#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Jan 10, 2025 Cryptomining / Malware
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said . "Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominer XMRig." The Texas-based company said it discovered the malicious campaign on January 7, 2025, and that it's "aware of scams involving false offers of employment with CrowdStrike." The phishing email lures recipients by claiming that they have been shortlisted for the next stage of the hiring process for a junior developer role, and that they need to join a call with the recruitment team by downloading a customer relationship management (CRM) tool provided in the embedd...
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Jan 09, 2025 Vulnerability / Endpoint Security
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and delete arbitrary files on the Expedition system," the company said in an advisory. "These files include information such as usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software." Expedition, a free tool offered by Palo Alto Networks to facilitate migration from other firewall vendors to its own platform, reached end-of-life (EoL) as of December 31, 2024. The list of flaws is as follows - CVE-2025-0103 (CVSS score: 7.8) - An SQL injection vulnerability that enables an authenticated attacker to reveal Expedition...
Don't Overlook These 6 Critical Okta Security Configurations

Don't Overlook These 6 Critical Okta Security Configurations

Feb 10, 2025Identity Security / Data Protection
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. Recently, Okta warned its customers of an increase in phishing social engineering attempts to impersonate Okta support personnel. Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with how continuous monitoring of your Okta security posture helps you avoid miscon...
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption

New Banshee Stealer Variant Bypasses Antivirus with Apple's XProtect-Inspired Encryption

Jan 09, 2025
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer . "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to bypass antivirus systems, posing a significant risk to over 100 million macOS users globally." The cybersecurity company said it detected the new version in late September 2024, with the malware distributed using phishing websites and fake GitHub repositories under the guise of popular software such as Google Chrome, TradingView, Zegent, Parallels, Solara, CryptoNews, MediaKIT, and Telegram. Banshee Stealer was first documented in August 2024 by Elastic Security Labs. Offered under a malware-as-a-service (MaaS) model to other cybercriminals for $3,000 a month, it'...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Learn how CUAs like OpenAI Operator can be used by attackers to automate account takeover and exploitation.
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Jan 09, 2025 AI Security / SaaS Security
As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a customer support person using Agentic AI to automate tasks – without going through the proper channels. When these tools are used without IT or the Security team's knowledge, they often lack sufficient security controls, putting company data at risk. Shadow AI Detection Challenges Because shadow AI tools often embed themselves in approved business applications via AI assistants, copilots, and agents they are even more tricky to discover than traditional shadow IT. While traditional shadow apps can be identified through network monitoring methodologies that scan for unauthorized connections based on...
 MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

Jan 09, 2025 Cybersecurity / Malware
Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan's national security and advanced technology, the agencies said . MirrorFace, also tracked as Earth Kasha, is assessed to be a sub-group within APT10. It has a track record of systematically striking Japanese entities, often leveraging tools like ANEL, LODEINFO, and NOOPDOOR (aka HiddenFace). Last month, Trend Micro revealed details of a spear-phishing campaign that targeted individuals and organizations in Japan with an aim to deliver ANEL and NOOPDOOR . Other campaigns observed in recent years have also been directed against Taiwan and India. According to NPA and NCSC, attacks mounted by Mirror...
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Jan 09, 2025 Data Protection / Encryption
Ransomware isn't slowing down—it's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection. The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join Emily Laufer , Director of Product Marketing at Zscaler, for an eye-opening session, " Preparing for Ransomware and Encrypted Attacks in 2025 " filled with practical insights and cutting-edge strategies to outsmart these evolving threats. What You'll Learn: ThreatLabz Insights: Get the latest findings from Zscaler's experts on ransomware and encrypted attacks, including the trends making the biggest impact. 2025 Predictions: Find out how ransomware groups are refining their tactics to stay one step ahead—and what you can do to stop them. Encrypted DNS Attacks: Learn how cyb...
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Jan 09, 2025 Vulnerability / Threat Intelligence
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875 , refers to a carriage return line feed ( CRLF ) injection attack, paving the way for HTTP response splitting , which could then lead to a cross-site scripting (XSS) flaw. Successful exploitation of the 1-click RCE flaw permits an attacker to inject malicious inputs into HTTP response headers by introducing carriage return (\r) and line feed (\n) characters.  The flaw impacts KerioControl versions 9.2.5 through 9.4.5, according to security researcher Egidio Romano, who discovered and reported the flaw in early November 2024. The HTTP response splitting flaws have been uncovered in the following URI paths - /nonauth/addCertException.cs /nonauth/guestConfirm.cs /nonauth/expiration.cs "User input passed ...
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

Jan 09, 2025 Zero Day / Vulnerability
Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3. "Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution," Ivanti said in an advisory . "Threat actor activity was identified by the Integrity Checker Tool (ICT) on the same day it occurred, enabling Ivanti to respond promptly and rapidly develop a fix." Also patched by the company is another high-severity flaw (CVE-2025-0283, CVSS score: 7.0) that allows a locally authenticated attacker to escalate their privileges. The vulnerabilities, addressed in version 22.7R2.5, imp...
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

Jan 09, 2025 Data Privacy / GDPR
The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc's own data privacy regulations. The development marks the first time the Commission has been held liable for infringing stringent data protection laws in the region. The court determined that a "sufficiently serious breach" was committed by transferring a German citizen's personal data, including their IP address and web browser metadata, to Meta's servers in the United States when visiting the now-inactive futureu.europa[.]eu website in March 2022. The individual registered for one of the events on the site by using the Commission's login service, which included an option to sign in using a Facebook account. "By means of the 'Sign in with Facebook' hyperlink displayed on the E.U. Login webpage, the Commission created the conditions for t...
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Jan 08, 2025 Email Security / Cybercrime
Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF) that can be used to prevent spammers from spoofing well-known domains, such measures have increasingly led them to leverage old, neglected domains in their operations. In doing so, the email messages are likely to bypass security checks that rely on the domain age as a means to identify spam. DNS threat intelligence firm Infoblox, in a new analysis shared with The Hacker News, discovered that threat actors, including Muddling Meerkat and others, have abused some of it...
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Jan 08, 2025 Malware / Windows Security
Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques," Cyfirma said in a technical analysis published last week. "It employs various mechanisms, including antivirus bypass, privilege escalation, anti-detection, and ransomware encryption targeting critical files." NonEuclid has been advertised in underground forums since at least late November 2024, with tutorials and discussions about the malware discovered on popular platforms like Discord and YouTube. This points to a concerted effort to distribute the malware as a crimeware solution. At its core, the RAT commences with an initialization phase for a client application, after which it performs a series of checks to evade detection prior to s...
Expert Insights / Articles Videos
Cybersecurity Resources