The Android malware TgToxic (ToxicPanda) has evolved, with new features to evade detection and enhance its capabilities.
With improved emulator detection and dynamic C2 server generation, this malware is adapting faster than researchers can track.
Explore the full article: https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html
With improved emulator detection and dynamic C2 server generation, this malware is adapting faster than researchers can track.
Explore the full article: https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html
π13β‘7π3
GenAI tools are widely used in enterprises, but 90% of this activity is off the IT radar, increasing the risk of data leaks and unauthorized access.
Without monitoring "shadow AI," your data could be at risk. Stay ahead of this threat and secure your AI interactions.
Read the full report to learn more: https://thehackernews.com/2025/02/89-of-enterprise-genai-usage-is.html
Without monitoring "shadow AI," your data could be at risk. Stay ahead of this threat and secure your AI interactions.
Read the full report to learn more: https://thehackernews.com/2025/02/89-of-enterprise-genai-usage-is.html
π₯17π4π±3π1π€1
π£ Next Wednesday! Join a live panel on building a cloud security program that actually works.
Join Lori H., Snir Ben Shimol, and Jordan Bowen for a conversation on how to take your organization from zero to a well-secured and managed state using infrastructure as Code (IaC), Artificial Intelligence (AI) and effective policy enforcement.
π Wednesday, March 5, 12 PM ET
π Register here: https://thn.news/cloud-security-program
Join Lori H., Snir Ben Shimol, and Jordan Bowen for a conversation on how to take your organization from zero to a well-secured and managed state using infrastructure as Code (IaC), Artificial Intelligence (AI) and effective policy enforcement.
π Wednesday, March 5, 12 PM ET
π Register here: https://thn.news/cloud-security-program
π₯10π6π1
π¨ New Malware Alert!
A phishing campaign targeting Taiwan is spreading Winos 4.0 malware, disguised as a tax inspection document. The attachment, pretending to be an official list, hides a malicious DLL that paves the way for further attacks.
Read: https://thehackernews.com/2025/02/silver-fox-apt-uses-winos-40-malware-in.html
A phishing campaign targeting Taiwan is spreading Winos 4.0 malware, disguised as a tax inspection document. The attachment, pretending to be an official list, hides a malicious DLL that paves the way for further attacks.
Read: https://thehackernews.com/2025/02/silver-fox-apt-uses-winos-40-malware-in.html
π12π6π€4π3
UPDATE: A sophisticated Chinese hacking group, CL-STA-0049, is exploiting vulnerabilities in IIS servers to deploy the stealthy Squidoor backdoor.
Squidoorβs multi-platform capabilities target both Windows & Linux systems.
https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html#update
Squidoorβs multi-platform capabilities target both Windows & Linux systems.
https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html#update
β‘14π4π€3π€―1
π¨ Sticky Werewolf is back with a new wave of attacks, focusing on organizations in Russia and Belarus.
This time, the threat actor is using a previously undocumented implant to deliver the Lumma Stealer malware.
Read the full article: https://thehackernews.com/2025/02/sticky-werewolf-uses-undocumented.html
This time, the threat actor is using a previously undocumented implant to deliver the Lumma Stealer malware.
Read the full article: https://thehackernews.com/2025/02/sticky-werewolf-uses-undocumented.html
π€13π₯6π5π3π±1
A recent study reveals that large language model datasets contain nearly 12,000 live secrets, including API keys and passwords.
These βliveβ secrets arenβt just exposed β they allow for successful authentication with their respective services.
Read the full article: https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html
These βliveβ secrets arenβt just exposed β they allow for successful authentication with their respective services.
Read the full article: https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html
π€―24π6π3β‘1
π Microsoft exposes Storm-2139, a dangerous network hijacking generative AI services for illegal content creation.
This sophisticated cybercrime ring is manipulating AI to produce harmful content, including explicit materials.
Read the full story: https://thehackernews.com/2025/02/microsoft-exposes-llmjacking.html
This sophisticated cybercrime ring is manipulating AI to produce harmful content, including explicit materials.
Read the full story: https://thehackernews.com/2025/02/microsoft-exposes-llmjacking.html
π€―11π5π€5π₯4π2
Cybercriminals are leveraging fake CAPTCHA images in phishing PDFs to distribute the dangerous Lumma Stealer malware.
260 unique domains and 5,000 phishing PDFs, mostly hosted on Webflow, are part of this ongoing campaign.
Learn more about the tactics: https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html
260 unique domains and 5,000 phishing PDFs, mostly hosted on Webflow, are part of this ongoing campaign.
Learn more about the tactics: https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html
β‘12π₯7π5π€3
π RDP allows remote work and efficient IT management, but itβs also a prime target for cyberattacks.
50% of SMBs use RDP daily, cutting costs and downtimeβbut exposing systems to the internet increases vulnerability.
Find out how to fortify your RDP and reduce the risk in the full article: https://thehackernews.com/2025/02/rdp-double-edged-sword-for-it-teams.html
50% of SMBs use RDP daily, cutting costs and downtimeβbut exposing systems to the internet increases vulnerability.
