<?xml version="1.0" encoding="UTF-8" standalone="no"?><rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" version="2.0"><channel><title>The Hacker News</title><link>https://thehackernews.com</link><description>Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com</description><language>en-us</language><lastBuildDate>Thu, 06 Feb 2025 04:21:17 +0530</lastBuildDate><sy:updatePeriod>hourly</sy:updatePeriod><sy:updateFrequency>1</sy:updateFrequency><atom:link href="https://feeds.feedburner.com/TheHackersNews" rel="self" type="application/rss+xml"/><item><title>Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign</title><description><![CDATA[The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of]]></description><link>https://thehackernews.com/2025/02/cross-platform-javascript-stealer.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/cross-platform-javascript-stealer.html</guid><pubDate>Wed, 05 Feb 2025 20:25:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhm7EasDvlqTK-eD-uHPE0emLNC3ddIxCu9PLyn5mJYOMiL5l-rJV_yfriFHBjflUBQKIONu9eeVBPO84k220rkTYgcYSSazV7JGZMXIGkIaWi6Cgo8VClKbeIlmomd9xQZ5MsbUS5IQ8jwvHL1Z8_socr31WJFqgAn7B2-cOWwI5k1BYReJKJmHESkd0Oj/s1600/malware.png"/></item><item><title>Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts</title><description><![CDATA[Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.
Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks.
"Originally sourced from public]]></description><link>https://thehackernews.com/2025/02/cybercriminals-use-axios-and-node-fetch.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/cybercriminals-use-axios-and-node-fetch.html</guid><pubDate>Wed, 05 Feb 2025 18:33:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYcB32bkzUF1AUr0lZ-QhdBoLLvnT73Shfa_xeGfbzGcBDUBqpyPKsM8S2JQTYp2QPGEz9VYJtSjJQyPoaq62xn45twN9602Yhyphenhyphen2oaCfmumyoGw_m7b9zmIzDVJ4rtwEIe7veBBkkObIMddQ2IOKjt81JpF3aCJmPHikqQqDQwGUOk2Z3KPxOrkKRfKHDg/s1600/pssword.png"/></item><item><title>Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks</title><description><![CDATA[A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
"This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report]]></description><link>https://thehackernews.com/2025/02/silent-lynx-using-powershell-golang-and.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/silent-lynx-using-powershell-golang-and.html</guid><pubDate>Wed, 05 Feb 2025 18:16:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1fPmPJRLqSkb80PZeZFaS74ZzuOkdMRmMRzBnV1mSf2wv2EVcLhaIzyuewmQTqTINBKrvuzJhP6FFPIWdX0Viwensz5FOmN4bnoqPZitCeTtT6rWL9bKq2LBh5Xu4q1KnD5AlvFbU1Jau_GX8YoTZmJgH_s90AhZS2dc4PgZvOroa4VaSrI5ApeVjMihX/s1600/cyber.jpg"/></item><item><title>New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack</title><description><![CDATA[Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.
The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.
"A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code]]></description><link>https://thehackernews.com/2025/02/new-veeam-flaw-allows-arbitrary-code.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/new-veeam-flaw-allows-arbitrary-code.html</guid><pubDate>Wed, 05 Feb 2025 17:46:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxnk_lJPUS0BZwNO2mx9Vb4ppUN3ifSvJyWHtZEsMV-IeDiE3SlnZ9ZXTwkifc8es3msSjnCBpd2Qk2dVP3g5LrEld-diDiVvaLmwQvzeU9XmuJ_4ecSUIma-aq_AVts43QUj_6mG7VQiNMZEAe8pdkAL2vGl7gQWILWF0BerXRGAFv1Y1WfwlgDsideeS/s1600/veeam.jpg"/></item><item><title>Navigating the Future: Key IT Vulnerability Management Trends </title><description><![CDATA[As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws.
Staying informed on these trends can help MSPs and IT teams]]></description><link>https://thehackernews.com/2025/02/navigating-future-key-it-vulnerability.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/navigating-future-key-it-vulnerability.html</guid><pubDate>Wed, 05 Feb 2025 16:30:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKo_R6mZrEryRUuOSOMys3RTHaP6haTFLH1JjB0sZ7W2EPuBZk4E0jNDR2cBXKjQze_JjR5vUiMeCD5YVh0_iEsfkzF00BcGRKsCMFZfJXl8fIR1hOAqQHF0RceJXdR0QSMxINgxCyWSLpUHe2XDxozo25h5E8d7G-Gxa7RxRQchbzadKhRgrnd4SiCjw/s1600/Vulnerability-Management.png"/></item><item><title>AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks</title><description><![CDATA[A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels.
"AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis.
