The State of Web Exposure 2025
Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures…
Category: TheHackerNews
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
Jan 23, 2025Ravie LakshmananVulnerability / Network Security SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances…
How to Eliminate Identity-Based Threats
Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based…
QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
Jan 23, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors…
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
Jan 23, 2025Ravie LakshmananCloud Security / Cryptojacking Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of…
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
Jan 22, 2025Ravie LakshmananCybersecurity / National Security The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland…
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry…
President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
Jan 22, 2025Ravie LakshmananDark Web / Cryptocurrency U.S. President Donald Trump on Tuesday granted a “full and unconditional pardon” to Ross Ulbricht, the creator of…
Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
Jan 22, 2025The Hacker NewsRisk Assessment / Browser Security As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks…
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private…
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
Jan 22, 2025Ravie LakshmananVulnerability / Enterprise Security Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security…
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device
Jan 22, 2025Ravie LakshmananBotnet / Network Security Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second…