Author: TheHackerNews

New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
Summary: A new variant of the macOS-focused Banshee Stealer malware has emerged, utilizing advanced encryption techniques to evade detection and posing a significant threat to macOS users worldwide. This iteration, which has been detected since late September 2024, is distributed through phishing websites and fake software repositories.…
Read More
Product Review: How Reco Discovers Shadow AI in SaaS
Summary: The rise of shadow AI poses significant security risks as employees use unauthorized AI tools without IT oversight, potentially exposing sensitive company data. Reco offers a solution to detect and manage these shadow AI applications within organizations.

Threat Actor: Shadow AI Users | shadow AI users Victim: Organizations | organizations

Key Point :

Shadow AI refers to unauthorized use of AI tools within organizations, increasing data security risks.…
Read More
MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan
Summary: Japan’s National Police Agency and NCSC have linked the threat actor MirrorFace to a persistent cyber attack campaign targeting Japanese organizations since 2019, aimed at stealing sensitive national security and technology information.

Threat Actor: MirrorFace | MirrorFace Victim: Various Japanese organizations | Japanese organizations

Key Point :

MirrorFace, also known as Earth Kasha, is a sub-group of APT10 with a history of targeting Japanese entities.…
Read More
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
Summary: Ransomware attacks are increasingly sophisticated, with a notable rise in encrypted attacks and significant ransom demands. Join an informative session to learn strategies for combating these evolving threats.

Threat Actor: Cybercriminals | cybercriminals Victim: Organizations | organizations

Key Point :

10.3% increase in encrypted attacks over the past year.…
Read More
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
Summary: Threat actors are exploiting a recently disclosed security flaw in GFI KerioControl firewalls, allowing for potential remote code execution (RCE) through a CRLF injection attack. The vulnerability, identified as CVE-2024-52875, affects multiple versions of the firewall and has led to active exploitation attempts.

Threat Actor: Unknown | unknown Victim: GFI KerioControl | GFI KerioControl

Key Point :

The vulnerability allows attackers to inject malicious inputs into HTTP response headers, leading to RCE.…
Read More
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Summary: Ivanti has reported a critical security vulnerability (CVE-2025-0282) affecting its products, which is currently being actively exploited, allowing unauthenticated remote code execution. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate patching.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

CVE-2025-0282 is a stack-based buffer overflow with a CVSS score of 9.0, affecting multiple Ivanti products.…
Read More
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Summary: Cybersecurity researchers have identified ongoing malspam campaigns where threat actors spoof sender email addresses, often using neglected domains to bypass security measures. These campaigns include phishing attempts and extortion schemes targeting various sectors, utilizing tactics like QR codes and impersonation of trusted brands.

Threat Actor: Muddling Meerkat | Muddling Meerkat Victim: Various sectors including legal, government, and construction | Various sectors

Key Point :

Threat actors are using old, neglected domains to spoof sender addresses and evade security checks.…
Read More
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques
Summary: Researchers have identified a new remote access trojan (RAT) named NonEuclid, which enables attackers to control compromised Windows systems with advanced evasion techniques. This sophisticated malware has been actively promoted in underground forums and platforms like Discord and YouTube, indicating a concerted effort to distribute it as a crimeware solution.…
Read More
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
Summary: A variant of the Mirai botnet, dubbed “gayfemboy,” is exploiting a newly disclosed vulnerability in Four-Faith industrial routers to conduct DDoS attacks, leveraging over 20 known security flaws and weak credentials. This botnet has been active since February 2024 and targets various entities globally, with significant activity noted in late 2024.…
Read More
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities catalog, indicating active exploitation. These vulnerabilities pose significant risks, particularly when chained together, allowing unauthorized access to sensitive files.

Threat Actor: Unknown | unknown Victim: Mitel and Oracle | Mitel and Oracle

Key Point :

CVE-2024-41713 (CVSS 9.1) allows unauthorized access to Mitel MiCollab.…
Read More
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
Summary: Cybersecurity researchers have identified significant firmware vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that could allow attackers to disable the device or implant persistent malware. The outdated BIOS firmware lacks essential security features, making it a target for exploitation.

Threat Actor: (state-based actors, ransomware actors) | state-based actors, ransomware actors Victim: (Illumina iSeq 100) | Illumina iSeq 100

Key Point :

Firmware vulnerabilities could allow attackers to overwrite system firmware, potentially bricking the device or installing malware.…
Read More
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year
Summary: This article reflects on the cybersecurity solutions that have become obsolete in 2024, highlighting their vulnerabilities and the advancements that have emerged to replace them. It emphasizes the importance of adapting to evolving cyber threats and the shift towards more secure technologies.

Threat Actor: Cybercriminals | cybercriminals Victim: Organizations | organizations

Key Point :

Legacy Multi-Factor Authentication (MFA) became obsolete due to vulnerabilities to modern attack techniques like phishing and SIM swapping.…
Read More
Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers
Summary: Moxa has identified two critical security vulnerabilities in its cellular routers and network security appliances that could lead to privilege escalation and unauthorized command execution. Users are urged to apply patches and implement security measures to mitigate potential risks.

Threat Actor: Unknown | unknown Victim: Moxa | Moxa

Key Point :

CVE-2024-9138 (CVSS 4.0 score: 8.6) allows authenticated users to escalate privileges and gain root access.…
Read More
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
Summary: Recent cyber attacks attributed to Chinese state-sponsored threat actors have targeted the U.S. Treasury Department and Taiwanese entities, raising concerns over national security and critical infrastructure. The attacks involve sophisticated techniques, including exploiting vulnerabilities and disinformation campaigns, highlighting the escalating cyber threat landscape.

Threat Actor: Chinese state-sponsored threat actors | Chinese state-sponsored threat actors Victim: U.S.…

Read More
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
Summary: An updated variant of the EAGERBEE malware framework has been targeting ISPs and governmental entities in the Middle East, showcasing advanced capabilities for system manipulation and remote access. This malware has been linked to various threat actors, including CoughingDown and Cluster Alpha, indicating a complex landscape of cyber espionage.…
Read More

Summary: FireScam is an Android malware disguised as a premium Telegram app that steals sensitive data and maintains remote control over infected devices through a sophisticated multi-stage infection process.

Threat Actor: Unknown | FireScam Victim: Android Users | Telegram

Key Point :

FireScam is distributed via a phishing site that mimics the RuStore app store, delivering a dropper APK that installs the main malware payload.…
Read More