Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer The Hacker [email protected] (The Hacker News)
January 16, 2025

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious …


Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws The Hacker [email protected] (The Hacker News)
January 15, 2025

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the …


Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager The Hacker [email protected] (The Hacker News)
January 15, 2025

Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All …


Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes The Hacker [email protected] (The Hacker News)
January 15, 2025

Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The …


Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 The Hacker [email protected] (The Hacker News)
January 15, 2025

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver …


North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains The Hacker [email protected] (The Hacker News)
January 15, 2025

Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups …


Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool The Hacker [email protected] (The Hacker News)
January 15, 2025

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a …


The High-Stakes Disconnect For ICS/OT Security The Hacker [email protected] (The Hacker News)
January 15, 2025

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain …


FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation The Hacker [email protected] (The Hacker News)
January 14, 2025

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as …


3 Actively Exploited Zero-Day Flaws Patched in Microsoft’s Latest Security Update The Hacker [email protected] (The Hacker News)
January 14, 2025

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in …