Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
Jan 22, 2025The Hacker NewsRisk Assessment / Browser Security As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks…
Month: January 2025
EIAT Role In 2025 Australian Election
As Australia prepares for its 2025 federal election, concerns surrounding the integrity of the electoral process have become a focal point. The Electoral Integrity Assurance…
China Hackers Compromised VPN Service Provider in Supply-Chain Attack
A sophisticated supply-chain attack targeting a South Korean VPN provider. The attack has been attributed to a previously undisclosed China-aligned Advanced Persistent Threat (APT) group,…
Ex-CIA analyst pleaded guilty For Leaking Top Secret National Defense Information
A former CIA analyst, Asif William Rahman, has pleaded guilty to charges of retaining and transmitting Top Secret National Defense Information to unauthorized recipients. This…
Europol seeks evidence of encryption on crime enforcement as it steps-up pressure on Big Tech
European Union member states have been asked to gather examples of how encryption technologies are frustrating criminal investigations as police and governments step-up demands for lawful…
Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack
Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack Pierluigi Paganini January 22, 2025 Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed…
Threat Actors Delivering Ransomware Via Microsoft Teams Using Voice Calls
Sophos Managed Detection and Response (MDR) has uncovered two distinct ransomware campaigns exploiting Microsoft Teams to gain unauthorized access to targeted organizations. The threat actors,…
Weaponized VS Code Impersonate Zoom App Steals Cookies From Chrome
A newly identified extension for Visual Studio Code (VS Code) has been found to impersonate a legitimate Zoom application, enabling cybercriminals to steal sensitive cookies…
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private…
318 Vulnerabilities Patched in January 2025 Oracle Critical Security Update
Oracle has released its January 2025 Critical Patch Update (CPU), addressing 318 newly discovered security vulnerabilities across its extensive product portfolio. This quarterly update underscores…
SQL Injection Vulnerability in Microsoft’s DevBlogs Lets Hackers Injecting Malicious SQL
In a recent discovery, a security researcher uncovered a critical SQL injection vulnerability on Microsoft’s DevBlogs website (accessible at https://devblogs.microsoft.com). This vulnerability could allow attackers to…
A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature
A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature Pierluigi Paganini January 22, 2025 A vulnerability in the 7-Zip file software…