⚠️ A malicious Python package, automslc, has been flagged for bypassing Deezer's security to enable unauthorized music downloads.

With over 104,000 downloads, it exploits hardcoded credentials and external servers for illegal music piracy.

Read the full article: https://thehackernews.com/2025/02/malicious-pypi-package-automslc-enables.html

🚨 Ukraine’s CERT-UA warns of new cyberattacks targeting Notary of Ukraine operations with the DCRat remote access trojan.

Attackers gain access using RDPWRAPPER and steal data with tools like FIDDLER and XWorm.

Read the full article for more insights: https://thehackernews.com/2025/02/cert-ua-warns-of-uac-0173-attacks.html

🚨 A new Linux malware, Auto-Color, is targeting universities and government organizations across North America and Asia.

Unlike traditional malware, it uses encryption and hidden tactics to evade detection, making it harder to remove.

👉 Read: https://thehackernews.com/2025/02/new-linux-malware-auto-color-grants.html

Passwords are under constant attack—from brute force to dictionary & rainbow table methods. Strong, complex passwords and MFA are essential to defend against these threats.

Learn how to protect your data from advanced password-cracking techniques: https://thehackernews.com/2025/02/three-password-cracking-techniques-and.html

A massive leak of Black Basta's 200,000+ chat messages reveals their tactics, key players, and internal conflicts.

The group uses QakBot for access, exploits SMB misconfigurations, and faces growing instability.

Get the inside scoop: https://thehackernews.com/2025/02/leaked-black-basta-chat-logs-reveal.html

Say goodbye to burnout with SOC 3.0—AI-powered security that works smarter, not harder.

Tired of drowning in alerts? SOC 3.0 uses AI to handle the heavy lifting, freeing up analysts to make the big decisions.

Want to see how it all works? Read the full article now: https://thehackernews.com/2025/02/soc-30-evolution-of-soc-and-how-ai-is.html

🚨 A severe XSS vulnerability in Krpano, a popular virtual tour framework, has been exploited to inject malicious scripts into over 350 websites.

🔍 Affected sites include government portals, universities, and Fortune 500 companies.

The attack manipulates search results, using SEO poisoning tactics to promote spam ads.

Get the full details: https://thehackernews.com/2025/02/hackers-exploited-krpano-framework-flaw.html

Shadow AI is quietly slipping into your organization—are you prepared to stop it?

AI tools are growing fast, but many are flying under the radar, avoiding standard security checks. This can put sensitive data at risk. Is your security plan ready?

Read the full article to learn how to protect your organization from Shadow AI: https://thehackernews.com/expert-insights/2025/02/shadow-ai-is-here-is-your-security.html

⚠️ The FBI confirms Lazarus Group (TraderTraitor) is behind the $1.5B Bybit hack.

The attack originated from a compromised Safe{Wallet} developer machine, allowing a malicious transaction to target Bybit’s multisig cold wallet.

The stolen funds are now being laundered across multiple blockchains.

Read more: https://thehackernews.com/2025/02/bybit-hack-traced-to-safewallet-supply.html

🚨 A new botnet, PolarEdge, is exploiting critical vulnerabilities in Cisco, ASUS, QNAP, and Synology edge devices.

A TLS backdoor lets attackers control infected devices worldwide. Over 2,000 devices are already compromised, targeting outdated routers.

Read the full article for more details: https://thehackernews.com/2025/02/polaredge-botnet-exploits-cisco-and.html

The Android malware TgToxic (ToxicPanda) has evolved, with new features to evade detection and enhance its capabilities.

With improved emulator detection and dynamic C2 server generation, this malware is adapting faster than researchers can track.

Explore the full article: https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html

GenAI tools are widely used in enterprises, but 90% of this activity is off the IT radar, increasing the risk of data leaks and unauthorized access.

Without monitoring "shadow AI," your data could be at risk. Stay ahead of this threat and secure your AI interactions.

Read the full report to learn more: https://thehackernews.com/2025/02/89-of-enterprise-genai-usage-is.html

📣 Next Wednesday! Join a live panel on building a cloud security program that actually works.

Join Lori H., Snir Ben Shimol, and Jordan Bowen for a conversation on how to take your organization from zero to a well-secured and managed state using infrastructure as Code (IaC), Artificial Intelligence (AI) and effective policy enforcement.

📅 Wednesday, March 5, 12 PM ET

👉 Register here: https://thn.news/cloud-security-program

🚨 New Malware Alert!

A phishing campaign targeting Taiwan is spreading Winos 4.0 malware, disguised as a tax inspection document. The attachment, pretending to be an official list, hides a malicious DLL that paves the way for further attacks.

Read: https://thehackernews.com/2025/02/silver-fox-apt-uses-winos-40-malware-in.html

UPDATE: A sophisticated Chinese hacking group, CL-STA-0049, is exploiting vulnerabilities in IIS servers to deploy the stealthy Squidoor backdoor.

Squidoor’s multi-platform capabilities target both Windows & Linux systems.

https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html#update

🚨 Sticky Werewolf is back with a new wave of attacks, focusing on organizations in Russia and Belarus.

This time, the threat actor is using a previously undocumented implant to deliver the Lumma Stealer malware.

Read the full article: https://thehackernews.com/2025/02/sticky-werewolf-uses-undocumented.html

A recent study reveals that large language model datasets contain nearly 12,000 live secrets, including API keys and passwords.

These “live” secrets aren’t just exposed – they allow for successful authentication with their respective services.

Read the full article: https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html

🛑 Microsoft exposes Storm-2139, a dangerous network hijacking generative AI services for illegal content creation.

This sophisticated cybercrime ring is manipulating AI to produce harmful content, including explicit materials.

Read the full story: https://thehackernews.com/2025/02/microsoft-exposes-llmjacking.html

Cybercriminals are leveraging fake CAPTCHA images in phishing PDFs to distribute the dangerous Lumma Stealer malware.

260 unique domains and 5,000 phishing PDFs, mostly hosted on Webflow, are part of this ongoing campaign.

Learn more about the tactics: https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html