
β€· Infostealer malware is fueling this rise, with credentials being sold for as little as $10.
β€· Even large companies with high security budgets are falling victim.
Learn how to tackle stolen credentials before they destroy your organizationβs security.
π Full article here: https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html
π14π1
π¨ Traditional trust management is failing in todayβs digital world. As IoT devices explode, certificates pile up, and compliance rules tighten, how are you keeping up?
π The solution? DigiCert ONE!
β€· Centralized trust management for devices, users, and workloads
β€· Automated security for hybrid environments
β€· Stress-free compliance
π‘Why it matters: The speed of digital transformation means old solutions just wonβt cut it anymore. You need real-time, automated security.
π Want to see how it works? Register for our free webinar now: https://thehackernews.com/2025/01/ready-to-simplify-trust-management-join.html
π The solution? DigiCert ONE!
β€· Centralized trust management for devices, users, and workloads
β€· Automated security for hybrid environments
β€· Stress-free compliance
π‘Why it matters: The speed of digital transformation means old solutions just wonβt cut it anymore. You need real-time, automated security.
π Want to see how it works? Register for our free webinar now: https://thehackernews.com/2025/01/ready-to-simplify-trust-management-join.html
π17π₯3π1
β‘ A major shift in attack tactics β Star Blizzard, previously known as SEABORGIUM, is now exploiting WhatsApp accounts through a spear-phishing campaign.
β€· Primary targets: Diplomats, Ukraine supporters, and defense officials.
β€· Once clicked, hackers gain access to WhatsApp messages and data.
Learn more: https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html
β€· Primary targets: Diplomats, Ukraine supporters, and defense officials.
β€· Once clicked, hackers gain access to WhatsApp messages and data.
Learn more: https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html
π14π±5π₯1π1
π Alert : TikTok, SHEIN, AliExpress, and others accused of violating EU data laws by sending user data to China.
Privacy Group noyb demands suspension of data flows.
Find out more: https://thehackernews.com/2025/01/european-privacy-group-sues-tiktok-and.html
Privacy Group noyb demands suspension of data flows.
Find out more: https://thehackernews.com/2025/01/european-privacy-group-sues-tiktok-and.html
π35π20π±10π7π€―7π€5π₯3