🔐 Data Security—Not Just About Visibility, But About CONTROL!

Satori secures ALL data—not just analytical. From production data to AI models, every data type is covered.

💡 Key Benefits:
⤷ Continuous discovery and classification of data across your organization
⤷ Automated security policies that adapt to new data and users
⤷ Instant alerts for misconfigurations or risky access

👉 Discover how Satori can automate and secure your data: https://thehackernews.com/2025/01/product-walkthrough-how-satori.html

🌐 This week in cybersecurity: From nation-state attacks to cutting-edge malware, insider threats, and groundbreaking policies, the digital landscape is shifting fast.

Get the insights you need to stay secure and ahead of the curve.

Read: https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_20.html

🚨 Urgent: Notorious DoNot Team (APT-C-35) is behind a new Android malware campaign using a fake chat app, Tanzeem, to steal sensitive information.

📱 Malware functionality: The app steals contacts, call logs, SMS, location, and more.
⚡ New tactic: Push notifications deliver additional malware, ensuring persistence on the device.

👉 Explore how this attack works: https://thehackernews.com/2025/01/donot-team-linked-to-new-tanzeem.html

🔴 Multiple tunneling protocols, including GRE and IP6IP6, have vulnerabilities that could expose 4.2 million hosts to cyberattacks.

⚠️ What attackers can do:
⤷ Hijack your network
⤷ Launch anonymous DoS/DDoS attacks
⤷ Bypass security filters using trusted IPs

Find out more: https://thehackernews.com/2025/01/unsecured-tunneling-protocols-expose-42.html

🚨 CERT-UA is warning of ongoing social engineering attacks impersonating their agency via AnyDesk connection requests.

These malicious requests claim to conduct security audits, tricking users into trusting cyber attackers.

Explore the full details: https://thehackernews.com/2025/01/cert-ua-warns-of-cyber-scams-using-fake.html

Cybercriminals are leveraging a multi-stage loader, PNGPlug, hidden in seemingly legitimate software to target Chinese-speaking regions with ValleyRAT malware.

👉 Learn more: https://thehackernews.com/2025/01/pngplug-loader-delivers-valleyrat.html

🔒 Former CIA Analyst Pleads Guilty to Leaking Top Secret Info!

⤷ Top Secret Documents leaked, including intel on Israel's military actions against Iran.
⤷ How did he do it? Smuggled documents out of CIA headquarters in a backpack.

👉 Read more: https://thehackernews.com/2025/01/ex-cia-analyst-pleads-guilty-to-sharing.html

A massive botnet powered by 13,000 hijacked MikroTik routers is sending malicious emails to bypass email protections and launch malware campaigns.

The attack leverages misconfigured DNS and SPF records, making it easier for threat actors to spoof legitimate domains.

Read the full analysis here: https://thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html

Your app’s security should be resilient, not just protective.

Join Guardsquare's webinar to learn how to safeguard against evolving threats with multilayered protections without compromising performance or speed.

Register now: https://thn.news/multi-layered-app-protection-x

🚨 New Murdoc_Botnet Targets IoT Devices Worldwide!
Researchers have uncovered a massive botnet exploiting security flaws (CVE-2017-17215 & CVE-2024-7029) in AVTECH cameras and Huawei routers.

It has already infected 1,370+ devices since July 2024.

👉 Update your firmware, change default passwords, and secure your network now.

Find details here: https://thehackernews.com/2025/01/murdocbotnet-found-exploiting-avtech-ip.html

🔒 Details Emerge About BitLocker Flaw!

CVE-2025-21210 allows attackers to bypass BitLocker encryption by corrupting a registry key, which causes unencrypted hibernation images to be written to disk.

Learn more: https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html#details-emerge-about-cve-2025-21210

📣 CISA BOD 25-01 is here.

This latest directive outlines requirements to ensure that Microsoft 365 cloud environments and SaaS applications are safe and secure.

Get prepared to meet those essential compliance deadlines.

🔗 Learn how federal civilian agencies can ensure SCuBA policy alignment: https://thn.news/o8o8sp2s

⚡ Cloudflare’s latest report reveals the largest DDoS attack ever recorded — 5.6 Terabits per second!

⤷ Originated from over 13,000 IoT devices
⤷ The attack targeted an ISP in Eastern Asia

👉 Learn more: https://thehackernews.com/2025/01/mirai-botnet-launches-record-56-tbps.html

⚠️ Oracle has released its Critical Patch Update for January 2025, addressing a massive 318 security vulnerabilities across its products.

The most severe flaw could give attackers full control over affected systems.

Read the full update: https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html

🚨 Alert: A previously unknown China-linked APT group, PlushDaemon, has been linked to a 2023 supply chain attack targeting a South Korean VPN provider.

From screen recording to browser password harvesting – this backdoor does it all.

Read more: https://thehackernews.com/2025/01/plushdaemon-apt-targets-south-korean.html

🤔 65% of security teams rely solely on pentest vendors for their reports. What happens when you can’t verify those reports?

⤷ HackGATE fixes this by offering real-time visibility into pentest activities.
⤷ Gain deeper insight into every test phase, ensuring quality and accountability.

Don’t just trust the report—verify it!

⚡ See how HackGATE can help: https://thehackernews.com/2025/01/hackgate-setting-new-standards-for.html

⚖️ U.S. President Trump pardons Ross Ulbricht, creator of the Silk Road darkweb marketplace, after 11 years behind bars.

Ulbricht’s life sentence for trafficking and hacking is now officially void.

👉 Read the full article: https://thehackernews.com/2025/01/president-trump-pardons-silk-road.html

🇰🇵 North Korean malware #InvisibleFerret uses fake tech job interviews

It's target: corporate info, crypto data, source code 🎯

Read comprehensive technical analysis of this threat from @AnyRun_app
https://thn.news/invisibleferret-tech-analysis

🔐 New FREE Risk Assessment for Security Teams!

As GenAI and SaaS apps become essential, your organization’s security risks are growing. Employees' browser behavior could be leaking sensitive data.

🔍 Gain actionable insights and uncover hidden risks with this customized risk assessment: https://thehackernews.com/2025/01/discover-hidden-browsing-threats-free.html

🛑 Zero-Day Exploit in Cambium Routers!

Threat actors are exploiting this flaw to deploy the AIRASHI botnet, carrying out powerful DDoS attacks of up to 3 Tbps.

Take action to secure your IoT devices before it’s too late.

Learn more here: https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html