"It allows attackers to control infected systems]]></description><link>https://thehackernews.com/2025/02/asyncrat-campaign-uses-python-payloads.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/asyncrat-campaign-uses-python-payloads.html</guid><pubDate>Wed, 05 Feb 2025 15:10:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjssruf140lZU7nUexNUTbi3ZPB2S1wr3aYRTgIa77kjvkDL5JJjr8qZzuhO1tETDOXH5o2smCK4QHn2XSluNa3AJQHXUyqLtfuZTh4SQTPxBjbu985QDlCr65ytPgRhOAR7-ukrd0gO8Ou7Kcwzh3joqKiK8YFUcS07pYaEY-EPL-dXSmetQIXUDChqIHp/s1600/malware.png"/></item><item><title>CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25</title><description><![CDATA[The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -

CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized]]></description><link>https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html</guid><pubDate>Wed, 05 Feb 2025 10:35:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRCw8EKpfY45DKbmFNayh4ChoHN2qbtk0HwmVWf07n3dKD3PoHfj4v2pH0VQ_fSA6rAbhm6BytxU8Y74eXGjgP8082S6tApI14Ddn1_tmjl8Ow5_MfjJ5Gen9Q9q5oUMc4MCq5yqoYzbIO6oCy7cHlbFFlllWkRDe6pOexUldcwTbqKVX4SSdhTuaboZtr/s1600/cisa.jpg"/></item><item><title>Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access</title><description><![CDATA[Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to]]></description><link>https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html</guid><pubDate>Tue, 04 Feb 2025 19:46:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMmlQauu6kMFdILGbz2N874lk0gOm_-C3D7Uxz8n4vW56xHolsFgQUI2gHZowL5EagqWrhu1n1z5lcdcPzIjUBOWl_RRj3YPjiTsFWrPFpxBdkn_LPZb-pks-oXh4ArfArMS-5ZTZx2HVy4TELuhvkGfNI1zY06rTzdsS83MiPtBmTJ2sM-oxZq9PNhlj/s1600/go.png"/></item><item><title>Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections</title><description><![CDATA[A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.
The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09.
"The vulnerability was]]></description><link>https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html</guid><pubDate>Tue, 04 Feb 2025 17:58:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrQBtWBoyYopvblPrT2rHPhRWDtoNt11PSMGAm3pHULeTQWykr8i1HZIae5_Hwbz1KGNmIZoAF2DhlejY_L2lMYlvR5HaJjajIx7upaImtYieJy6Dumkb-hLoIQPrlZ_Mnbfso6iE7rjrDbY0ukJQWOow_AsrOMM_Ok3l6rmAiHOSN2j2xZWsfWZO4TEKi/s1600/zip.png"/></item><item><title>North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS</title><description><![CDATA[The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process.
"Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or]]></description><link>https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html</guid><pubDate>Tue, 04 Feb 2025 17:41:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj5mEwNHiHEc1VFQNd4XQqmcdYbMJmCADEzJQukNSzCVqN6MQoKZ27YgsyYrJtpCl9XNmFkBFeeWWvM-2oidZAYTme-m4FJE4zyKrWtPtS8QgvxY_fXOBq3fy46Fsa_pLxNBHRHmZjShZDJEHq_VRRjZvzCoPpL-iQFcIaxU9T1ViNjIPY297UWaLuUShO/s1600/malware-code-job.png"/></item><item><title>Watch Out For These 8 Cloud Security Shifts in 2025</title><description><![CDATA[As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud.
But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a]]></description><link>https://thehackernews.com/2025/02/watch-out-for-these-8-cloud-security.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/watch-out-for-these-8-cloud-security.html</guid><pubDate>Tue, 04 Feb 2025 16:30:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOHb66TGrTxCxe5CGY34xO54CjR0HB4xeUxzcQSuRm1DMqyKCMBA09ILdAZ-vF92KI3XMAF12BGcKyuxY3VCkBmV2_io4NF4U-wN6Tl-4VRiZPW8wqogePSZ7C-Gdn0p_TdN9ZH-vf8myYVHFv0mIMjZWWGPw2bxyNpriqF9z2s2NCGgYAmrQTf-OX6kE/s1600/cloud-security.png"/></item><item><title>Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks</title><description><![CDATA[Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks.
"Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia.
"DeepSeek]]></description><link>https://thehackernews.com/2025/02/taiwan-bans-deepseek-ai-over-national.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/taiwan-bans-deepseek-ai-over-national.html</guid><pubDate>Tue, 04 Feb 2025 15:02:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSf8K2uzNtey879iblouCwOZBfGr8f00fY4dhe-C1hajrPLJMuvjTzHts3r-Nn6uTSXIxP_XOXnHjJY_A_Fc_0WivrKA-akVy_-M6-Q2YO-QNNp9POuTTe3PA-d9T7838LVunlFL05QnfLfwM2YgZsV6uyhyphenhypheng0cz8Hx2eCKUQkwXGtCbdZOYjEBA7ejEza/s1600/deepseek-ai.png"/></item><item><title>AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access</title><description><![CDATA[A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.