Find out how to fortify your RDP and reduce the risk in the full article: https://thehackernews.com/2025/02/rdp-double-edged-sword-for-it-teams.html
π20π₯6β‘4π1
A Serbian activistβs Android phone was unlocked using a zero-day exploit developed by Cellebrite.
This attack leveraged a vulnerability in Android USB drivers, enabling attackers to bypass lock screens.
Read the full article to uncover how this exploit was used: https://thehackernews.com/2025/02/amnesty-finds-cellebrites-zero-day.html
This attack leveraged a vulnerability in Android USB drivers, enabling attackers to bypass lock screens.
Read the full article to uncover how this exploit was used: https://thehackernews.com/2025/02/amnesty-finds-cellebrites-zero-day.html
π₯34π€13π11π€―6β‘3π2
Mozilla updates Firefoxβs Terms of Use after user concerns over data rights.
The new revisions clarify that Mozilla doesnβt own your dataβbut the language change follows a wave of community criticism.
Read the full breakdown here: https://thehackernews.com/2025/03/mozilla-updates-firefox-terms-again.html
The new revisions clarify that Mozilla doesnβt own your dataβbut the language change follows a wave of community criticism.
Read the full breakdown here: https://thehackernews.com/2025/03/mozilla-updates-firefox-terms-again.html
π₯37π19π14π€―14π€11β‘5
A botnet malware is rapidly spreading across 226 countries, infecting over 1.5 million Android TV devices.
RSA and XXTEA encryption make it harder to detect and trace the botnetβs activity.
Read the full analysis here: https://thehackernews.com/2025/03/vo1d-botnets-peak-surpasses-159m.html
RSA and XXTEA encryption make it harder to detect and trace the botnetβs activity.
Read the full analysis here: https://thehackernews.com/2025/03/vo1d-botnets-peak-surpasses-159m.html
π±18π11π6β‘5π€4π€―4
Ransomware attacks jumped 11% in 2024, hitting a record 5,414 incidents. Disruptions in Q2 and Q4 caused a surge, as law enforcement cracked down on major cybercrime groups.
Read the full analysis on this growing threat: https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html
Read the full analysis on this growing threat: https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html
π±14π8π1
Paragon Partition Manager's BioNTdrv.sys driver has a critical vulnerability (CVE-2025-0289) exploited in ransomware attacks.
Attackers with local access can escalate privileges and run malicious code on Windows systems.
Read the full analysis here: https://thehackernews.com/2025/03/hackers-exploit-paragon-partition.html
Attackers with local access can escalate privileges and run malicious code on Windows systems.
Read the full analysis here: https://thehackernews.com/2025/03/hackers-exploit-paragon-partition.html
π±11π8β‘3π₯3π1π1
Is the future of the SOC autonomous?
"Autonomous SOC" has become one of the biggest buzzwords in the post-GPT era. But how much of the hype is real?
In an on-demand webinar, Tines CEO Eoin Hinchy and guest speaker Allie Mellen, Principal Analyst at Forrester, take a deep into the practical applications of AI in security operations.
They explored:
πΈ How SOCs are evolving with AI and workflow orchestration
πΈ Practical applications of AI within the SOC
πΈ How teams can identify areas where AI-driven autonomy makes sense
Watch now: https://thn.news/future-soc-autonomous-fb
"Autonomous SOC" has become one of the biggest buzzwords in the post-GPT era. But how much of the hype is real?
In an on-demand webinar, Tines CEO Eoin Hinchy and guest speaker Allie Mellen, Principal Analyst at Forrester, take a deep into the practical applications of AI in security operations.
They explored:
πΈ How SOCs are evolving with AI and workflow orchestration
πΈ Practical applications of AI within the SOC
πΈ How teams can identify areas where AI-driven autonomy makes sense
Watch now: https://thn.news/future-soc-autonomous-fb
π10π₯3π€―1
The U.K. ICO is investigating TikTok, Reddit, and Imgur for potential child data privacy violations.
The focus is on whether these platforms are using minors' personal data to target content.
Read the full story here: https://thehackernews.com/2025/03/uk-ico-investigates-tiktok-reddit-and.html
The focus is on whether these platforms are using minors' personal data to target content.
Read the full story here: https://thehackernews.com/2025/03/uk-ico-investigates-tiktok-reddit-and.html
π8π€6π4π₯2π2
A new phishing campaign uses the ClickFix technique to launch a multi-stage attack via SharePoint.
It hides behind trusted services and uses the Havoc C2 framework to avoid detection.
Read the full analysis here: https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html
It hides behind trusted services and uses the Havoc C2 framework to avoid detection.
Read the full analysis here: https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html
π13π6π1
A threat group is exploiting AWS misconfigurations to send phishing emails.
TGR-UNK-0011 uses exposed AWS access keys to bypass email security, blending in with trusted communications.
Learn more about their tactics: https://thehackernews.com/2025/03/hackers-exploit-aws-misconfigurations.html
TGR-UNK-0011 uses exposed AWS access keys to bypass email security, blending in with trusted communications.
Learn more about their tactics: https://thehackernews.com/2025/03/hackers-exploit-aws-misconfigurations.html
π21π₯3β‘2π2π€1