Ransomware is hitting harder in 2025. Hackers demand millions—and paying up doesn’t guarantee you’ll get your data back.

LockBit, Lynx, and Virlock—ransomware groups are evolving, targeting everyone from small businesses to critical infrastructure.

Get the full breakdown on how to defend against these threats.: https://thehackernews.com/2025/02/top-3-ransomware-threats-active-in-2025.html

PAM isn’t just a cybersecurity tool. It’s a game-changer for operational efficiency, compliance & security.

• Enforces the principle of least privilege
• Boosts regulatory compliance
• Protects from evolving threats

Don’t miss out on this essential shift in cybersecurity leadership.

Read: https://thehackernews.com/2025/02/the-evolving-role-of-pam-in.html

⚠️ Big names like LockBit and BlackCat are collapsing, but smaller players are multiplying. Cybercriminals raked in $813.5M from ransomware in 2024—a sharp drop from $1.25B in 2023.

Smaller, faster, and more dangerous—ransomware just got a whole lot trickier.

Get the full insights: https://thehackernews.com/2025/02/ransomware-extortion-drops-to-8135m-in.html

Bogus websites masquerading as Google Chrome are now distributing ValleyRAT—an evolving remote access trojan.

Targeting high-value roles in finance, accounting, and sales, this threat actor—Silver Fox—strategically targets sensitive systems.

Read the full report: https://thehackernews.com/2025/02/fake-google-chrome-sites-distribute.html

🚨 URGENT: Attackers are exploiting newly discovered flaws in SimpleHelp RMM software to establish persistent access to networks and deploy ransomware.

CVE-2024-57726, CVE-2024-57727, CVE-2024-57728: Flaws enabling privilege escalation, remote code execution.

👉 Secure your systems and read the full details: https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html

The RBI is introducing a dedicated "bank[.]in" domain to combat digital fraud and secure digital transactions.

Read the full article: https://thehackernews.com/2025/02/indias-rbi-introduces-exclusive-bankin.html

🚨 Alert: Publicly exposed ASP'NET machine keys could give attackers an easy way to infiltrate your systems.

🔑 Over 3,000 keys are now available for exploitation. Microsoft reveals how attackers can inject malicious code using these keys to gain remote code execution.

🔗 Read full article: https://thehackernews.com/2025/02/microsoft-identifies-3000-publicly.html

🚨 CISA warns of active exploitation in Trimble Cityworks GIS software, with a high-severity vulnerability (CVE-2025-0994, CVSS 8.6) being weaponized in the wild.

If left unpatched, attackers could gain unauthorized access and deploy harmful payloads like Cobalt Strike and VShell.

Read: https://thehackernews.com/2025/02/cisa-warns-of-active-exploitation-in.html

🔒 AI-Powered Social Engineering is Here – And It's Evolving FAST!

Criminals are automating and personalizing attacks, making them more effective than ever.

AI-generated phishing emails and deepfake CFOs are tricking employees into transferring millions.

👉 Learn how to equip your workforce to spot deception: https://thehackernews.com/2025/02/ai-powered-social-engineering.html

🛑 DeepSeek's iOS app is transmitting sensitive user data without encryption to a cloud platform linked to ByteDance (TikTok), leaving it wide open to hackers.

👉 See the full story and analysis here: https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html

⚠️ Researchers have uncovered two malicious ML models on Hugging Face using a new attack method—"broken" pickle files—to bypass detection.

These models execute a reverse shell right from the start, connecting to a hard-coded IP.

🔧 Learn more: https://thehackernews.com/2025/02/malicious-ml-models-found-on-hugging.html

🛑 XE Group has evolved. They’re no longer just stealing credit card data—they’re exploiting zero-day vulnerabilities (like CVE-2024-57968 in VeraCore) to target supply chains

Once in, they can drop reverse shells, exfiltrate files, and even modify data

https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html

Zimbra's latest patch addresses three new vulnerabilities:

• SQL Injection (CVE-2025-25064) exposing email metadata to authenticated attackers.
• XSS vulnerability in the Classic Web Client, risking user security.
• SSRF flaw (CVE-2025-25065) allowing unauthorized redirection to internal systems.

Upgrade ASAP to avoid potential exploitation and secure your systems.

Read: https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html

A Chinese-speaking hacker group, DragonRank, is targeting IIS servers across Asia with BadIIS malware, redirecting users to rogue gambling sites.

Critical sectors—governments, universities, and tech firms—are at risk.

🔗 Read more: https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html

🚨 This Week in Cyber: Hackers Are Getting Smarter—Are You?

🔹 AI-powered fraud is on the rise
🔹 Stolen ASP .NET keys fuel cyberattacks
🔹 Ransomware payouts drop, but attacks surge
🔹 Abandoned cloud storage = hacker goldmine

Stay ahead of the threats. Read the full recap now: https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity_10.html

⚠️ WARNING: Hackers are using Google Tag Manager (GTM) to deliver credit card skimming malware on Magento e-commerce sites.

Targeting checkout pages to capture credit card details
3 sites found infected; it could be more

Learn more about this attack: https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html

🛑 Apple has released emergency security updates for iOS and iPadOS to patch a vulnerability exploited in the wild.

This flaw, identified as CVE-2025-24200, could allow attackers to disable USB Restricted Mode on locked devices.

Update your devices now: https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html

🔒 Think VPNs are enough? Think again. VPNs are a band-aid solution—they expose your network to new attack vectors. Attacks through VPNs can bypass security defenses like firewalls.

Want a better way to secure your network? Discover Zero Trust and how it reduces your risk.

Read more now: https://thehackernews.com/expert-insights/2025/02/eliminate-your-attack-surface-by.html

A global law enforcement operation has shut down the dark web data leak and negotiation sites tied to the notorious 8Base ransomware gang.

The seizure of over 40 pieces of evidence signals serious progress in the fight against cybercrime.

Find out more: https://thehackernews.com/2025/02/8base-ransomware-data-leak-sites-seized.html

🚨 Cybercriminals are using the ClickFix technique to deliver NetSupport RAT—a powerful malware that gives attackers full control over your device.

Fake CAPTCHA pages are injecting malicious PowerShell commands to deploy the malware.

Learn more: https://thehackernews.com/2025/02/threat-actors-exploit-clickfix-to.html