"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local]]></description><link>https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html</guid><pubDate>Tue, 04 Feb 2025 14:28:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhioFS_P1GtwtE1CIY3j_uiwFN4uBcJ4PXssvRxP_4K8ZEFe7nP81yWP3qyMF7ZvbbmCVdvP8CizF7C1tEcQuYPl3OoY61ZYWvkyuJoaFHkvRpQxOFY7z4eOaHsm4uFXgYcgjdVJkHng6vt0b2OrcoHpy2QSOkrNjhiiFV4hSfXI07Vv9sQXM3VvdnPMjeS/s1600/AMD.png"/></item><item><title>Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score</title><description><![CDATA[Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below -

CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service]]></description><link>https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html</guid><pubDate>Tue, 04 Feb 2025 10:38:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirFZkfpBrR0B-5ygBrUJU7QwN-JvyB908Iz9tLmuyGZvJyZ2Xh8QEDtjdXSXzVj0bx8fMnuUedpKxB1k3oR4eMZNvayU0HC9NYe7M3YALHFRHJKN-RGoWboh11oWZZ0trgU2yKWRltaVMRLtgBpr2KUFQET2jcrnAEgsvKQ0ScMY_KkxArRMfoumGSqMg/s1600/ms.png"/></item><item><title>Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104</title><description><![CDATA[Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead]]></description><link>https://thehackernews.com/2025/02/google-patches-47-android-security.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/google-patches-47-android-security.html</guid><pubDate>Tue, 04 Feb 2025 10:21:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyS7gKD2g-ga3K8Vx4wXMpDINr9jYYajYkQLoq9EROlLzaQ-Alsg8HX7zF-HW0khnOHxu-NSSPKWA_SmClwjD8KPDuwMVr9o17BZBsrmp7QUatChZ8iP1K03GiSCgJEyMsf-U48K0toEuxpO-SkTCk_MsNRmwDtN9TM2CN3P0WkAV2CzWelYvEH4dZA2kI/s1600/android.png"/></item><item><title>Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform</title><description><![CDATA[Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf]]></description><link>https://thehackernews.com/2025/02/microsoft-sharepoint-connector-flaw.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/microsoft-sharepoint-connector-flaw.html</guid><pubDate>Tue, 04 Feb 2025 09:59:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY1LiI2LayZbct1jWLQ8Oa4542BGOvGbwaY-mvQvVWSyCSNXkc99J28xRDT_txH-hwGLCgnHMacAmFhyBdAsdfTyFcaI4N1_sHiVC5gVNGZC7W5ckEX60sXXdVpF9dGBUrdUxkeIdXf7KI8jdZfBYsKpPOD-3Y8AFQVkU3vbgEZjy98oXwgzWm3d1Z9FGV/s1600/ms.png"/></item><item><title>768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023</title><description><![CDATA[As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before]]></description><link>https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html</guid><pubDate>Mon, 03 Feb 2025 19:27:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHUwB8cBoHx4Hj7y6vKOfcugLNSTEybcVpmAQsCrIVegjWt7Qz50wVXcfHrIxB2qO53JrtGDzFFOqdkzQ0tcl3pbg8GAmVcDi0U-XVq3Zw9sNDlHf6ydFW7C24bMzT4GIK5zFQSVTsXqHZ9HSk7J3QvrBZM9vNnw28DCdeYTxjgC0s7XsD69Wkrh_SyQ_S/s1600/vul.png"/></item><item><title>PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages</title><description><![CDATA[The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
"Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said.
In doing so, the idea is to]]></description><link>https://thehackernews.com/2025/02/pypi-introduces-archival-status-to.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/pypi-introduces-archival-status-to.html</guid><pubDate>Mon, 03 Feb 2025 18:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIPn9dzeZZJsJenlWbgzw_jVzJaCKHWZybX0ZAqRGgQCqS90ovtydLRjTKkFSV8fWlnh6rS9FmS16wpM1QgHqFtOtBtWgNhYuckfCVLYfjYMnWPNPFu0Ihek8Tyu7AH6_uzBep4GQOhP_J1BgW-imfO2cJrp6-Smb75_GP9wE5fIsvrtdaLi0WeJrSb_B2/s1600/python.png"/></item><item><title>⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February]</title><description><![CDATA[This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference.&nbsp;
Let’s take a]]></description><link>https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity.html</guid><pubDate>Mon, 03 Feb 2025 17:29:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA8HuSGC2Bi7PiuXHsj4JvmjwxIgTeHQTgl-ASOMLbCMt4S4kyr-0Vuuzb-YaJeoTIhleDmVGZr0H1b4OfH_o21T4kZnMVi7o4ulwngKAxahuadmkyRr4i7N8z3KOJbI5x_stxthWafp_lpWuuyieh2yuIqA1V8vdeCss9jAFDO0M1uf0bNvBkGMkwPlqk/s1600/recap-article.png"/></item><item><title>Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions</title><description><![CDATA[Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote.
"Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.
