Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection The Hacker [email protected] (The Hacker News)
January 9, 2025

Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution …


E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws The Hacker [email protected] (The Hacker News)
January 9, 2025

The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the …


Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure The Hacker [email protected] (The Hacker News)
January 8, 2025

Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability …


Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections The Hacker [email protected] (The Hacker News)
January 8, 2025

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is …


Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques The Hacker [email protected] (The Hacker News)
January 8, 2025

Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan (RAT), developed in …


Top 5 Malware Threats to Prepare Against in 2025 The Hacker [email protected] (The Hacker News)
January 8, 2025

2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend …


Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks The Hacker [email protected] (The Hacker News)
January 8, 2025

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The …


FCC Launches ‘Cyber Trust Mark’ for IoT Devices to Certify Security Compliance The Hacker [email protected] (The Hacker News)
January 8, 2025

The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a …


CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation The Hacker [email protected] (The Hacker News)
January 7, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of …


A Day in the Life of a Prolific Voice Phishing Crew Krebs on SecurityBrianKrebs
January 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details …