⚠️ Ransomware doesn’t hit all at once—it unfolds in stages, beginning with subtle signs like deleted backups and escalated privileges. If you’re not monitoring early warning signs, it’s too late by the time encryption locks you out.

👉 Learn how continuous ransomware validation can help you detect threats early: https://thehackernews.com/2025/02/becoming-ransomware-ready-why.html

Cybersecurity experts are sounding alarms over a new wave of malware leveraging cracked software to spread information stealers like ACR Stealer.

ACR Stealer is using legitimate services like Telegram and Google Slides to hide its malicious command-and-control server.

Read the full story: https://thehackernews.com/2025/02/new-malware-campaign-uses-cracked.html

🛑 CISA has warned about two vulnerabilities: CVE-2017-3066 and CVE-2024-20953. Despite patches being available, they're flagged due to continued exploitation risks.

🔗 Read the full article: https://thehackernews.com/2025/02/two-actively-exploited-security-flaws.html

A new wave of phishing attacks has targeted industrial organizations across the APAC region, delivering the dangerous FatalRAT malware.

These attacks leverage legitimate cloud services like myqcloud and Youdao Cloud Notes to evade detection.

Read the full story: https://thehackernews.com/2025/02/fatalrat-phishing-attacks-target-apac.html

🚨 A cyber campaign using fake open-source projects on GitHub is stealing personal data and crypto assets.

Malicious tools disguised as game mods and automation scripts have already stolen 5 bitcoins (~$456,600).

Read the full article to learn how this attack works: https://thehackernews.com/2025/02/gitvenom-malware-steals-456k-in-bitcoin.html

🚨 Cyberattackers are using a vulnerable Windows driver to evade detection and deliver the Gh0st RAT malware.

Thousands of modified driver variants, including RogueKiller’s truesight.sys, are now actively bypassing defenses.

👉 Read the full article: https://thehackernews.com/2025/02/2500-truesightsys-driver-variants.html

A new malware campaign targets Belarusian activists and the Ukrainian military, using Excel files to deliver PicassoLoader.

The malicious Excel file tricks users into enabling obfuscated macros, which deploy a stealthy RAT and additional payloads.

Read the full article: https://thehackernews.com/2025/02/belarus-linked-ghostwriter-uses.html

Researchers uncover a revamped LightSpy spyware with over 100 commands, targeting Android, iOS, Windows, macOS, and platforms like Facebook and Instagram.

Explore the full details: https://thehackernews.com/2025/02/lightspy-expands-to-100-commands.html

🛑 Cybercriminals are using the ClickFix technique to spread the NetSupport RAT in 2025. Embedded in fake CAPTCHA pages, this RAT grants attackers full control, stealing sensitive data and spying in real-time.

Learn how this threat works and how to defend against it—read the full article: https://thehackernews.com/2025/02/5-active-malware-campaigns-in-q1-2025.html

🔐 CISA has just added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—both actively exploited.

Hook: Microsoft Partner Center’s CVE-2024-49035 and Synacor ZCS’s CVE-2023-34192 are putting organizations at risk.

Read the full article: https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html

⚠️ A malicious Python package, automslc, has been flagged for bypassing Deezer's security to enable unauthorized music downloads.

With over 104,000 downloads, it exploits hardcoded credentials and external servers for illegal music piracy.

Read the full article: https://thehackernews.com/2025/02/malicious-pypi-package-automslc-enables.html

🚨 Ukraine’s CERT-UA warns of new cyberattacks targeting Notary of Ukraine operations with the DCRat remote access trojan.

Attackers gain access using RDPWRAPPER and steal data with tools like FIDDLER and XWorm.

Read the full article for more insights: https://thehackernews.com/2025/02/cert-ua-warns-of-uac-0173-attacks.html

🚨 A new Linux malware, Auto-Color, is targeting universities and government organizations across North America and Asia.

Unlike traditional malware, it uses encryption and hidden tactics to evade detection, making it harder to remove.

👉 Read: https://thehackernews.com/2025/02/new-linux-malware-auto-color-grants.html

Passwords are under constant attack—from brute force to dictionary & rainbow table methods. Strong, complex passwords and MFA are essential to defend against these threats.

Learn how to protect your data from advanced password-cracking techniques: https://thehackernews.com/2025/02/three-password-cracking-techniques-and.html

A massive leak of Black Basta's 200,000+ chat messages reveals their tactics, key players, and internal conflicts.

The group uses QakBot for access, exploits SMB misconfigurations, and faces growing instability.

Get the inside scoop: https://thehackernews.com/2025/02/leaked-black-basta-chat-logs-reveal.html

Say goodbye to burnout with SOC 3.0—AI-powered security that works smarter, not harder.

Tired of drowning in alerts? SOC 3.0 uses AI to handle the heavy lifting, freeing up analysts to make the big decisions.

Want to see how it all works? Read the full article now: https://thehackernews.com/2025/02/soc-30-evolution-of-soc-and-how-ai-is.html

🚨 A severe XSS vulnerability in Krpano, a popular virtual tour framework, has been exploited to inject malicious scripts into over 350 websites.

🔍 Affected sites include government portals, universities, and Fortune 500 companies.

The attack manipulates search results, using SEO poisoning tactics to promote spam ads.

Get the full details: https://thehackernews.com/2025/02/hackers-exploited-krpano-framework-flaw.html

Shadow AI is quietly slipping into your organization—are you prepared to stop it?

AI tools are growing fast, but many are flying under the radar, avoiding standard security checks. This can put sensitive data at risk. Is your security plan ready?

Read the full article to learn how to protect your organization from Shadow AI: https://thehackernews.com/expert-insights/2025/02/shadow-ai-is-here-is-your-security.html

⚠️ The FBI confirms Lazarus Group (TraderTraitor) is behind the $1.5B Bybit hack.

The attack originated from a compromised Safe{Wallet} developer machine, allowing a malicious transaction to target Bybit’s multisig cold wallet.

The stolen funds are now being laundered across multiple blockchains.

Read more: https://thehackernews.com/2025/02/bybit-hack-traced-to-safewallet-supply.html

🚨 A new botnet, PolarEdge, is exploiting critical vulnerabilities in Cisco, ASUS, QNAP, and Synology edge devices.

A TLS backdoor lets attackers control infected devices worldwide. Over 2,000 devices are already compromised, targeting outdated routers.

Read the full article for more details: https://thehackernews.com/2025/02/polaredge-botnet-exploits-cisco-and.html

The Android malware TgToxic (ToxicPanda) has evolved, with new features to evade detection and enhance its capabilities.

With improved emulator detection and dynamic C2 server generation, this malware is adapting faster than researchers can track.

Explore the full article: https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html