π¨ 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored in 2025!
π 200 new SaaS accounts/month for 100 employeesβeach a potential breach point.
π― 50% of breaches target SaaS apps.
π€ Unmanaged GenAI tools pose huge security risks.
βοΈ Weak SaaS security = GDPR/CCPA violations.
Securing your SaaS is no longer optional!
π Learn how to protect your SaaS environment now: https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html
π 200 new SaaS accounts/month for 100 employeesβeach a potential breach point.
π― 50% of breaches target SaaS apps.
π€ Unmanaged GenAI tools pose huge security risks.
βοΈ Weak SaaS security = GDPR/CCPA violations.
Securing your SaaS is no longer optional!
π Learn how to protect your SaaS environment now: https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html
π8π2β‘1
π£ Tomorrow! Join a live webinar on AI security. Explore how agentic systems are reshaping traditional DevSecOps practices and discover top AI security use cases in todayβs enterprises.
Join James Berthoty, Ron Bitton, and Dor Sarig for an in-depth discussion on agentic-related risks and a 2025 forecast. Donβt miss out!
π Wednesday, January 15th, 11:30am ET
π Register here: https://thn.news/ai-security-navigating
Join James Berthoty, Ron Bitton, and Dor Sarig for an in-depth discussion on agentic-related risks and a 2025 forecast. Donβt miss out!
π Wednesday, January 15th, 11:30am ET
π Register here: https://thn.news/ai-security-navigating
π14π€4π1
Googleβs OAuth login exposes a critical vulnerability, allowing attackers to access old employee accounts simply by purchasing a defunct domain from a failed startup.
Learn how this vulnerability could affect your organization: https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html
Learn how this vulnerability could affect your organization: https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html
π16π±9π5π€―5π2
π New macOS flaw (CVE-2024-44243) discovered!
Attackers could have bypassed crucial protections to install persistent malware and rootkits, potentially letting them take full control of your system.
Explore the details: https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html
Attackers could have bypassed crucial protections to install persistent malware and rootkits, potentially letting them take full control of your system.
Explore the details: https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html
π₯13π6π±6π1
π¨ UPDATE: Fortinet Confirms Critical Zero-Day π¨
CVE-2024-55591 in FortiOS & FortiProxy (CVSS 9.6) allows attackers to gain super-admin access & hijack firewalls.
Affected versions: FortiOS 7.0.0-7.0.16 & FortiProxy 7.0.0-7.2.12.
Upgrade now to 7.0.17+ or 7.0.20+ to mitigate risk.
https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html
CVE-2024-55591 in FortiOS & FortiProxy (CVSS 9.6) allows attackers to gain super-admin access & hijack firewalls.
Affected versions: FortiOS 7.0.0-7.0.16 & FortiProxy 7.0.0-7.2.12.
Upgrade now to 7.0.17+ or 7.0.20+ to mitigate risk.
https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html
π₯29π17β‘6π2
π΄ Critical Alert: Microsoft has just released a massive patch for 161 vulnerabilities across its software, including 3 zero-day flaws that have been actively exploited.
β€· CVE-2025-21333
β€· CVE-2025-21334
β€· CVE-2025-21335
Patch now: https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
β€· CVE-2025-21333
β€· CVE-2025-21334
β€· CVE-2025-21335
Patch now: https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html
π28π₯18π6π3β‘2
π¨ Critical Flaws Discovered in SimpleHelp Software!
An attacker could exploit these flaws to execute remote code, steal sensitive data, and bring your entire system down.
β Action required NOW:
β€· SimpleHelp has released critical patches.
β€· Change admin passwords immediately.
β€· Restrict logins to trusted IP addresses.
Read: https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html
An attacker could exploit these flaws to execute remote code, steal sensitive data, and bring your entire system down.
β Action required NOW:
β€· SimpleHelp has released critical patches.
β€· Change admin passwords immediately.
β€· Restrict logins to trusted IP addresses.
Read: https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html
π7β‘3π₯3π€2
π₯ FBI removes PlugX malware from 4,250+ compromised computers.
$7 β thatβs all it took for the FBI to sink a hacker-controlled server and trigger a "self-delete" command.
Learn more: https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html
$7 β thatβs all it took for the FBI to sink a hacker-controlled server and trigger a "self-delete" command.
Learn more: https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html
β‘23π7π4π₯1
π¨ Six critical security flaws disclosed in Rsync could allow attackers to execute arbitrary code on clients.
Any server with a public mirror could be exploited, putting SSH keys and other critical files at risk.
Read the full advisory: https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html
Any server with a public mirror could be exploited, putting SSH keys and other critical files at risk.
Read the full advisory: https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html
π₯15π8π€―4
β οΈ Cyber-attacks on ICS/OT are escalatingβAre YOU prepared?
β€· ICS/OT security demands custom strategies, not IT playbooks.
β€· Cyber-attacks are growing, threatening power grids, water systems, and more.
π Check out the SANS Five ICS/OT Cybersecurity Critical Controls: https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html
β€· ICS/OT security demands custom strategies, not IT playbooks.