The]]></description><link>https://thehackernews.com/2025/02/coyote-malware-expands-reach-now.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/coyote-malware-expands-reach-now.html</guid><pubDate>Mon, 03 Feb 2025 17:09:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPokopv5RjEOg5kNTyWwzHVZP6-Hffn-qxW3a60upbK9ctYy5aBDqlBESmXl0sls3ngV1_nu7u8ae1S6RZvItO5Yn0HeNv6J47iwzXUlVURsIWpLjTZd1_VQGg-2u9NeGvUTM-yMe5BPO8GT8R2WptKJGhOcc6Jk0Mc2y3KLsWkxZlJOD49vtVi_iDpFB_/s1600/trojan.png"/></item><item><title>What Is Attack Surface Management?</title><description><![CDATA[Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike.
With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important.
In this]]></description><link>https://thehackernews.com/2025/02/what-is-attack-surface-management.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/what-is-attack-surface-management.html</guid><pubDate>Mon, 03 Feb 2025 16:30:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9GPTnlkZEmINbXHKjh1DEDdkAtbkPkC6Fx3-BZMdGUPPUFuC91JZUeFhjUnrK3NI2fLV5rP1bz9gYSRnKcRsCy0oVyRXzhyRY1Tx3UY8l9IqKPLQp6ebwiR9U339BORXmRBGzj-oSVvxndeWZnDYDEiAk8utNGn1JyuaGUBHrkTAzCEeLWkJrFuUIjUoV/s1600/intruder.png"/></item><item><title>Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware</title><description><![CDATA[A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer.
"Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a]]></description><link>https://thehackernews.com/2025/02/crazy-evil-gang-targets-crypto-with.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/crazy-evil-gang-targets-crypto-with.html</guid><pubDate>Mon, 03 Feb 2025 11:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTQCp_Bbsn6xY3bxwBfTSoTjxPMIFn1Gr-HUwsZrb8XXa39_XwdwvRB1pow5gCvlUMTsPB_YEOIFTzHfYYhHN5RKcoT008O5fUzH8AYlTAlp_SF0F6OvH-LWRv9wioFROToxLTtb_Kdg4x_xL1kAmrmt7g_UD4OKRipfiuQWX0qjNuDudd7-mUYV7h-w2N/s1600/crypto-malware.png"/></item><item><title>U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network</title><description><![CDATA[U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan.
The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker.
The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and]]></description><link>https://thehackernews.com/2025/02/us-and-dutch-authorities-dismantle-39.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/us-and-dutch-authorities-dismantle-39.html</guid><pubDate>Sat, 01 Feb 2025 13:44:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRZTLjGDImwINlCl8Laz5n7taKv-ulvZcF_3pBptLp4p4Nzja0kTPPP_J1u3N7GjszXsmMt1U3GpEXG9YtIF0qaA6-eadRsPQi-jaREAf6jszwmCUdtu1qsLVH7kdoH78gDDX122UKcYVAHAgUcsRvZT7qlQPrkh1ekcvpRWSc0uLZLvlFu8rd8bZwbh0m/s1600/fbi.png"/></item><item><title>BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key</title><description><![CDATA[BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key.
The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged]]></description><link>https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html</guid><pubDate>Sat, 01 Feb 2025 12:10:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWos5OunkTbvZAd89r_CSK8cWVYzq9otQJ6mUuh_1in_aUEcaSyoLruC_ItP6rB6S9iZEK2Wp9ROpVeoBhO9rmYtBPrw9euK-sC3YPg0fatZQiITtrb7z5FBXHjBSOO6gaMLggAVbT7q6fVJXSnOiZ9TUbSVjZQMkoIGAVUsF2fgtiJ1IlhBJi0ecHVnCF/s1600/beyondTrust-breach.png"/></item><item><title>Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists</title><description><![CDATA[Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members.
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.
In a statement to The Guardian, the encrypted messaging app said it has reached]]></description><link>https://thehackernews.com/2025/02/meta-confirms-zero-click-whatsapp.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/meta-confirms-zero-click-whatsapp.html</guid><pubDate>Sat, 01 Feb 2025 10:59:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgafd5BMVXI9MLSHACRH2p8Al_4KrIk3FA4UxUfP9ma9TFeft_GQx_YuA38oRQ1sDSnnkO_7Q0CYJaT39dJFBXi98O_-PuNsFquiVPL_DAp7OwcAFhPPV3WLWYX3NW7KPBRuLMZWt3Y3b0m3YI3FxUx5FBxB4NnWFfeSBzVZEJqTlWt1T8lS9rc0WSocJ-A/s1600/whatsapp.png"/></item><item><title>Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts</title><description><![CDATA[Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.
