⚠️ China-linked espionage group used PlugX malware and a Toshiba binary in a ransomware attack on a South Asian software company.

The attack exploited the CVE-2024-0012 vulnerability in Palo Alto Networks software.

👉 Read the full story to learn more: https://thehackernews.com/2025/02/hackers-exploited-pan-os-flaw-to-deploy.html

🔒 Are last-minute security fixes slowing your releases? Is your team caught in a tug-of-war between speed and safety?

Our next cybersecurity webinar shows you how to:
• Bridge the gap between development and security
• Secure your code from the start
• Get actionable tips from Palo Alto Networks

Ready to learn? Register now: https://thehackernews.com/2025/02/fast-deployments-secure-code-watch-this.html

🔥 Simplify Security & Boost Efficiency with Extensible CIAM!

An extensible CIAM solution strengthens security, improves user experience, and accelerates growth.

🔒 Reduce identity-based threats
⚡ Speed up time-to-market with seamless integrations
✅ Ensure compliance without added complexity

Discover how CIAM transforms security and efficiency: https://thehackernews.com/expert-insights/2025/02/solving-identity-challenges-with.html

🛑 North Korea-linked hackers are actively targeting South Korea’s government, business, and cryptocurrency sectors—using Dropbox for payload distribution and data exfiltration.

• Short-lived, dynamic cloud infrastructure to evade tracking
• OAuth token authentication to seamlessly move data
• Multi-stage PowerShell execution to remain stealthy

🔗 Read the full analysis: https://thehackernews.com/2025/02/north-korean-apt43-uses-powershell-and.html

🚨 Enter your card details once? It “fails.” Try again? Still “fails.” Third time? You’re sent to an error page—but the attackers now have everything they need.

Cybercriminals are using bogus PDFs on Webflow CDN to steal credit card details from unsuspecting users.

🔗 Don’t fall for it—know the warning signs: https://thehackernews.com/2025/02/hackers-use-captcha-trick-on-webflow.html

🛑 AI is everywhere—and hackers are also using AI to run large-scale social engineering, create deepfakes, and exploit app vulnerabilities faster than ever.


How can we build AI securely while leveraging it for defense?

Find out in this latest analysis: https://thehackernews.com/2025/02/ai-and-security-new-puzzle-to-figure-out.html

Struggling to filter the AI hype from actual threat? Check out the latest webinar from Push Security to learn how new AI Computer-Using Agents (no, not DeepSeek) can be used to automate identity attacks against SaaS through the kill chain, from Recon to Exfil 🤖🚨

Register now! https://thn.news/ai-attacks-webinar-tg

🛑 A dangerous combo attack has been discovered exploiting a PostgreSQL SQL injection flaw (CVE-2025-1094) and a BeyondTrust remote access bug (CVE-2024-12356).

🛠️ Patches available for both vulnerabilities.

🔗 Read more and secure your systems NOW: https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html

🚨 WARNING: CVE-2025-0108 Under Active Exploitation


Palo Alto Networks PAN-OS is being targeted by attackers exploiting a newly patched authentication bypass flaw (CVE-2025-0108).

➔ Flaw allows unauthenticated attackers to execute specific PHP scripts.

➔ Exploitation attempts have been traced to IPs in U.S., China, and Israel.

🛠️ Patch now to prevent unauthorized access.

🔗 Get the full details and patch guidance: https://thehackernews.com/2025/02/palo-alto-networks-patches.html

🚨 RansomHub, the most active ransomware group of 2024, has targeted over 600 organizations worldwide by exploiting flaws in Microsoft Active Directory and using brute-force attacks on VPNs to breach networks.

It also partners with LockBit & BlackCat to expand operations.

🔗 Discover more about this evolving threat: https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html

⚠️ Microsoft warns of Russian-aligned hacker group Storm-2372 using 'device code phishing' to steal authentication tokens, gain persistent access, and infiltrate global sectors.

🎯 Targets: Government, IT, Defense, Health, Education, Energy
🌍 Regions: Europe, North America, Africa, Middle East
🕵️‍♂️ Tactics: Phishing via WhatsApp, Signal, Teams
📲 Attack Method: Device code phishing to access accounts

🔗 Read full report: https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html

⚠️ Generative AI is supercharging social engineering tactics—transforming cybercriminals’ capabilities overnight.

From deepfake videos to voice cloning, attackers now have tools that go beyond traditional methods.

🔗 Learn how these technologies are reshaping cyber risks: https://thehackernews.com/2025/02/ai-powered-social-engineering-ancillary.html

👨‍💻 Lazarus Group uses a previously undocumented JavaScript implant, Marstech1, targeting developers in a highly sophisticated attack.

This new implant poses a significant supply chain risk, collecting sensitive data and targeting cryptocurrency wallets across multiple platforms.

👉 Read the full article: https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html

⚠️ Cybersecurity researchers have uncovered the whoAMI attack, which allows hackers to gain access to AWS EC2 instances through a name confusion vulnerability in AMIs.

By publishing backdoored AMIs with specific names, attackers can exploit misconfigured API searches to trick systems into using their malicious AMIs.

Even simple misconfigurations in AMI searches can lead to code execution vulnerabilities, affecting both public and private AWS users.

Learn more: https://thehackernews.com/2025/02/new-whoami-attack-exploits-aws-ami-name.html

Google’s new Android security feature blocks scammers from altering critical settings, like installing apps from unknown sources, while on a phone call.

This feature aims to prevent a rise in telephone-oriented attack delivery (TOAD), a growing scam trend.

Learn more about this important update: https://thehackernews.com/2025/02/androids-new-feature-blocks-fraudsters.html

Cybersecurity researchers have uncovered a new backdoor leveraging Telegram for command-and-control (C2).

🛠️ Golang-based malware hides in plain sight by mimicking system files.
📲 Telegram Bot API used to send and receive commands remotely.
🚨 Russian origin suspected based on command language.
🔄 Stealth features allow malware to reload itself after termination.

👉 Read: https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html

South Korea halts downloads of Chinese AI chatbot DeepSeek due to data protection concerns.

The suspension comes after security flaws were discovered and non-compliance with local privacy laws.

Read: https://thehackernews.com/2025/02/south-korea-suspends-deepseek-ai.html

🚨 This week’s update: Former Google insider charged with espionage, UI flaws targeted by nation-state actors, and critical patches needed for ThinkPHP and OwnCloud.

Get the full scoop here: https://thehackernews.com/2025/02/thn-weekly-recap-google-secrets-stolen.html

Is something missing from your cybersecurity strategy? It could be CTEM's continuous threat validation.

Discover why Continuous Threat Exposure Management (CTEM) is the next-gen solution for proactive cybersecurity.

🔗 Explore the full report to learn more about CTEM: https://thehackernews.com/2025/02/cisos-expert-guide-to-ctem-and-why-it.html

🚨 Microsoft uncovers a new, advanced variant of the XCSSET malware targeting macOS users. It's the first major revision since 2022.

This latest update features sophisticated obfuscation and persistence methods, making it harder to detect and stop.

Learn about these new techniques: https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html