Android’s New Identity Check Feature Locks Device Settings Outside Trusted Locations The Hacker [email protected] (The Hacker News)
January 24, 2025

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, …


CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List The Hacker [email protected] (The Hacker News)
January 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on …


Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits The Hacker [email protected] (The Hacker News)
January 23, 2025

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't …


Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks The Hacker [email protected] (The Hacker News)
January 23, 2025

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs …


Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers The Hacker [email protected] (The Hacker News)
January 23, 2025

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity …


Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads The Hacker [email protected] (The Hacker News)
January 23, 2025

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, …


How to Eliminate Identity-Based Threats The Hacker [email protected] (The Hacker News)
January 23, 2025

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as …


SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation The Hacker [email protected] (The Hacker News)
January 23, 2025

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a …


New Research: The State of Web Exposure 2025 The Hacker [email protected] (The Hacker News)
January 23, 2025

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to …


QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features The Hacker [email protected] (The Hacker News)
January 23, 2025

Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module …