New macOS malware alert: FrigidStealer is targeting users outside North America through fake updates to steal sensitive data.

This threat is linked to the elusive TA2727 group, which also spreads malware like Lumma Stealer and Marcher via web injects.

https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html

💻 93% of malware still relies on the Top 10 MITRE ATT&CK techniques.

🛡️ Focus on proven TTPs like credential theft and process injection to defend against the threats that matter today.

🔗 Explore the full insights in the Picus Red Report 2025: https://thehackernews.com/2025/02/debunking-ai-hype-inside-real-hacker.html

🐼 Mustang Panda, a Chinese state-backed group, has evolved its attack methods by using Microsoft’s MAVInject.exe to inject malware into external processes, bypassing antivirus detection and remaining undetected.

Read more about the attack chain: https://thehackernews.com/2025/02/chinese-hackers-exploit-mavinjectexe-to.html

🔴 Two new vulnerabilities found in OpenSSH – one allowing active Man-in-the-Middle (MitM) attacks and the other leading to Denial-of-Service (DoS).

Get the details on CVE-2025-26465 and CVE-2025-26466: https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html

🚨 Two critical vulnerabilities in Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN are actively exploited, now added to CISA's KEV catalog.

CVE-2025-0108 allows unauthenticated attackers to bypass PAN-OS security, while CVE-2024-53704 compromises SSLVPN authentication.

Exploitation is escalating, with attack traffic spiking 10x in a week. Act now!

Read More: https://thehackernews.com/2025/02/cisa-adds-palo-alto-networks-and.html

🚨ALERT: A global cryptocurrency miner campaign is targeting gamers.

Cybercriminals are using popular games like BeamNG-drive and Garry's Mod to deliver malicious software, secretly mining cryptocurrency on infected gaming rigs.

Learn more: https://thehackernews.com/2025/02/trojanized-game-installers-deploy.html

⚠️ Exposed or forgotten assets are prime hacker targets. In 2024, over 60% of breaches started with small, overlooked assets like old subdomains.

Learn how Attack Surface Management (ASM) helps you detect changes in real time and secure vulnerable assets.

Read: https://thehackernews.com/expert-insights/2025/02/how-hackers-exploit-your-attack-surface.html

Looking to grow your cybersecurity business? vCISO services are the key to capturing the growing demand for strategic leadership.

This Ultimate Guide breaks down actionable steps for MSPs and MSSPs to build a profitable vCISO practice.

Check out: https://thehackernews.com/2025/02/the-ultimate-msp-guide-to-structuring.html

A new Snake Keylogger variant is targeting Windows users in China, Turkey, Indonesia, Taiwan, and Spain, with over 280 million infection attempts blocked in a year.

Delivered via phishing emails, it logs keystrokes, steals credentials, and monitors clipboards from browsers like Chrome and Firefox.

Read more: https://thehackernews.com/2025/02/new-snake-keylogger-variant-leverages.html

Russian-aligned threat actors are using malicious QR codes to hijack Signal accounts via the app’s legitimate “linked devices” feature.

Once compromised, threat actors gain real-time access to victim messages, enabling persistent surveillance.

Learn how these attacks work: https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html

🚨 Microsoft has issued high-severity security updates for Bing (CVE-2025-21355) and Power Pages (CVE-2025-24989), addressing two serious flaws.

One of these vulnerabilities is already being exploited in the wild.

Read more: https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html

Citrix has patched a severe flaw in NetScaler Console & Agent (CVE-2024-12284) with a CVSS score of 8.8.

This privilege escalation bug could allow authenticated attackers to execute unauthorized actions.

UPDATE immediately to the latest versions.

Read: https://thehackernews.com/2025/02/citrix-releases-security-fix-for.html

🛑 UPDATE: Researchers reveal tech details on credential coercion vulnerabilities (CVE-2024-13159-13161, 10811) in Ivanti EPM. Attackers could compromise servers via relay attacks.

⚡ Patch urgently if you haven’t done so already—PoC exploit now in the wild.

https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html

📅 Mark your calendars!

Microsoft Exchange 2016 and 2019 support ends on October 14, 2025. This means no more security patches or technical support.

🔐 Without updates, these versions will be prime targets for cybercriminals.

Get the full details on your migration options in the article: https://thehackernews.com/2025/02/microsoft-end-of-support-for-exchange-2016-and-exchange-2019.html

Cybercriminals are using the Eclipse Foundation’s jarsigner tool to distribute XLoader malware, exploiting DLL side-loading techniques.

The malware now employs complex encryption at runtime, making signature-based defenses less effective.

Read more: https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html

🛑 The Green Nailao campaign deployed NailaoLocker ransomware, locking files and demanding Bitcoin payments.

Attackers exploited a Check Point flaw to steal credentials and escalate via RDP.

👉 Learn more: https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html

By March 31, 2025, all businesses handling cardholder data must implement PCI DSS 4.0 DMARC — No exceptions.

Failure to comply could cost you $5K-$100K in penalties—and that’s just the start.

Read the full article now: https://thehackernews.com/2025/02/pci-dss-40-mandates-dmarc-by-31st-march.html

🚨 Freelance developers are under attack.

North Korean hackers use fake job interviews on Upwork and GitHub to infect crypto developers with BeaverTail and InvisibleFerret malware, stealing credentials and funds.

👉 Get the full story: https://thehackernews.com/2025/02/north-korean-hackers-target-freelance.html

The CISA has flagged a critical vulnerability in Craft CMS, prompting urgent action.

CVE-2025-23209 carries a high CVSS score of 8.1—indicating significant risk to any organization still using outdated versions.

This code injection flaw opens the door to remote code execution, potentially exposing sensitive user security keys.

Learn more: https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html

A Chinese threat group, Salt Typhoon, has infiltrated major U.S. telecoms by exploiting CVE-2018-0171, a critical security flaw.

The attackers maintained access for over three years, showcasing their patience and sophistication.

Read more to learn: https://thehackernews.com/2025/02/cisco-confirms-salt-typhoon-exploited.html