"These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jérôme Segura, senior]]></description><link>https://thehackernews.com/2025/02/malvertising-scam-uses-fake-google-ads.html</link><guid isPermaLink="false">https://thehackernews.com/2025/02/malvertising-scam-uses-fake-google-ads.html</guid><pubDate>Sat, 01 Feb 2025 08:52:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSmjvusalOsx5BY80bTBTB8ucS2cwAaDYYnT1DtwWLWesKVUVnyIr9zF9UQXHo3aew3wDOT03DoaDdTKHZ8TXol-sCUFS5D2O6iDI7hA6v5npXqF7IugbTYpAi-I5Ck3szRFVwZsaSLN8oKQz2KwngxTCcG1bK6Dmg1qNfrirvZJrtpclVVqETcLkMYjW5/s1600/malware-ads.png"/></item><item><title>CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors</title><description><![CDATA[The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors.
The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA]]></description><link>https://thehackernews.com/2025/01/cisa-and-fda-warn-of-critical-backdoor.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/cisa-and-fda-warn-of-critical-backdoor.html</guid><pubDate>Fri, 31 Jan 2025 18:40:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTrvYDG-vuXO-u8vmIfOgMMGIBDS1zaCHCIs6Kflr_mUmGxGZyWMeMWB-16u9XmL1OiP8c-n7v7VaXhzaD18KlpH4XWcSYnn1MdPHkHgm74VbKkudrDcuz_PTJWRgfYw5yt2PvfEiYbcafLZUQ3kSbBcpifDbQfOytjeovtKaxhE4x5DhN-QRfJCghw44N/s1600/cc.png"/></item><item><title>Top 5 AI-Powered Social Engineering Attacks</title><description><![CDATA[Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.]]></description><link>https://thehackernews.com/2025/01/top-5-ai-powered-social-engineering.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/top-5-ai-powered-social-engineering.html</guid><pubDate>Fri, 31 Jan 2025 16:45:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghHeUeBlQPIEk7bAhBzs6BcCykCAr_3hjM4hWS-nkV5Piu1HLjkTeUsPlDb3NPUSfQ7ltZE_JS6shegXyyDKtDXRrTIlerMDIpx-HuwMieFvy9gVwzZPSC9fZOvHRhVHc84JQByjiKGjrxXLWWqXOT8OpWZtBgFxJBtVy0Kh13u5cj9yNRLpp_AoXZLji9/s1600/arsen.png"/></item><item><title>Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns</title><description><![CDATA[Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data.
The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.
In particular, it wanted]]></description><link>https://thehackernews.com/2025/01/italy-bans-chinese-deepseek-ai-over.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/italy-bans-chinese-deepseek-ai-over.html</guid><pubDate>Fri, 31 Jan 2025 16:34:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdnjIwm3UwRbdb8rxaPpDrsLi371o_nxzWnG165xXbCB1hV0CLaHAarFQ5jvoUxe7WVvBREiB-9MBR17BH89Ega8ECLRpo3MOvNINfqicXCpC3BZvQX8IV4lJ92OdM1DhcHxq37RxnnLDgDW06VtZZ7eMJ-A0BK8KxUEStJboKe-f8uTjtajUIoLGz0XEQ/s1600/deepseek-banned.png"/></item><item><title>Google Bans 158,000 Malicious Android App Developer Accounts in 2024</title><description><![CDATA[Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with]]></description><link>https://thehackernews.com/2025/01/google-bans-158000-malicious-android.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/google-bans-158000-malicious-android.html</guid><pubDate>Fri, 31 Jan 2025 16:15:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_Elf2wrh_DF7cmG6f3ZtYqfsEImwbRkaXkp4cYpWOgIJiOirgmP-9-MOdMmEQnDG1M3F1YcxepEIacLGBLpNByG2lamzd3eV-b5-dSDzMiV3N5XEGvbJc3kH7nOJape3nAqDIn3pRqmzvf9vnz_hMAGitV1O2ctCeg1osqzeHrpTkpmFAMP6veYN8tXxk/s1600/android.png"/></item><item><title>Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft</title><description><![CDATA[Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.
The list of identified flaws, which impact versions 8.x of the software, is below -

CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin]]></description><link>https://thehackernews.com/2025/01/broadcom-patches-vmware-aria-flaws.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/broadcom-patches-vmware-aria-flaws.html</guid><pubDate>Fri, 31 Jan 2025 11:19:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAr1Y9l4kdYHx04d_GIBEOhubDjKP8zTq_YOI2N4DwAgbqbjPO4oH-wujlOFIvdOz43bCXL2sKKLQLYlNUUZp3lVJJiviLZ_JByaK4scxX3z4_jeSuUbw1cuqusLCtGR3G8TrrC0adfzPfzgOHAUI1nv_3yUm2tQSpDQoA_oaAD8FjDvB8XQXUbvVPY-5e/s1600/vmware.png"/></item><item><title>Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations</title><description><![CDATA[Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations.
"Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat]]></description><link>https://thehackernews.com/2025/01/google-over-57-nation-state-threat.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/google-over-57-nation-state-threat.html</guid><pubDate>Thu, 30 Jan 2025 21:55:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEharuUN6L-hOMgtnJXHsbPVih8SywzfSuDUyiHGl_R1hytYL9EFCm_XdgUxI_dG-FTB3IZWawq9XugkJfgB7PHg2HgYvhyphenhyphen3-hbN0U9jsVkgLMmm-0SPLUGAk6vS0eAjRt18I_o8BF28UrVBy5NE5c5eMhvaSYRBwvk2cg1olh-K7cOS6vYCyEihYtliL5QO/s1600/ai-cybercrime.png"/></item><item><title>Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown</title><description><![CDATA[An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP.
The effort, which took place between January 28 and 30, 2025, targeted the following domains -

www.cracked.io
www.nulled.to
www.mysellix.io
www.sellix.io
www.starkrdp.io

Visitors to these websites are now greeted by a]]></description><link>https://thehackernews.com/2025/01/authorities-seize-domains-of-popular.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/authorities-seize-domains-of-popular.html</guid><pubDate>Thu, 30 Jan 2025 18:45:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCsKCw66b5LvAIATfLg2kFDB9Hx2gNjYHdtjcgbb0O9E0BM15k4fxehfWCvlVqQJ3IjXxaQFFLgoWDyyT0PcOvuObiySLIUiPB8HEQxMTTRFITL06Yop07wruvn5x9lovm0rpmegao38RU8YrKTi5Cw9EjkNXxO9IdiKo0UlO8HUYhzGZRRqDooRPFwBDP/s1600/forums.png"/></item><item><title>Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter</title><description><![CDATA[Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution.
The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in]]></description><link>https://thehackernews.com/2025/01/lightning-ai-studio-vulnerability.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/lightning-ai-studio-vulnerability.html</guid><pubDate>Thu, 30 Jan 2025 18:03:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0xEQmfEtLx8L2zyl99rtf9XSBdRhK2Bp5czsQR4PJ6xb3laviWEm8Y7VlyfppUezvl-lxix6Sy-PTa3rCjIWJN7SpL3ljKDBefIv6Vs89YkqWGkVp_pgDf9zhzKImKpHoxFywNjKBD-tdLkK4m9T1JftKsG_4ttkCqdySmnl12TRbg44oF69xFilC_1tk/s1600/ai.png"/></item><item><title>SOC Analysts - Reimagining Their Role Using AI</title><description><![CDATA[The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.]]></description><link>https://thehackernews.com/2025/01/soc-analysts-reimagining-their-role.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/soc-analysts-reimagining-their-role.html</guid><pubDate>Thu, 30 Jan 2025 16:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh11fiW3omZ5EqScHjybwmUSSAG7dA2wannsnSV-FmXvb3pD5-G0QvbLtVMqpaVaP-f8T10T_PzE4YjgIGHw1SkL3noE2ttE9MC71QcwIGqvhzHHzt1UV-O_pMQR36CaI9INabH6sCIcZwPZlzlZu2O9ZX9BdUEp5ilNX5OR6xPxAXsyD87jWfS2ynESbI/s1600/soc-ai.png"/></item><item><title>DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked</title><description><![CDATA[Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.
The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal]]></description><link>https://thehackernews.com/2025/01/deepseek-ai-database-exposed-over-1.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/deepseek-ai-database-exposed-over-1.html</guid><pubDate>Thu, 30 Jan 2025 15:39:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl0nP3wD3UGFX0Lsg7dbi7N21AxNIK6jjR_Rs9eLzwoKem-ORdABiWtAZZ9x9HeL6_B-piJKXSdbGpqMHiEeD8fPWjPg4sZmS_T194r749jQOnXRHBZ26QdiB3YhhVEQkb7pXOJ3CVGIsiL_xmV6HAk-xWfPf-SwrXUneummi59z0d8Etog5mL_hapaxZX/s1600/deepseek.png"/></item><item><title>Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits</title><description><![CDATA[Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
"When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week.

The]]></description><link>https://thehackernews.com/2025/01/unpatched-php-voyager-flaws-leave.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/unpatched-php-voyager-flaws-leave.html</guid><pubDate>Thu, 30 Jan 2025 12:51:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6kymT-c3cYpG0qFkFsq3itilUzbX1DX3MFDBHh1DkK9Bdcj2I5kAD1BbvLtqJ5fxkRnc0BXyoCp6uNEEBarxx4Rx8G6_hN3AhyfB3uRO-ALHUwPJGWpvhSOkvtTYrRzBA30AVtlQLMP1NoOsb4lhKTCbwY7qa2HJ7s1Lj9MVVBREi_1iU6I5Zp5AzIpB7/s1600/php.jpg"/></item><item><title>New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks</title><description><![CDATA[A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks.
The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor]]></description><link>https://thehackernews.com/2025/01/new-aquabot-botnet-exploits-cve-2024.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/new-aquabot-botnet-exploits-cve-2024.html</guid><pubDate>Thu, 30 Jan 2025 12:11:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-M6UqYWdNCG0-LFtsztfYx160KlnKTg4jfHmHfh8NtLsLcrfbXFR2JEtjdD3VlItoDCSzyVPQO3BwfCpZnpIaV35kzkbQX8ZWnohypv0n8_P4bFJLh8d9uJUtC1YSfD1t8sBGLfzdzR3PWmGvFPVQXv3R1WIm9loaSphqwe5YgJB_uT6axQAmou0W0wOb/s1600/botnet.png"/></item><item><title>Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks</title><description><![CDATA[The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
"Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's]]></description><link>https://thehackernews.com/2025/01/lazarus-group-uses-react-based-admin.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/lazarus-group-uses-react-based-admin.html</guid><pubDate>Wed, 29 Jan 2025 22:26:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioe9_DdBh61h2ObYzLJdUUGVOzFIU2LEpPMtOt_dKHD1gVSHrEn_uZygiWIKqozKUcwrQITPiN-Furxj0CuoMNw9GHvbO0gLJBFWZx4gCyPmfNoaXU8MpSnk-7ybKMLmRHT9xjDMZI5O5rB55YntJ8Qhn9fBSP4zXsijKxx2UIe3koLvNA6-6F4F83HHb9/s1600/korea.png"/></item><item><title>AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts</title><description><![CDATA[Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity.
Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing]]></description><link>https://thehackernews.com/2025/01/ai-in-cybersecurity-whats-effective-and.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/ai-in-cybersecurity-whats-effective-and.html</guid><pubDate>Wed, 29 Jan 2025 17:16:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkYcStwWG6NH3uOfd_vAYvi2HH-lp8jde6NlUWuNZZIGYc393RwHqyM3_24uAcOCp9c5iZEqHMaWxn0-v084taKhnyXS3x698HJTVOOBoCviHRE37aJ1DK_pyDc_VqgYIkEIK8GuErsH30Y542-UqH0X0O1Y61SIVXxKBk7tL0nibMF-ovqDIyFTY810Y/s1600/ai.png"/></item><item><title>New SLAP &amp; FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits</title><description><![CDATA[A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.
The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the]]></description><link>https://thehackernews.com/2025/01/new-slap-flop-attacks-expose-apple-m.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/new-slap-flop-attacks-expose-apple-m.html</guid><pubDate>Wed, 29 Jan 2025 16:19:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTvBVAybIB85F469Aaok9DQ4M2OOyKK_rEoXhBgPBnnWCED5WLOQgR7L1kxcXYG57Q7A48sLN2XsZBaHs5ySVNwvIhrtlxwniOmjFt6qnOaeXXorgoNWvKRlrIxe3ZlCYhd26UixkIsbl1_6lyIsKWXk4qPvohnOSswtfxSZWgzyexqzTDbSe4XLuHLbSo/s1600/apple-chip.png"/></item><item><title>How Interlock Ransomware Infects Healthcare Organizations</title><description><![CDATA[Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.&nbsp;
This breach shows just how deeply ransomware]]></description><link>https://thehackernews.com/2025/01/how-interlock-ransomware-infects.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/how-interlock-ransomware-infects.html</guid><pubDate>Wed, 29 Jan 2025 16:00:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVQ8YKrmPcezu-ULa0vS9tgmgBCj9b0B7Sxkhr0tCAN1U-1XJC6xHwVX9rVfQw7sG4MhjIrUrqiPMjaM3ojCrbqLz0B_KfIwKl2yaGwogAD3GssKqOcjNS15uoyDl3B99sonW7ARDATI3Rsz43fPlTCU-DkGJHcWQRvDkhtUpakOKS86EKEIDVKdAiQn4/s1600/interlock.png"/></item><item><title>Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution</title><description><![CDATA[A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.
The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.
"Due to a flaw in the multi-line SNMP result parser, authenticated users can inject]]></description><link>https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html</guid><pubDate>Wed, 29 Jan 2025 15:51:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyM0PAO1K325RHKQ4eE9kRzqG01SrVejtvtI_eQn9bTjoHXg0IK4efEEmBxd63TlTyzYPPvefc-T9vThdy2RETMb1eQbn2TyYAqX7CP44EkuUbbT6Jb5BjEz5KcJSdE4ybrxnVCAdaZJLzwC9RsB3XNEo93s8d82lnxgloMT2u8dMxhagjUVl8LLSnvHWa/s1600/Cacti.png"/></item><item><title>UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents</title><description><![CDATA[The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
"This research focuses on completing the picture of UAC-0063's operations, particularly documenting their expansion beyond their initial focus on Central Asia,]]></description><link>https://thehackernews.com/2025/01/uac-0063-expands-cyber-attacks-to.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/uac-0063-expands-cyber-attacks-to.html</guid><pubDate>Wed, 29 Jan 2025 11:22:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidHFyDi2-hRFa-5P1oY8GchnEZcvErDgXCSY6-r4vEazNI4lYg27sLPLt5qAEQukB5gAaay7YvuFtj_bw_HfwaSFQoynstB97gz0mEn3l5_N7ORejb_btcs217-0dUr8JWf9Tahtx5CZ6ZAxU80MgH5S5sHSkmap-7Cj5cTbJeJTxtaUJNlOPeqP8xj52J/s1600/malware-attack.png"/></item><item><title>Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer</title><description><![CDATA[Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access.
