Author: [email protected] (The Hacker News)

Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. “The malware is compiled in Golang and once executed it acts like a backdoor,” security researcher Leandro Fróes … Read More “New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations  – The Hacker News” »

Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage … Read More “⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More  – The Hacker News” »

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. … Read More “Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls  – The Hacker News” »

A phishing attack dubbed DEEP#DRIVE is targeting South Korean entities, with thousands already affected. North Korean hackers from…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating … Read More “Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts  – CyberScoop” »

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. “If executed at scale, this attack could be used to gain access to thousands of accounts,” Datadog … Read More “New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution  – The Hacker News” »

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with … Read More “Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks  – The Hacker News” »

Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network’s domain controller as part of their post-compromise strategy. “RansomHub has targeted over 600 organizations globally, spanning sectors  – Read More  … Read More “RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally  – The Hacker News” »

Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas  … Read More “Microsoft: Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts  – The Hacker News” »

Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals’ tactics.’ This article explores some of the impacts of this GenAI-fueled acceleration. … Read More “AI-Powered Social Engineering: Ancillary Tools and Techniques  – The Hacker News” »

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. … Read More “PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks  – The Hacker News” »

 As technology and policy representatives around the world convened in Paris, France this week to find balance between safety and innovation in AI, Vice President JD Vance was blunt about how the Trump administration is planning to position itself.  “I’m not here to talk about AI safety, which was the title of this conference a … Read More “In Paris, U.S. signals shift from AI safety to deregulation  – CyberScoop” »

Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But nearly a year later, Mozilla is still promoting it … Read More “Nearly a Year Later, Mozilla is Still Promoting OneRep  – Krebs on Security” »

Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating … Read More “Salt Typhoon remains active, hits more telecom networks via Cisco routers  – CyberScoop” »

Doxbin Data Breach: Hackers leak 136,000+ user records, emails, and a ‘blacklist’ file, exposing those who paid to…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

Identity security giant CyberArk has acquired Boston-based Zilla Security, a cloud-native identity governance and administration startup, in a deal worth up to $175 million. The acquisition, announced Thursday, includes $165 million in cash and a $10 million earn-out contingent on performance milestones. Zilla’s co-founders, CEO Deepak Taneja and Nitin Sonawane, along with their team, will … Read More “CyberArk acquires Zilla Security in $175 million deal   – CyberScoop” »

New Astaroth Phishing Kit bypasses 2FA (two-factor authentication) to steal Gmail, Yahoo and Microsoft login credentials using a…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News 

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. “The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a … Read More “Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners  – The Hacker News” »

A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, … Read More “North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks  – The Hacker News” »

Super-admin access vulnerability discovered in FortiOS Security Fabric. Exploitation could lead to widespread network breaches. Update now. Fortinet has…  – Read More  – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News