The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs' Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a larger and larger role, the latest data suggests that a set of well-known tactics, techniques, and procedures (TTPs) are still dominating the field. The hype around artificial intelligence has certainly been dominating media headlines; yet the real-world data paints a far more nuanced picture of which malware threats are thriving, and why. Here's a glimpse at the most critical findings and trends shaping the year's most deployed adversarial campaigns and what steps cybersecurity teams need to take to respond to them. Why the AI Hype is Falling Short…at Least For Now While headl...

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589 , the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the company said in an advisory. The vulnerability impacts the following products and versions - Session Smart Router: From 5.6.7 before 5.6.17, from 6.0.8, from 6.1 before 6.1.12-lts, from 6.2 before 6.2.8-lts, and from 6.3 before 6.3.3-r2 Session Smart Conductor: From 5.6.7 before 5.6.17, from 6.0.8, from 6.1 before 6.1.12-lts, from 6.2 before 6.2.8-lts, and from 6.3 before 6.3.3-r2 WAN Assurance Managed R...

The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug , which has been assessed to be a subset within the APT41 cyber espionage group. It's also monitored by Cybereason under the name  Operation CuckooBees , and by Symantec as Blackfly. APT41 has been described as a highly skilled and methodical actor with the ability to mount espionage attacks as well as poison the supply chain. Its campaigns are often designed with stealth in mind, leveraging a bevy of tactics to achieve its goals by using a custom toolset that not only bypasses security software installed in the environment, but also harvests critical information and establishes covert channels for persistent remote access. "The group...

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol ( LDAP ) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP device to send authentication credentials back to the malicious actor," Rapid7 security researcher Deral Heiland said . "If a malicious actor can successfully leverage these issues, it would allow them to capture credentials for Windows Active Directory. This means they could then move laterally within an organization's environment and compromise other critical Windows servers and file systems." The identified vulnerabilities, which affect firmware versions 57.69.91 and earlier, are listed below - CVE-2024-12510 (CVSS score: 6.7) - Pass-back attack via LDAP CVE-202...

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to employ a wide range of techniques – both on client- and server-side – to compromise websites and deploy credit card skimmers to facilitate theft. Typically, such malware is only triggered or loaded when users visit the checkout pages to enter credit card details by either serving a fake form or capturing the information entered by the victims in real time. The term MageCart is a reference to the original target of these cybercrime groups, the Magento platform that offers checkout and shopping cart features for online retailers. Over the years, such campaigns adapted their tactics by conce...

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to this malware family's previously known capabilities, like targeting digital wallets, collecting data from the Notes app, and exfiltrating system information and files." XCSSET is a sophisticated modular macOS malware that's known to target users by infecting Apple Xcode projects. It was first documented by Trend Micro in August 2020. Subsequent iterations of the malware have been found to adapt to compromise newer versions of macOS as well as Apple's own M1 chipsets. In mid-2021, the cybersecurity company noted that XCSSET had been updated to exfiltrate d...

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains accessible. The agency said it commenced its own analysis of DeepSeek right after its launch and that it "identified some shortcomings in communication functions and personal information processing policies with third-party service providers." DeepSeek is said to have recently appointed a local representative, per PIPC, with the company also acknowledging it had failed to take into consideration domestic privacy laws when launching the service.  To that end, downloads of DeepSeek are being paused until the company implements the necessary improvements that bring the service in compliance...

Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM's comprehensive approach is the best overall strategy for shoring up a business's cyber defenses in the face of evolving attacks. It also presents a real-world scenario that illustrates how the business would fare against a formjacking attack under three security frameworks - Vulnerability Management (VM), Attack Surface Management (ASM), and CTEM. With VM, the attack might go unnoticed for weeks. With CTEM, simulated attacks detect and neutralize it before it starts. Reassuringly, it also explains that CTEM builds on a business's current VM and ASM solutions rather than requiring them to jettison anything they currently use. But first— What is CTEM? In response to increasingly sophisticated cyberattacks, Gartner introduced ...

Welcome to this week's Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack Microsoft Accounts — Microsoft and Volexity have revealed that threat actors with ties to Russia are leveraging a technique known as device code phishing to gain unauthorized access to victim accounts, and use that access to get hold of sensitive data and enable persistent access to the victim environment. At least three different Russia-linked clusters have been identified abusing the technique to date. The attacks entail sending phishing emails that masquerade as Microsoft Teams meeting invitations, which, when clicked, urge the message recipients to authenticate using a threat actor-generated dev...

Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis published last week. "Although the malware seems to still be under development it is completely functional." Once launched, the backdoor is designed to check if it's running under a specific location and using a specific name – "C:\Windows\Temp\svchost.exe" – and if not, it reads its own contents, writes them to that location, and creates a new process to launch the copied version and terminate itself. A notable aspect of the malware is that it uses an open-source library that offers Golang bindings for the Telegram Bot API for C2 purposes. This involves...

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt to do so during phone calls are served the message: "Scammers often request this type of action during phone call conversations, so it's blocked to protect you. If you are being guided to take this action by someone you don't know, it might be a scam." Furthermore, it blocks users from giving an app access to accessibility services over the course of a phone call. The feature is currently live in Android 16 Beta 2, which was released earlier this week. With this latest addition, the idea is to introduce more friction to a tactic that has been commonly abused by maliciou...