β€· Cyber-attacks are growing, threatening power grids, water systems, and more.
π Check out the SANS Five ICS/OT Cybersecurity Critical Controls: https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html
π11π€2π₯1
π North Korean hackers behind IT worker fraud linked to 2016 crowdfunding scam!
These attacks arenβt slowing down. With DPRK-backed groups like Lazarus leading crypto thefts, the scale of cybercrime has reached alarming levels.
π Read the full report: https://thehackernews.com/2025/01/north-korean-it-worker-fraud-linked-to.html
These attacks arenβt slowing down. With DPRK-backed groups like Lazarus leading crypto thefts, the scale of cybercrime has reached alarming levels.
π Read the full report: https://thehackernews.com/2025/01/north-korean-it-worker-fraud-linked-to.html
π24π₯2π€2
π΄ Warning: North Koreaβs Lazarus Group is targeting Web3 and cryptocurrency developers!
Fake recruiters on LinkedIn are tricking developers with βcoding projectsβ that lead to malware.
π Learn more about their tactics: https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html
Fake recruiters on LinkedIn are tricking developers with βcoding projectsβ that lead to malware.
π Learn more about their tactics: https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html
π17π₯10β‘3
π§ A new malvertising campaign is targeting businesses by stealing Google Ads credentials! Hereβs how it works:
β€· Ads that look legitimate lead to fraudulent login pages.
β€· Phishers steal 2FA codes and credentials.
β€· The goal? Hijack Google Ads accounts to run fraudulent ads.
π Read more here: https://thehackernews.com/2025/01/google-ads-users-targeted-in.html
β€· Ads that look legitimate lead to fraudulent login pages.
β€· Phishers steal 2FA codes and credentials.
β€· The goal? Hijack Google Ads accounts to run fraudulent ads.
π Read more here: https://thehackernews.com/2025/01/google-ads-users-targeted-in.html
π17π±7π₯5β‘4π€―2
π¨ URGENT: A Python-based backdoor is now used in RansomHub ransomware attacks after initial access via a fake browser update.
π
Want to learn more? Read: https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html
π
Want to learn more? Read: https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html
β‘13π2π₯2
π¨ Ivanti has released urgent security updates to fix four critical vulnerabilities affecting EPM, Avalanche, and Application Control Engine. These flaws have been rated 9.8/10 on the CVSS scale, and if left unpatched, could allow remote attackers to leak sensitive data.
Learn more: https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html
Learn more: https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html
β‘9π6π₯1
π¨ New phishing campaigns are using hidden code in images to deploy VIP Keylogger and 0bj3ctivity Stealer.
From the email to a PowerShell script to a .NET loaderβeverything is designed to bypass defenses.
π Find out more about this rising threat: https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html
From the email to a PowerShell script to a .NET loaderβeverything is designed to bypass defenses.
π Find out more about this rising threat: https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html
β‘14π4π₯1
π A new flaw (CVE-2024-7344) in UEFI systems has been discovered, letting attackers run unsigned code during system bootβeven with Secure Boot enabled.
Read more β‘οΈ https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html
Read more β‘οΈ https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html
π€―26π8β‘5π4π₯2π±2
π΄ NTLMv1 Not Dead Yet!
Researchers uncover that a misconfiguration in on-premise apps can easily bypass Active Directoryβs Group Policy meant to disable NTLMv1 authentication.
Learn How: https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html
Researchers uncover that a misconfiguration in on-premise apps can easily bypass Active Directoryβs Group Policy meant to disable NTLMv1 authentication.
Learn How: https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html
π15π±7β‘3π1
π Stolen credentials are responsible for 80% of web app breaches in 2023-2024!
β€· Infostealer malware is fueling this rise, with credentials being sold for as little as $10.
β€· Even large companies with high security budgets are falling victim.
Learn how to tackle stolen credentials before they destroy your organizationβs security.
π Full article here: https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html
β€· Infostealer malware is fueling this rise, with credentials being sold for as little as $10.
β€· Even large companies with high security budgets are falling victim.
Learn how to tackle stolen credentials before they destroy your organizationβs security.
π Full article here: https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html
π14π1
π¨ Traditional trust management is failing in todayβs digital world. As IoT devices explode, certificates pile up, and compliance rules tighten, how are you keeping up?
π The solution? DigiCert ONE!
β€· Centralized trust management for devices, users, and workloads
β€· Automated security for hybrid environments
β€· Stress-free compliance
π‘Why it matters: The speed of digital transformation means old solutions just wonβt cut it anymore. You need real-time, automated security.
π Want to see how it works? Register for our free webinar now: https://thehackernews.com/2025/01/ready-to-simplify-trust-management-join.html
π The solution? DigiCert ONE!
β€· Centralized trust management for devices, users, and workloads
β€· Automated security for hybrid environments
β€· Stress-free compliance
π‘Why it matters: The speed of digital transformation means old solutions just wonβt cut it anymore. You need real-time, automated security.
π Want to see how it works? Register for our free webinar now: https://thehackernews.com/2025/01/ready-to-simplify-trust-management-join.html
π17π₯3π1