Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Feb 17, 2025Ravie LakshmananEndpoint Security / Malware Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part…
Category: TheHackerNews
South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
Feb 17, 2025Ravie LakshmananArtificial Intelligence / Data Protection South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country…
CISO’s Expert Guide To CTEM And Why It Matters
Feb 17, 2025The Hacker NewsEnterprise Security / Attack Simulation Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why…
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
Feb 17, 2025Ravie LakshmananThreat Intelligence / Cyber Attack Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for…
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
Feb 15, 2025Ravie LakshmananMobile Security / Technology Google is working on a new security feature for Android that blocks device owners from changing sensitive settings…
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an…
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript…
RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally
The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to…
Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts
Feb 14, 2025Ravie LakshmananEnterprise Security / Cyber Attack Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to…
AI-Powered Social Engineering: Ancillary Tools and Techniques
Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and…
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Feb 14, 2025Ravie LakshmananZero-Day / Vulnerability Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote…
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
Feb 13, 2025Ravie LakshmananWeb Security / Cloud Security A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery…