🚨 RansomHub, the most active ransomware group of 2024, has targeted over 600 organizations worldwide by exploiting flaws in Microsoft Active Directory and using brute-force attacks on VPNs to breach networks.

It also partners with LockBit & BlackCat to expand operations.

🔗 Discover more about this evolving threat: https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html

⚠️ Microsoft warns of Russian-aligned hacker group Storm-2372 using 'device code phishing' to steal authentication tokens, gain persistent access, and infiltrate global sectors.

🎯 Targets: Government, IT, Defense, Health, Education, Energy
🌍 Regions: Europe, North America, Africa, Middle East
🕵️‍♂️ Tactics: Phishing via WhatsApp, Signal, Teams
📲 Attack Method: Device code phishing to access accounts

🔗 Read full report: https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html

⚠️ Generative AI is supercharging social engineering tactics—transforming cybercriminals’ capabilities overnight.

From deepfake videos to voice cloning, attackers now have tools that go beyond traditional methods.

🔗 Learn how these technologies are reshaping cyber risks: https://thehackernews.com/2025/02/ai-powered-social-engineering-ancillary.html

👨‍💻 Lazarus Group uses a previously undocumented JavaScript implant, Marstech1, targeting developers in a highly sophisticated attack.

This new implant poses a significant supply chain risk, collecting sensitive data and targeting cryptocurrency wallets across multiple platforms.

👉 Read the full article: https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html

⚠️ Cybersecurity researchers have uncovered the whoAMI attack, which allows hackers to gain access to AWS EC2 instances through a name confusion vulnerability in AMIs.

By publishing backdoored AMIs with specific names, attackers can exploit misconfigured API searches to trick systems into using their malicious AMIs.

Even simple misconfigurations in AMI searches can lead to code execution vulnerabilities, affecting both public and private AWS users.

Learn more: https://thehackernews.com/2025/02/new-whoami-attack-exploits-aws-ami-name.html

Google’s new Android security feature blocks scammers from altering critical settings, like installing apps from unknown sources, while on a phone call.

This feature aims to prevent a rise in telephone-oriented attack delivery (TOAD), a growing scam trend.

Learn more about this important update: https://thehackernews.com/2025/02/androids-new-feature-blocks-fraudsters.html

Cybersecurity researchers have uncovered a new backdoor leveraging Telegram for command-and-control (C2).

🛠️ Golang-based malware hides in plain sight by mimicking system files.
📲 Telegram Bot API used to send and receive commands remotely.
🚨 Russian origin suspected based on command language.
🔄 Stealth features allow malware to reload itself after termination.

👉 Read: https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html

South Korea halts downloads of Chinese AI chatbot DeepSeek due to data protection concerns.

The suspension comes after security flaws were discovered and non-compliance with local privacy laws.

Read: https://thehackernews.com/2025/02/south-korea-suspends-deepseek-ai.html

🚨 This week’s update: Former Google insider charged with espionage, UI flaws targeted by nation-state actors, and critical patches needed for ThinkPHP and OwnCloud.

Get the full scoop here: https://thehackernews.com/2025/02/thn-weekly-recap-google-secrets-stolen.html

Is something missing from your cybersecurity strategy? It could be CTEM's continuous threat validation.

Discover why Continuous Threat Exposure Management (CTEM) is the next-gen solution for proactive cybersecurity.

🔗 Explore the full report to learn more about CTEM: https://thehackernews.com/2025/02/cisos-expert-guide-to-ctem-and-why-it.html

🚨 Microsoft uncovers a new, advanced variant of the XCSSET malware targeting macOS users. It's the first major revision since 2022.

This latest update features sophisticated obfuscation and persistence methods, making it harder to detect and stop.

Learn about these new techniques: https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html

⚠️ New MageCart malware targets Magento sites, hiding in <img> tags to avoid detection.

The code stays dormant until a user visits a checkout 🛒 page — then it springs into action, capturing card details.

🔗 Read the full article: https://thehackernews.com/2025/02/cybercriminals-exploit-onerror-event-in.html

🚨 Security vulnerabilities in Xerox VersaLink printers could allow attackers to steal authentication credentials via pass-back attacks, exposing critical systems.

CVE-2024-12510 and CVE-2024-12511 impact LDAP and SMB/FTP services and could lead to compromised Windows Active Directory access.

Get the full details: https://thehackernews.com/2025/02/new-xerox-printer-flaws-could-let.html

⚠️ A new campaign called RevivalStone, attributed to the China-linked Winnti group, is targeting Japanese manufacturers, materials, and energy sectors.

The attacks leveraging sophisticated tools like DEATHLOTUS and UNAPIMON to infiltrate and control enterprise systems.

Learn more: https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html

🚨 Critical vulnerability in Juniper Networks devices could let attackers hijack control.

The flaw affects Session Smart Routers, Conductor, and WAN Assurance Routers—putting your network at risk.

Update your devices now. Get the full details here: https://thehackernews.com/2025/02/juniper-session-smart-routers.html

New macOS malware alert: FrigidStealer is targeting users outside North America through fake updates to steal sensitive data.

This threat is linked to the elusive TA2727 group, which also spreads malware like Lumma Stealer and Marcher via web injects.

https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html

💻 93% of malware still relies on the Top 10 MITRE ATT&CK techniques.

🛡️ Focus on proven TTPs like credential theft and process injection to defend against the threats that matter today.

🔗 Explore the full insights in the Picus Red Report 2025: https://thehackernews.com/2025/02/debunking-ai-hype-inside-real-hacker.html

🐼 Mustang Panda, a Chinese state-backed group, has evolved its attack methods by using Microsoft’s MAVInject.exe to inject malware into external processes, bypassing antivirus detection and remaining undetected.

Read more about the attack chain: https://thehackernews.com/2025/02/chinese-hackers-exploit-mavinjectexe-to.html

🔴 Two new vulnerabilities found in OpenSSH – one allowing active Man-in-the-Middle (MitM) attacks and the other leading to Denial-of-Service (DoS).

Get the details on CVE-2025-26465 and CVE-2025-26466: https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html

🚨 Two critical vulnerabilities in Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN are actively exploited, now added to CISA's KEV catalog.

CVE-2025-0108 allows unauthenticated attackers to bypass PAN-OS security, while CVE-2024-53704 compromises SSLVPN authentication.

Exploitation is escalating, with attack traffic spiking 10x in a week. Act now!

Read More: https://thehackernews.com/2025/02/cisa-adds-palo-alto-networks-and.html

🚨ALERT: A global cryptocurrency miner campaign is targeting gamers.

Cybercriminals are using popular games like BeamNG-drive and Garry's Mod to deliver malicious software, secretly mining cryptocurrency on infected gaming rigs.

Learn more: https://thehackernews.com/2025/02/trojanized-game-installers-deploy.html