🚨 Russian cyber attackers are actively targeting Kazakhstan’s Ministry of Foreign Affairs—this isn't just a cyber attack; it’s an espionage campaign to steal sensitive political and economic data.

The attackers use infected Microsoft Office docs to bypass security and deploy powerful malware like HATVIBE—designed to remain undetected.

Learn more: https://thehackernews.com/2025/01/russian-linked-hackers-target.html

🚨 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored in 2025!

🚀 200 new SaaS accounts/month for 100 employees—each a potential breach point.
🎯 50% of breaches target SaaS apps.
🤖 Unmanaged GenAI tools pose huge security risks.
⚖️ Weak SaaS security = GDPR/CCPA violations.
Securing your SaaS is no longer optional!

👉 Learn how to protect your SaaS environment now: https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html

📣 Tomorrow! Join a live webinar on AI security. Explore how agentic systems are reshaping traditional DevSecOps practices and discover top AI security use cases in today’s enterprises.

Join James Berthoty, Ron Bitton, and Dor Sarig for an in-depth discussion on agentic-related risks and a 2025 forecast. Don’t miss out!

📅 Wednesday, January 15th, 11:30am ET
👉 Register here: https://thn.news/ai-security-navigating

Google’s OAuth login exposes a critical vulnerability, allowing attackers to access old employee accounts simply by purchasing a defunct domain from a failed startup.

Learn how this vulnerability could affect your organization: https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html

🔓 New macOS flaw (CVE-2024-44243) discovered!

Attackers could have bypassed crucial protections to install persistent malware and rootkits, potentially letting them take full control of your system.

Explore the details: https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html

🚨 UPDATE: Fortinet Confirms Critical Zero-Day 🚨

CVE-2024-55591 in FortiOS & FortiProxy (CVSS 9.6) allows attackers to gain super-admin access & hijack firewalls.

Affected versions: FortiOS 7.0.0-7.0.16 & FortiProxy 7.0.0-7.2.12.

Upgrade now to 7.0.17+ or 7.0.20+ to mitigate risk.

https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html

🔴 Critical Alert: Microsoft has just released a massive patch for 161 vulnerabilities across its software, including 3 zero-day flaws that have been actively exploited.

⤷ CVE-2025-21333
⤷ CVE-2025-21334
⤷ CVE-2025-21335

Patch now: https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html

🚨 Critical Flaws Discovered in SimpleHelp Software!

An attacker could exploit these flaws to execute remote code, steal sensitive data, and bring your entire system down.

✅ Action required NOW:
⤷ SimpleHelp has released critical patches.
⤷ Change admin passwords immediately.
⤷ Restrict logins to trusted IP addresses.

Read: https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html

🔥 FBI removes PlugX malware from 4,250+ compromised computers.

$7 — that’s all it took for the FBI to sink a hacker-controlled server and trigger a "self-delete" command.

Learn more: https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html

🚨 Six critical security flaws disclosed in Rsync could allow attackers to execute arbitrary code on clients.

Any server with a public mirror could be exploited, putting SSH keys and other critical files at risk.

Read the full advisory: https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html

⚠️ Cyber-attacks on ICS/OT are escalating—Are YOU prepared?

⤷ ICS/OT security demands custom strategies, not IT playbooks.
⤷ Cyber-attacks are growing, threatening power grids, water systems, and more.

👉 Check out the SANS Five ICS/OT Cybersecurity Critical Controls: https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html

🔒 North Korean hackers behind IT worker fraud linked to 2016 crowdfunding scam!

These attacks aren’t slowing down. With DPRK-backed groups like Lazarus leading crypto thefts, the scale of cybercrime has reached alarming levels.

🔗 Read the full report: https://thehackernews.com/2025/01/north-korean-it-worker-fraud-linked-to.html

🔴 Warning: North Korea’s Lazarus Group is targeting Web3 and cryptocurrency developers!

Fake recruiters on LinkedIn are tricking developers with “coding projects” that lead to malware.

👉 Learn more about their tactics: https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html

🧐 A new malvertising campaign is targeting businesses by stealing Google Ads credentials! Here’s how it works:

⤷ Ads that look legitimate lead to fraudulent login pages.
⤷ Phishers steal 2FA codes and credentials.
⤷ The goal? Hijack Google Ads accounts to run fraudulent ads.

🔗 Read more here: https://thehackernews.com/2025/01/google-ads-users-targeted-in.html

🚨 URGENT: A Python-based backdoor is now used in RansomHub ransomware attacks after initial access via a fake browser update.
👇
Want to learn more? Read: https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html

🚨 Ivanti has released urgent security updates to fix four critical vulnerabilities affecting EPM, Avalanche, and Application Control Engine. These flaws have been rated 9.8/10 on the CVSS scale, and if left unpatched, could allow remote attackers to leak sensitive data.

Learn more: https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html

🚨 New phishing campaigns are using hidden code in images to deploy VIP Keylogger and 0bj3ctivity Stealer.

From the email to a PowerShell script to a .NET loader—everything is designed to bypass defenses.

🔗 Find out more about this rising threat: https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html

🔒 A new flaw (CVE-2024-7344) in UEFI systems has been discovered, letting attackers run unsigned code during system boot—even with Secure Boot enabled.

Read more ➡️ https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html

🔴 NTLMv1 Not Dead Yet!

Researchers uncover that a misconfiguration in on-premise apps can easily bypass Active Directory’s Group Policy meant to disable NTLMv1 authentication.

Learn How: https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html

🔑 Stolen credentials are responsible for 80% of web app breaches in 2023-2024!

⤷ Infostealer malware is fueling this rise, with credentials being sold for as little as $10.
⤷ Even large companies with high security budgets are falling victim.

Learn how to tackle stolen credentials before they destroy your organization’s security.

🔗 Full article here: https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html

🚨 Traditional trust management is failing in today’s digital world. As IoT devices explode, certificates pile up, and compliance rules tighten, how are you keeping up?

🔑 The solution? DigiCert ONE!
⤷ Centralized trust management for devices, users, and workloads
⤷ Automated security for hybrid environments
⤷ Stress-free compliance

💡Why it matters: The speed of digital transformation means old solutions just won’t cut it anymore. You need real-time, automated security.

📅 Want to see how it works? Register for our free webinar now: https://thehackernews.com/2025/01/ready-to-simplify-trust-management-join.html