#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Cyber Threat | Breaking Cybersecurity News | The Hacker News

Category — Cyber Threat
AI-Powered Social Engineering: Reinvented Threats

AI-Powered Social Engineering: Reinvented Threats

Feb 07, 2025 Artificial Intelligence / Cybercrime
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It's the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks: using a trusted identity Traditional forms of defense were already struggling to solve social engineering, the 'cause of most data breaches' according to Thomson Reuters. The next generation of AI-powered cyber attacks and threat actors can now launch these attacks with unprecedented speed, scale, and realism.  The old way: Silicone masks By impersonating a French government minister, two fraudsters were able to extract over €55 million from multiple victims. During video calls, one would wear a silicone mask of Jean-Yves Le Drian. To add a layer of believability, they also sat in a rec...
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

Feb 03, 2025 Vulnerability / Network Security
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were publicly disclosed. This marks a slight decrease from 2023's 26.8%, indicating that exploitation attempts can take place at any time in a vulnerability's lifecycle. "During 2024, 1% of the CVEs published were reported publicly as exploited in the wild," VulnCheck's Patrick Garrity said in a report shared with The Hacker News. "This number is expected to grow as exploitation is often discovered long after a CVE is published." The report comes over two months after the company revealed that 15 different Chinese hacking groups o...
What Is Attack Surface Management?

What Is Attack Surface Management?

Feb 03, 2025Attack Surface Management
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. In this guide, we look at why attack surfaces are growing and how to monitor and manage them properly with  tools like Intruder . Let's dive in. What is your attack surface? First, it's important to understand what we mean when we talk about an attack surface. An attack surface is the sum of your digital assets that are 'reachable' by an attacker – whether they are secure or vulnerable, known or unknown, in active use or not. You can also have both internal and external attack surfaces - imagine for example a malicious email attachment landing in a colleague's inbox, vs a new FTP server being...
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Jan 23, 2025 Cloud Security / Cryptojacking
Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th Threat Horizons Report . TRIPLESTRENGTH engages in a trifecta of malicious attacks, including illicit cryptocurrency mining, ransomware and extortion, and advertising access to various cloud platforms, such as Google Cloud, Amazon Web Services, Microsoft Azure, Linode, OVHCloud, and Digital Ocean, to other threat actors. Initial access to target cloud instances is facilitated by means of stolen credentials and cookies, some of which originate from Raccoon information stealer infection logs. The hijacked environments are then abused to create compute resources for mining cryp...
cyber security

Practical, Tactical Guide to Securing AI in the Enterprise

websiteTinesEnterprise Security / AI Security
Supercharge your organization's AI adoption strategy, and go from complex challenges to secure success.
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

Jan 21, 2025 Malware / Cyber Threat
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to exploit user trust. "It is important to note that CERT-UA may, under certain circumstances, use remote access software such as AnyDesk," CERT-UA said . "However, such actions are taken only after prior agreement with the owners of objects of cyber defense through officially approved communication channels." However, for this attack to succeed, it's necessary that the AnyDesk remote access software is installed and operational on the target's computer. It also requires the attacker to be in possession of the target's AnyDesk identifier , suggesting th...
U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns

U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns

Jan 04, 2025 Cyber Espionage / IoT Botnet
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or RedJuliett ), which was outed last year as operating an Internet of Things (IoT) botnet called Raptor Train . The hacking crew has been active since at least mid-2021, targeting various entities across North America, Europe, Africa, and across Asia. Attacks mounted by Flax Typhoon have typically leveraged known vulnerabilities to gain initial access to victims' computers and then make use of legitimate remote access software to maintain persistent access.  The Treasury Department described Chinese malicious cyber actors as one of the "most active and most persistent threats to U.S. nati...
The Future of Network Security: Automated Internal and External Pentesting

The Future of Network Security: Automated Internal and External Pentesting

Dec 10, 2024 Vulnerability / Perimeter Security
In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay ahead of attackers with cost-effective, frequent, and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests  Effective cybersecurity requires addressing threats from both inside and outside your organization. Automated solutions streamline this process, enabling IT teams to implement a holistic and proactive defense strategy. Internal Pentesting: Securing the Core Internal pentesting simulates an attacker operating within your network, exposing vulnerabilities such as insider threats, compromised credentials, or breaches through physical or ...
Ongoing Phishing and Malware Campaigns in December 2024

