π New FREE Risk Assessment for Security Teams!
As GenAI and SaaS apps become essential, your organizationβs security risks are growing. Employees' browser behavior could be leaking sensitive data.
π Gain actionable insights and uncover hidden risks with this customized risk assessment: https://thehackernews.com/2025/01/discover-hidden-browsing-threats-free.html
As GenAI and SaaS apps become essential, your organizationβs security risks are growing. Employees' browser behavior could be leaking sensitive data.
π Gain actionable insights and uncover hidden risks with this customized risk assessment: https://thehackernews.com/2025/01/discover-hidden-browsing-threats-free.html
π₯11β‘2
π Zero-Day Exploit in Cambium Routers!
Threat actors are exploiting this flaw to deploy the AIRASHI botnet, carrying out powerful DDoS attacks of up to 3 Tbps.
Take action to secure your IoT devices before itβs too late.
Learn more here: https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html
Threat actors are exploiting this flaw to deploy the AIRASHI botnet, carrying out powerful DDoS attacks of up to 3 Tbps.
Take action to secure your IoT devices before itβs too late.
Learn more here: https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html
π14π€―9β‘1
π₯ The Trump administration has just terminated all DHS advisory committee memberships, including the key Cyber Safety Review Board (CSRB).
CSRB's past work included:
β€· Reporting on Log4Shell and LAPSUS$ intrusions
β€· Holding tech firms accountable for cybersecurity lapses
β€· Investigating Salt Typhoon, a Chinese hacking group targeting U.S. telecoms
Read β https://thehackernews.com/2025/01/trump-terminates-dhs-advisory-committee.html
CSRB's past work included:
β€· Reporting on Log4Shell and LAPSUS$ intrusions
β€· Holding tech firms accountable for cybersecurity lapses
β€· Investigating Salt Typhoon, a Chinese hacking group targeting U.S. telecoms
Read β https://thehackernews.com/2025/01/trump-terminates-dhs-advisory-committee.html
π€―38π±20π16π9π9π₯8β‘5π€1
π Google uncovers "TRIPLESTRENGTH," a financially motivated hacker group targeting cloud environments for cryptojacking and ransomware.
Their extensive reach includes Google Cloud, AWS, and Microsoft Azure.
π Read the full report: https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html
Their extensive reach includes Google Cloud, AWS, and Microsoft Azure.
π Read the full report: https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html
π25π₯1
π¨ Critical Cisco Flaw Exposes Admin Access!
A new vulnerability in Cisco Meeting Management (CVE-2025-20156) could allow attackers to gain full administrator control. π
Also, CISA and FBI issue a warning on Ivanti exploit chainsβtargeting government and private sector networks.
Learn more: https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html
A new vulnerability in Cisco Meeting Management (CVE-2025-20156) could allow attackers to gain full administrator control. π
Also, CISA and FBI issue a warning on Ivanti exploit chainsβtargeting government and private sector networks.
Learn more: https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html
π19π₯1
β οΈ A new BackConnect (BC) malware linked to QakBot is out, and it's evolving FAST.
Both QakBot and Black Basta are using this shared tool to ramp up their attacks, affecting thousands.
Find out: https://thehackernews.com/2025/01/qakbot-linked-bc-malware-adds-enhanced.html
Both QakBot and Black Basta are using this shared tool to ramp up their attacks, affecting thousands.
Find out: https://thehackernews.com/2025/01/qakbot-linked-bc-malware-adds-enhanced.html
π15π₯2
π Is your website tracking users more than necessary?
π¨ 45% of third-party apps on websites access sensitive user data unnecessarily.
Take steps to secure your siteβget actionable tips in the full report: https://thehackernews.com/2025/01/new-research-state-of-web-exposure-2025.html
π¨ 45% of third-party apps on websites access sensitive user data unnecessarily.
Take steps to secure your siteβget actionable tips in the full report: https://thehackernews.com/2025/01/new-research-state-of-web-exposure-2025.html
π12β‘4π3π₯1π€1
π 50-80% of enterprise breaches are due to credential & user-based attacks.
Legacy authentication methods are outdated and vulnerable, but cutting-edge authentication systems are now making attacks impossible.
Learn how to upgrade your security today: https://thehackernews.com/2025/01/eliminate-identity-based-threats.html
Legacy authentication methods are outdated and vulnerable, but cutting-edge authentication systems are now making attacks impossible.
Learn how to upgrade your security today: https://thehackernews.com/2025/01/eliminate-identity-based-threats.html
β‘7π4π₯2
Did you know security teams can now enforce MFA on user accounts directly in their web browser β even for apps that donβt allow mandatory MFA enforcement?
With Push Security, spend less time chasing users to configure MFA or trying to manually enforce it across hundreds of apps.
https://thn.news/mfa-enforce-other
With Push Security, spend less time chasing users to configure MFA or trying to manually enforce it across hundreds of apps.
https://thn.news/mfa-enforce-other
π7β‘3π3π₯2π1
π HellCat & Morpheus Ransomware Sharing Identical Code!
Cybercriminals are using the same payload for attacksβjust with victim-specific tweaks. Smaller, more agile groups like these may dominate the threat landscape moving forward.
π Read analysis: https://thehackernews.com/2025/01/experts-find-shared-codebase-linking.html
Cybercriminals are using the same payload for attacksβjust with victim-specific tweaks. Smaller, more agile groups like these may dominate the threat landscape moving forward.
π Read analysis: https://thehackernews.com/2025/01/experts-find-shared-codebase-linking.html
π₯12β‘4π4
π΄ A new malware campaign is exploiting fake CAPTCHA verifications to spread Lumma Stealer, affecting global organizations.
