🚨 A previously unknown group, GamaCopy, is copying the Gamaredon hacking group’s playbook in its attacks on Russian-speaking entities.

GamaCopy uses military-themed lures to deploy UltraVNC, gaining remote access to compromised systems.

Learn more: https://thehackernews.com/2025/01/gamacopy-mimics-gamaredon-tactics-in.html

🔒 OWASP’s new NHI Top 10 shines a spotlight on machine identities—API keys, service accounts, SSH keys, and more—now prime targets for attackers.

NHIs are critical connectivity enablers for services, data, and AI agents. These identities are misconfigured, over-privileged, and often misused, creating major risks.

Practice least-privilege access for all NHIs in your environment.

👉 Read the full guide: https://thehackernews.com/2025/01/do-we-really-need-owasp-nhi-top-10.html

🚨 Webinar Alert: Best Practices for Access Management in 2025

Struggling to manage user access in a way that meets the latest security standards while working within a tight budget? If you're a Google Workspace user, you're in luck

Did you know that you can configure any access-related process — provisioning roles, deprovisioning users, and conducting regular audits — using native Google Workspace capabilities? Plus a little automation!

Join us for an exclusive webinar where we’ll explore:
✅ The Top 5 Access Control Trends you need to know for 2025
✅ How to build an automation for role-based access provisioning in Google Workspace in just 5 minutes
✅ How to automate workflows for offboarding users, scheduled audits (and add this advanced project completion to your CV 💪)

📅 When: January 30

🎯 This webinar is perfect for IT teams looking to boost data security, ensure compliance, and maximize the value of their Google Workspace environment.

🔗 Register Now: https://thn.news/google-workspace-access-2025

🚨 Alert — GitHub Desktop & GitHub projects have critical vulnerabilities that can expose your credentials to attackers.

🔑 CVE-2024-53263 – Git LFS leaks credentials via crafted URLs.
⚡ CVE-2024-50338 – GitHub CLI sends tokens to attacker-controlled hosts.

Attackers can use this to gain unauthorized access to your private repositories.

🔗 Read full details: https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html

🛑 Urgent: Apple has released a software update to patch a zero-day vulnerability (CVE-2025-24085) actively exploited in the wild, affecting iPhones, iPads, Macs, Apple TVs, and more.

This flaw could allow malicious apps to escalate privileges and take control of your device.

👉 Read: https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html

🚨 DeepSeek, an AI startup that became insanely popular overnight, is disrupting OpenAI’s dominance.

However, the company is now facing cyberattacks, forcing it to temporarily pause new signups to protect its services.

Explore the full story: https://thehackernews.com/2025/01/top-rated-chinese-ai-app-deepseek.html

🚨 UPDATE: PoC Released for CVE-2024-55591, a vulnerability in the jsconsole functionality that could allow attackers to add a new administrative account.

Nearly 45,000 hosts remain vulnerable as of January 27, 2025.

Read: https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html

🛑 Three Russian GRU officers are sanctioned for carrying out malicious cyber activities against Estonia.

Breach affected Estonia’s Foreign Affairs, Economic Affairs, and Health Ministries.

👉 Read more on the full story: https://thehackernews.com/2025/01/eu-sanctions-3-russian-nationals-for.html

🔑 Is Your Password Hash Secure Enough? Modern attackers use GPU-powered tools to crack even long, complex passwords protected by weak algorithms.

Don’t leave your passwords exposed. Discover how to defeat password-cracking tools and protect your accounts: https://thehackernews.com/2025/01/how-long-does-it-take-hackers-to-crack.html

🚨 ALERT: Cybercriminals are hijacking ESXi systems to tunnel traffic and remain hidden on networks for extended periods.

Native tools like SSH allow attackers to blend in with legitimate traffic, bypassing detection and making it nearly impossible to spot them.

Read: https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html

The #1 threat to technical work at scale is poor communication.

A study conducted by Harvard University, the Carnegie Foundation, and Stanford Research Center found that 85% of job success comes from soft skills (such as people skills), whereas only 15% stems from hard skills (such as technical capabilities).

Soft skills can distinguish you to help preserve or even further your career, but if they’re not developed, they can create a ceiling over your growth.

Whether sharing status updates on a virtual standup meeting or delivering a keynote tech talk at an in-person conference, how you communicate your work can either fuel its growth or snuff out its success.

If you’re looking to improve your communication and presentation skills, look no further than the new book, Luminary: Master the Art and Science of Storytelling for Technical Professionals.

Learn more about the book and how it can help you and your work advance here: https://thn.news/storytelling-technical-professionals

⚔️ Prepare for battle. Defend your network. Master your craft.

At SANS live training events, you'll:
✅ Train with cybersecurity legends
✅ Get hands-on with real-world threats
✅ Build your future with certifications

🎯 Find your next event: 👉 https://thn.news/sans-training-tel

#SANSLiveTraining #SANS

🚨 Cybersecurity experts discovered a flaw in a popular travel service that let hackers hijack accounts with a simple click.

Attackers could impersonate victims, book travel, and even use loyalty points!

Learn how: https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html

⚠️ A new phishing email campaign is taking over Poland & Germany, using fake order receipts to infect machines with Agent Tesla, Snake Keylogger, and TorNet malware.

Read the full story: https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html

🔒 SOCs Drowning in Alerts? AI-powered SOC Analysts now triage & investigate within MINUTES!

Speed, accuracy, and efficiency—ALL in one solution, reducing breach impact and costs.

Find out how AI is transforming SOCs: https://thehackernews.com/2025/01/ai-soc-analysts-propelling-secops-into.html

🚨 URGENT: Critical Zero-Day Alert!

Thousands of Zyxel CPE devices are being actively exploited by attackers. Over 1,500 devices exposed globally.

⤷ Limit admin access
⤷ Filter traffic for unusual requests

🔗 Read: https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html

🚨 WATCH OUT: A new vulnerability, CVE-2025-22217, in VMware Avi Load Balancer could give attackers full access to your databases!

No workarounds—only updates will protect you.

Running affected versions? Learn more: https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html

🛑 UAC-0063 has been using stolen documents from Kazakhstan’s Ministry of Foreign Affairs to spear-phish targets and deploy HATVIBE malware.

👉 Read the full details on UAC-0063’s evolving tactics: https://thehackernews.com/2025/01/uac-0063-expands-cyber-attacks-to.html

⚠️ A critical flaw (CVE-2025-22604) in Cacti could lead to remote code execution. If exploited, authenticated attackers could steal or manipulate sensitive data.

Patch to version 1.2.29 to fix this flaw and protect your systems.

Learn more: https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html

🚨 Apple Silicon CPUs hit by 2 new vulnerabilities: SLAP & FLOP

These attacks target Load Address and Load Value Predictors in Apple CPUs, risking exposure of your:

⤷ Location history
⤷ Calendar events
⤷ Sensitive data

🔗 Read: https://thehackernews.com/2025/01/new-slap-flop-attacks-expose-apple-m.html