From $22M in Ransom to +100M Stolen Records: 2025’s All-Star SaaS Threat Actors to Watch The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 6, 2025

In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 …


FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 6, 2025

An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised …


Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 6, 2025

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By …


Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 4, 2025

A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious …


PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 4, 2025

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, …


U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 4, 2025

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks …


New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60% The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 3, 2025

Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious …


LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 3, 2025

A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is …


Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 2, 2025

Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most …


Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 2, 2025

Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was …