The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.
"A malicious user with network access may be able to use specially crafted SQL queries to gain database]]></description><link>https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html</guid><pubDate>Wed, 29 Jan 2025 10:59:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjptQFf-ACUGdZwWfIEHLT9KpTkeXgrzbIFbbbC0ncrmrsA36dR0iW-qGJMItS0bbujGQ_yVon7eBoQx8JhXu0cDpClNXbUBblitsOje3UoTTFaqSve0qCnb0vP_EkUoP1ghMNDT25HvQpKe37YjsNnSf-2MOzcjqUrqtU106neAEhs8FSGc2_6kSLoxZ0C/s1600/load-balancer.png"/></item><item><title>Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability</title><description><![CDATA[Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.
"Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert]]></description><link>https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html</guid><pubDate>Wed, 29 Jan 2025 10:41:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL3h_DlAFfDqWj3NCEVbw6rWHIKO-ZYcT820PTVpaTK-mlEIYNLtEbddFEncv0ciY1veVWzBpBPjQ3pgwNsWJEzV3ugTTX46CkaOqFfqRwaSR26X6kjaN5cHyc5PGD-mWT8PTDyRwmfJH9fuAj-O6ROBSZk52fXv1efOsfLF4xnkhm6BKPzXc0iPxiiyD8/s1600/zyxel.png"/></item><item><title>PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks</title><description><![CDATA[A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.
The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so]]></description><link>https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html</guid><pubDate>Tue, 28 Jan 2025 22:04:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-XDknRCKEi7D29QWiXt3-bqZF5H6GurCrcmD9OW1sGWQWGZNUwxZ0O1yzCLHGpc0rG9laJFmE-ql-EnEWppRHINSRA9Qq72DJNb2p-y8OeZF2_T4Lxkm2py8kzV-lYpZuKXSvDGSrfi6wglbEDMyCpqGK_210u6CwgQuhUHaMKyCNq0sjNgP165xwPHD2/s1600/code.jpg"/></item><item><title>OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking</title><description><![CDATA[Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals.
"By exploiting this flaw, attackers can gain unauthorized access to any user&rsquo;s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf &ndash; including]]></description><link>https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html</guid><pubDate>Tue, 28 Jan 2025 19:32:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOUXv0_yk3eX2sxUfvsaae4dCPlljV8zmAVJl6RDy6m5fdqUWhSRmrvcMUvKZVSkbmKroQe40-YTjFcvFha4X2f38Dg6-ACzHqalZyNORNDkV8SE2m79R2obx5HQCR4j0fd0tacRZmrcEOIshrkLfSSwQ-WUiNd7HfwEHOjW6MsDRNhj4zAElsTMjN5eI2/s1600/airline.png"/></item><item><title>AI SOC Analysts: Propelling SecOps into the future</title><description><![CDATA[Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses.
Security]]></description><link>https://thehackernews.com/2025/01/ai-soc-analysts-propelling-secops-into.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/ai-soc-analysts-propelling-secops-into.html</guid><pubDate>Tue, 28 Jan 2025 16:50:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqdVWi79z90SzdOv1RNNtrpIM90omrAxJsb3klJTfJ9Gu-GLZc51Vuw4bp71aqgFOV2AiWfrMUlP9L1FN1gPyoznnuBDkz8ZmyPaNw3RHsiNK3GVoEZlBSd1O1J3AG5PGPOcQNqXqtq1NYIUPwp43JMISX92namybc1gEDZ4Hn6anGosmwdYkl4LByYOs/s1600/ai-soc.jpg"/></item><item><title>Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations</title><description><![CDATA[Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar.
"ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia]]></description><link>https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html</link><guid isPermaLink="false">https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html</guid><pubDate>Tue, 28 Jan 2025 16:31:00 +0530</pubDate><author>info@thehackernews.com (The Hacker News)</author><enclosure length="12216320" type="image/jpeg" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHbuAemk6xq6i6aXXyKpxryeYpHaI1oG4AgM9cUrnkRr6bgLZqOfcvJUMwMqpTSLa8nMUnOT7Wor1SCKvKGMZdvfjQK3ojmeGdN1jQCK4khO0JncIFOL1S4hdFJd28hKogupixw7zUQFiuxfnrCsIzJ4Dwxivuztj7fX-I2SO6yLfJAFDZu2OAyUggO16X/s1600/ransomware.png"/></item></channel></rss>