Targets are being tricked into downloading malware outside of the browser context.
Read the full report: https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html
Targets are being tricked into downloading malware outside of the browser context.
Read the full report: https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html
π20π€7π₯3π1
β οΈ URGENT: Security Flaws Found in Palo Alto Networks Firewalls
β€· BootHole CVE-2020-10713: Secure Boot bypass
β€· LogoFAIL & PixieFail: Code execution via firmware & network stack vulnerabilities
β€· Misconfigured SPI flash access in PA-415
π Read: https://thehackernews.com/2025/01/palo-alto-firewalls-found-vulnerable-to.html
β€· BootHole CVE-2020-10713: Secure Boot bypass
β€· LogoFAIL & PixieFail: Code execution via firmware & network stack vulnerabilities
β€· Misconfigured SPI flash access in PA-415
π Read: https://thehackernews.com/2025/01/palo-alto-firewalls-found-vulnerable-to.html
π11π8π±7π4π₯1
π΅οΈββοΈ J-magic Campaign </>
A New Breed of Malware β Attackers are using "magic packets" to remotely control Juniper routers and deploying a variant of the publicly available backdoor "cd00r" into enterprise networks.
Find out more: https://thehackernews.com/2025/01/custom-backdoor-exploiting-magic-packet.html
A New Breed of Malware β Attackers are using "magic packets" to remotely control Juniper routers and deploying a variant of the publicly available backdoor "cd00r" into enterprise networks.
Find out more: https://thehackernews.com/2025/01/custom-backdoor-exploiting-magic-packet.html
π24π€6β‘3π₯2
π¨ Urgent Alert: CVE-2020-11023 is back in the spotlight!
CISA adds this jQuery flaw to its Known Exploited Vulnerabilities list after active exploitation was detected.
Learn more: https://thehackernews.com/2025/01/cisa-adds-five-year-old-jquery-xss-flaw.html
Review your jQuery versions and update immediately.
CISA adds this jQuery flaw to its Known Exploited Vulnerabilities list after active exploitation was detected.
Learn more: https://thehackernews.com/2025/01/cisa-adds-five-year-old-jquery-xss-flaw.html
Review your jQuery versions and update immediately.
π13β‘10
π Google introduces Identity Check, a new feature for Android devices that locks sensitive settings behind biometric authentication when outside trusted locations.
Powered by AI, it helps protect devices against unauthorized access.
π Check out: https://thehackernews.com/2025/01/androids-new-identity-check-feature.html
Powered by AI, it helps protect devices against unauthorized access.
π Check out: https://thehackernews.com/2025/01/androids-new-identity-check-feature.html
π€27π15π₯8β‘4π2π1
β‘ Why Zero Trust Is the Future of Cybersecurity
π Only verified users get access to specific IT resources.
π Context-based security, driven by AI, ensures nothing slips through the cracks.
π No more backhauling trafficβsecure, fast, direct-to-app access.
Explore the full article: https://thehackernews.com/expert-insights/2025/01/zero-trust-security-why-its-essential.html
π Only verified users get access to specific IT resources.
π Context-based security, driven by AI, ensures nothing slips through the cracks.
π No more backhauling trafficβsecure, fast, direct-to-app access.
Explore the full article: https://thehackernews.com/expert-insights/2025/01/zero-trust-security-why-its-essential.html
π14β‘8π€4π₯1
π¨ 5 indicted in a major North Korean IT worker scam targeting U.S. companies!
β€· $866,000 funneled through shell accounts
β€· Remote laptop farms deceived employers into hiring fake workers
β€· One suspect arrested, others face up to 20 years in prison
π Learn More: https://thehackernews.com/2025/01/doj-indicts-5-individuals-for-866k.html
β€· $866,000 funneled through shell accounts
β€· Remote laptop farms deceived employers into hiring fake workers
β€· One suspect arrested, others face up to 20 years in prison
π Learn More: https://thehackernews.com/2025/01/doj-indicts-5-individuals-for-866k.html
β‘10π5π3π₯2
π Over 100 Vulnerabilities in LTE & 5G Discovered.
These flaws could give hackers a backdoor into cellular networksβdisrupting communications at a city-wide level.
β€· Attacks on phone calls, messaging, and data.
β€· Exploiting buffer overflows and memory errors.
β€· Non-authenticated mobile devices can exploit these flaws.
Read the full details: https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html
These flaws could give hackers a backdoor into cellular networksβdisrupting communications at a city-wide level.
β€· Attacks on phone calls, messaging, and data.
β€· Exploiting buffer overflows and memory errors.
β€· Non-authenticated mobile devices can exploit these flaws.
Read the full details: https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html
π€―31π±9π8π₯6β‘2π2
Learn cybersecurity risk management from the experts at Georgetown. Attend our webinar on February 6.
https://thn.news/cyber-risk-mgmt-ig
https://thn.news/cyber-risk-mgmt-ig
π15π8β‘2π2
π Only 14% of Organizations Can Recover SaaS Data in MINUTES!
The rest? It takes hours, or even daysβputting compliance and productivity at serious risk.
Lost time = lost revenue.
π Find out how to level up your data resilience in the 2025 SaaS Backup and Recovery Report: https://thehackernews.com/2025/01/insights-from-2025-saas-backup-and-recovery-report.html
The rest? It takes hours, or even daysβputting compliance and productivity at serious risk.
Lost time = lost revenue.
π Find out how to level up your data resilience in the 2025 SaaS Backup and Recovery Report: https://thehackernews.com/2025/01/insights-from-2025-saas-backup-and-recovery-report.html
π9β‘6π6π€―6π₯4π€3