Ongoing Phishing and Malware Campaigns in December 2024

Dec 10, 2024 Malware Analysis / Cyber Threat
Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats.  Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems  The analyst team at ANY.RUN recently shared their analysis of an ongoing zero-day attack . It has been active since at least August and still remains unaddressed by most detection software to this day. The attack involves the use of intentionally corrupted Word documents and ZIP archives with malicious files inside. VirusTotal shows 0 detections for one of the corrupted files Due to corruption, security systems cannot properly identify the type of these files and run analysis on them, which results in zero threat detections. Word will ask the user if they want to restore a corrupted file Once these fi...
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

Nov 21, 2024 Malware / Cyber Fraud
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and managing payments," SentinelOne security researchers Tom Hegel and Dakota Cary said in a report shared with The Hacker News. North Korea's network of IT workers, both in an individual capacity and under the cover of front companies, is seen as a technique to evade international sanctions imposed on the country and generate illicit revenues. The global campaign, which is also tracked as Wagemole by Palo Alto Networks Unit 42, entails using forged identities to obtain employment at various companies in the U.S. and elsewhere, and send back a huge portion of their wages bac...
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

Nov 19, 2024 Botnet / IoT Security
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at Lumen Technologies said in a report shared with The Hacker News. "Two-thirds of these proxies are based in the U.S." "The network maintains a daily average of roughly 35,000 working bots, with 40% remaining active for a month or longer." Ngioweb, first documented by Check Point way back in August 2018 in connection with a Ramnit trojan campaign that distributed the malware, has been the subject of extensive analyses in recent weeks by LevelBlue and Trend Micro , the latter of which is tracking the financially motivated threat actor behind the operation as Wate...
Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Nov 19, 2024 Insider Threat / Credential Security
Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To prevent trust from becoming a liability, the next step in securing privileged access must become a critical focus. In this blog, we explore why managing privileged access alone is insufficient and provide actionable insights to help you craft a security-first strategy for privileged access. The Evolution of PAM Privileged Access Management (PAM) has long been a cornerstone of securing an organization's privileged users and critical resources. PAM's primary goal is to control, monitor, and safeguard privileged accounts, which often have elevated access to critical systems and data. These accou...
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Nov 12, 2024 Email Security / Threat Intelligence
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub profiles and send bulk emails directly to user inboxes. "Whether you're aiming to reach a specific audience or expand your outreach, GoIssue offers the precision and power you need," the threat actor claimed in their post. "GoIssue can send bulk emails to GitHub users, directly to their inboxes, targeting any recipient." SlashNext said the tool marks a "dangerous shift in targeted phishing" that could act as a gateway to source code theft, supply chain attacks, and corporate network breaches via compromised developer credentials. "Armed with this inform...
The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

Nov 08, 2024 Cyber Resilience / Compliance
We've all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective solution, and giving SMBs access to strategic security leadership.  For MSPs and MSSPs this shift represents both a challenge and an opportunity. Over 94% of service providers recognize the increasing need for vCISO services, yet, over 25% of providers report lacking the cybersecurity and compliance expertise needed to offer vCISO services.  This gap is exactly why the vCISO Academy was created —to empower service providers with the knowledge and skills they need to thrive in this evolving landscape.  The vCISO Academy is a free, professional learning platform designed to equip ...
5 Most Common Malware Techniques in 2024

5 Most Common Malware Techniques in 2024

Nov 07, 2024 Malware Analysis / Windows Security
Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN's Q3 2024 report on malware trends, complete with real-world examples. Disabling of Windows Event Logging (T1562.002) Disrupting Windows Event Logging helps attackers prevent the system from recording crucial information about their malicious actions. Without event logs, important details such as login attempts, file modifications, and system changes go unrecorded, leaving security solutions and analysts with incomplete or missing data. Windows Event Logging can be manipulated in different ways, including by changing registry keys or using commands like "net stop eventlog". Altering group policies is another common method. Since many detection mechanisms rely on log analysis to identify s...
Expert Insights / Articles Videos
Cybersecurity Resources