Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks The Hacker [email protected] (The Hacker News)
January 14, 2025

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical …


Microsoft: Happy 2025. Here’s 161 Security Updates Krebs on SecurityBrianKrebs
January 14, 2025

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday …


Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation The Hacker [email protected] (The Hacker News)
January 14, 2025

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System …


Google OAuth Vulnerability Exposes Millions via Failed Startup Domains The Hacker [email protected] (The Hacker News)
January 14, 2025

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive …


4 Reasons Your SaaS Attack Surface Can No Longer be Ignored The Hacker [email protected] (The Hacker News)
January 14, 2025

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new …


Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions The Hacker [email protected] (The Hacker News)
January 14, 2025

The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit …


Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces The Hacker [email protected] (The Hacker News)
January 14, 2025

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on …


Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware The Hacker [email protected] (The Hacker News)
January 14, 2025

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign …


CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks The Hacker [email protected] (The Hacker News)
January 13, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited …


Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners The Hacker [email protected] (The Hacker News)
January 13, 2025

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz …