🚨 A severe XSS vulnerability in Krpano, a popular virtual tour framework, has been exploited to inject malicious scripts into over 350 websites.

🔍 Affected sites include government portals, universities, and Fortune 500 companies.

The attack manipulates search results, using SEO poisoning tactics to promote spam ads.

Get the full details: https://thehackernews.com/2025/02/hackers-exploited-krpano-framework-flaw.html

Shadow AI is quietly slipping into your organization—are you prepared to stop it?

AI tools are growing fast, but many are flying under the radar, avoiding standard security checks. This can put sensitive data at risk. Is your security plan ready?

Read the full article to learn how to protect your organization from Shadow AI: https://thehackernews.com/expert-insights/2025/02/shadow-ai-is-here-is-your-security.html

⚠️ The FBI confirms Lazarus Group (TraderTraitor) is behind the $1.5B Bybit hack.

The attack originated from a compromised Safe{Wallet} developer machine, allowing a malicious transaction to target Bybit’s multisig cold wallet.

The stolen funds are now being laundered across multiple blockchains.

Read more: https://thehackernews.com/2025/02/bybit-hack-traced-to-safewallet-supply.html

🚨 A new botnet, PolarEdge, is exploiting critical vulnerabilities in Cisco, ASUS, QNAP, and Synology edge devices.

A TLS backdoor lets attackers control infected devices worldwide. Over 2,000 devices are already compromised, targeting outdated routers.

Read the full article for more details: https://thehackernews.com/2025/02/polaredge-botnet-exploits-cisco-and.html

The Android malware TgToxic (ToxicPanda) has evolved, with new features to evade detection and enhance its capabilities.

With improved emulator detection and dynamic C2 server generation, this malware is adapting faster than researchers can track.

Explore the full article: https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html

GenAI tools are widely used in enterprises, but 90% of this activity is off the IT radar, increasing the risk of data leaks and unauthorized access.

Without monitoring "shadow AI," your data could be at risk. Stay ahead of this threat and secure your AI interactions.

Read the full report to learn more: https://thehackernews.com/2025/02/89-of-enterprise-genai-usage-is.html

📣 Next Wednesday! Join a live panel on building a cloud security program that actually works.

Join Lori H., Snir Ben Shimol, and Jordan Bowen for a conversation on how to take your organization from zero to a well-secured and managed state using infrastructure as Code (IaC), Artificial Intelligence (AI) and effective policy enforcement.

📅 Wednesday, March 5, 12 PM ET

👉 Register here: https://thn.news/cloud-security-program

🚨 New Malware Alert!

A phishing campaign targeting Taiwan is spreading Winos 4.0 malware, disguised as a tax inspection document. The attachment, pretending to be an official list, hides a malicious DLL that paves the way for further attacks.

Read: https://thehackernews.com/2025/02/silver-fox-apt-uses-winos-40-malware-in.html

UPDATE: A sophisticated Chinese hacking group, CL-STA-0049, is exploiting vulnerabilities in IIS servers to deploy the stealthy Squidoor backdoor.

Squidoor’s multi-platform capabilities target both Windows & Linux systems.

https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html#update

🚨 Sticky Werewolf is back with a new wave of attacks, focusing on organizations in Russia and Belarus.

This time, the threat actor is using a previously undocumented implant to deliver the Lumma Stealer malware.

Read the full article: https://thehackernews.com/2025/02/sticky-werewolf-uses-undocumented.html

A recent study reveals that large language model datasets contain nearly 12,000 live secrets, including API keys and passwords.

These “live” secrets aren’t just exposed – they allow for successful authentication with their respective services.

Read the full article: https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html

🛑 Microsoft exposes Storm-2139, a dangerous network hijacking generative AI services for illegal content creation.

This sophisticated cybercrime ring is manipulating AI to produce harmful content, including explicit materials.

Read the full story: https://thehackernews.com/2025/02/microsoft-exposes-llmjacking.html

Cybercriminals are leveraging fake CAPTCHA images in phishing PDFs to distribute the dangerous Lumma Stealer malware.

260 unique domains and 5,000 phishing PDFs, mostly hosted on Webflow, are part of this ongoing campaign.

Learn more about the tactics: https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html

🔐 RDP allows remote work and efficient IT management, but it’s also a prime target for cyberattacks.

50% of SMBs use RDP daily, cutting costs and downtime—but exposing systems to the internet increases vulnerability.

Find out how to fortify your RDP and reduce the risk in the full article: https://thehackernews.com/2025/02/rdp-double-edged-sword-for-it-teams.html

A Serbian activist’s Android phone was unlocked using a zero-day exploit developed by Cellebrite.

This attack leveraged a vulnerability in Android USB drivers, enabling attackers to bypass lock screens.

Read the full article to uncover how this exploit was used: https://thehackernews.com/2025/02/amnesty-finds-cellebrites-zero-day.html

Mozilla updates Firefox’s Terms of Use after user concerns over data rights.

The new revisions clarify that Mozilla doesn’t own your data—but the language change follows a wave of community criticism.

Read the full breakdown here: https://thehackernews.com/2025/03/mozilla-updates-firefox-terms-again.html

A botnet malware is rapidly spreading across 226 countries, infecting over 1.5 million Android TV devices.

RSA and XXTEA encryption make it harder to detect and trace the botnet’s activity.

Read the full analysis here: https://thehackernews.com/2025/03/vo1d-botnets-peak-surpasses-159m.html

Ransomware attacks jumped 11% in 2024, hitting a record 5,414 incidents. Disruptions in Q2 and Q4 caused a surge, as law enforcement cracked down on major cybercrime groups.

Read the full analysis on this growing threat: https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html

Paragon Partition Manager's BioNTdrv.sys driver has a critical vulnerability (CVE-2025-0289) exploited in ransomware attacks.

Attackers with local access can escalate privileges and run malicious code on Windows systems.

Read the full analysis here: https://thehackernews.com/2025/03/hackers-exploit-paragon-partition.html