🔒 A new flaw (CVE-2024-7344) in UEFI systems has been discovered, letting attackers run unsigned code during system boot—even with Secure Boot enabled.

Read more ➡️ https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html

🔴 NTLMv1 Not Dead Yet!

Researchers uncover that a misconfiguration in on-premise apps can easily bypass Active Directory’s Group Policy meant to disable NTLMv1 authentication.

Learn How: https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html

🔑 Stolen credentials are responsible for 80% of web app breaches in 2023-2024!

⤷ Infostealer malware is fueling this rise, with credentials being sold for as little as $10.
⤷ Even large companies with high security budgets are falling victim.

Learn how to tackle stolen credentials before they destroy your organization’s security.

🔗 Full article here: https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html

🚨 Traditional trust management is failing in today’s digital world. As IoT devices explode, certificates pile up, and compliance rules tighten, how are you keeping up?

🔑 The solution? DigiCert ONE!
⤷ Centralized trust management for devices, users, and workloads
⤷ Automated security for hybrid environments
⤷ Stress-free compliance

💡Why it matters: The speed of digital transformation means old solutions just won’t cut it anymore. You need real-time, automated security.

📅 Want to see how it works? Register for our free webinar now: https://thehackernews.com/2025/01/ready-to-simplify-trust-management-join.html

⚡ A major shift in attack tactics – Star Blizzard, previously known as SEABORGIUM, is now exploiting WhatsApp accounts through a spear-phishing campaign.

⤷ Primary targets: Diplomats, Ukraine supporters, and defense officials.
⤷ Once clicked, hackers gain access to WhatsApp messages and data.

Learn more: https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html

🛑 Alert : TikTok, SHEIN, AliExpress, and others accused of violating EU data laws by sending user data to China.

Privacy Group noyb demands suspension of data flows.

Find out more: https://thehackernews.com/2025/01/european-privacy-group-sues-tiktok-and.html

🛡️ The U.S. Treasury just sanctioned 2 individuals and 4 entities tied to North Korea’s illicit IT worker network—a major blow to funding its WMD and missile programs.

👉 Read More: https://thehackernews.com/2025/01/us-sanctions-north-korean-it-worker.html

🛑 New Adversary-in-the-Middle Phishing Kit Alert!

A powerful new phishing kit called Sneaky 2FA has been discovered, designed to steal your credentials and bypass 2FA.

⤷ Sold as a service via Telegram, offering an easy path for cybercriminals
⤷ Built to outsmart anti-bot systems and Cloudflare challenges

👉 Learn how: https://thehackernews.com/2025/01/new-sneaky-2fa-phishing-kit-targets.html

🚨 Most companies are still relying on outdated security models for guest Wi-Fi.

It’s time to move beyond traditional security models and adopt Zero Trust for tighter control and constant verification.

⤷ Prevent lateral movement
⤷ Continuous verification
⤷ Granular access control

👉 Explore how: https://thehackernews.com/2025/01/how-to-bring-zero-trust-to-wi-fi.html

🚨 Researchers discovered 3 vulnerabilities in WGS-804HPT switches used in automation systems—exploitable to execute remote code.

⤷ CVE-2024-52320 & CVE-2024-48871: Critical 9.8 scores!
⤷ Attackers can execute remote code with just a malicious HTTP request.

Read the full report: https://thehackernews.com/2025/01/critical-flaws-in-wgs-804hpt-switches.html

🛑 The U.S. Treasury has sanctioned a Chinese cybersecurity firm and a Shanghai-based actor linked to the Salt Typhoon hacking group. This follows a recent breach of U.S. Treasury IT systems.

Read the full story: https://thehackernews.com/2025/01/us-sanctions-chinese-cybersecurity-firm.html

🚨 Warning to Developers: Malicious Solana-related npm and PyPI packages are designed to steal #Solana private keys, drain wallets, and even delete your files.

Learn more: https://thehackernews.com/2025/01/hackers-deploy-malicious-npm-packages.html

🔐 Data Security—Not Just About Visibility, But About CONTROL!

Satori secures ALL data—not just analytical. From production data to AI models, every data type is covered.

💡 Key Benefits:
⤷ Continuous discovery and classification of data across your organization
⤷ Automated security policies that adapt to new data and users
⤷ Instant alerts for misconfigurations or risky access

👉 Discover how Satori can automate and secure your data: https://thehackernews.com/2025/01/product-walkthrough-how-satori.html

🌐 This week in cybersecurity: From nation-state attacks to cutting-edge malware, insider threats, and groundbreaking policies, the digital landscape is shifting fast.

Get the insights you need to stay secure and ahead of the curve.

Read: https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_20.html

🚨 Urgent: Notorious DoNot Team (APT-C-35) is behind a new Android malware campaign using a fake chat app, Tanzeem, to steal sensitive information.

📱 Malware functionality: The app steals contacts, call logs, SMS, location, and more.
⚡ New tactic: Push notifications deliver additional malware, ensuring persistence on the device.

👉 Explore how this attack works: https://thehackernews.com/2025/01/donot-team-linked-to-new-tanzeem.html

🔴 Multiple tunneling protocols, including GRE and IP6IP6, have vulnerabilities that could expose 4.2 million hosts to cyberattacks.

⚠️ What attackers can do:
⤷ Hijack your network
⤷ Launch anonymous DoS/DDoS attacks
⤷ Bypass security filters using trusted IPs

Find out more: https://thehackernews.com/2025/01/unsecured-tunneling-protocols-expose-42.html

🚨 CERT-UA is warning of ongoing social engineering attacks impersonating their agency via AnyDesk connection requests.

These malicious requests claim to conduct security audits, tricking users into trusting cyber attackers.

Explore the full details: https://thehackernews.com/2025/01/cert-ua-warns-of-cyber-scams-using-fake.html

Cybercriminals are leveraging a multi-stage loader, PNGPlug, hidden in seemingly legitimate software to target Chinese-speaking regions with ValleyRAT malware.

👉 Learn more: https://thehackernews.com/2025/01/pngplug-loader-delivers-valleyrat.html

🔒 Former CIA Analyst Pleads Guilty to Leaking Top Secret Info!

⤷ Top Secret Documents leaked, including intel on Israel's military actions against Iran.
⤷ How did he do it? Smuggled documents out of CIA headquarters in a backpack.

👉 Read more: https://thehackernews.com/2025/01/ex-cia-analyst-pleads-guilty-to-sharing.html

A massive botnet powered by 13,000 hijacked MikroTik routers is sending malicious emails to bypass email protections and launch malware campaigns.

The attack leverages misconfigured DNS and SPF records, making it easier for threat actors to spoof legitimate domains.

Read the full analysis here: https://thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html

Your app’s security should be resilient, not just protective.

Join Guardsquare's webinar to learn how to safeguard against evolving threats with multilayered protections without compromising performance or speed.

Register now: https://thn.news/multi-layered-app-protection-x