The Hacker News.

"Italy bans Chinese DeepSeek AI over data privacy and ethical concerns."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondent.  Accessed on 02 February 2025, 2223 UTC.

Content and Source:  Email subscription via https://feedly.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 The Hacker News

205K followers33 articles per week#security#tech

43

Most popular

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

Lateral Movement (Enterprise TA0008)

•

100+by info@thehackernews.com (The Hacker News) / 2d

•

DeepSeek challenges US AI dominance

Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wanted

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

WhatsApp accuses Paragon of spyware

•

100+by info@thehackernews.com (The Hacker News) / 1d

Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said it has reached

Jan 31, 2025

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

IoC > 1 URL

•

100+by info@thehackernews.com (The Hacker News) / 1d

•

4 TTPs

•

Authorities disrupt Pakistani fraud network

U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

75by info@thehackernews.com (The Hacker News) / 1d

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

IoC > 1 domain

•

75by info@thehackernews.com (The Hacker News) / 1d

•

10 TTPs

•

Microsoft advertisers targeted by phishing ads

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. "These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jérôme Segura, senior

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

3 TTPs

•

62by info@thehackernews.com (The Hacker News) / 2d

•

CVE-2025-0683

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA

Top 5 AI-Powered Social Engineering Attacks

45by info@thehackernews.com (The Hacker News) / 2d

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

3 TTPs

•

74by info@thehackernews.com (The Hacker News) / 2d

•

Google enhances Android app security

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with

Jan 30, 2025

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

3 TTPs

•

57by info@thehackernews.com (The Hacker News) / 2d

Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

6 TTPs

•

100+by info@thehackernews.com (The Hacker News) / 3d

•

State actors exploit Google's Gemini AI

Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

3 TTPs

•

72by info@thehackernews.com (The Hacker News) / 3d

•

Law enforcement seizes major cybercrime forums

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

3 TTPs

•

60by info@thehackernews.com (The Hacker News) / 3d

Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in

SOC Analysts - Reimagining Their Role Using AI

AI transforms SOC efficiency

•

56by info@thehackernews.com (The Hacker News) / 3d

The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

IoC > 2 domains

•

500+by info@thehackernews.com (The Hacker News) / 3d

•

DeepSeek database exposes user data

Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal

Jan 29, 2025

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

6 TTPs

•

31by info@thehackernews.com (The Hacker News) / 3d

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

6 TTPs

•

54by info@thehackernews.com (The Hacker News) / 3d

•

CVE-2024-41710

A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

11 TTPs

•

67by info@thehackernews.com (The Hacker News) / 4d

The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's

AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts

28by info@thehackernews.com (The Hacker News) / 4d

Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

Impact (Enterprise TA0040)

•

43by info@thehackernews.com (The Hacker News) / 4d

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the

How Interlock Ransomware Infects Healthcare Organizations

IoC > 1 IP

•

24by info@thehackernews.com (The Hacker News) / 4d

•

24 TTPs

•

Ransomware groups target healthcare sector

Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. This breach shows just how deeply ransomware

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

5 TTPs

•

70by info@thehackernews.com (The Hacker News) / 4d

•

CVE-2025-22604

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. "Due to a flaw in the multi-line SNMP result parser, authenticated users can inject

Jan 28, 2025

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

13 TTPs

•

31by info@thehackernews.com (The Hacker News) / 4d

The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063's operations, particularly documenting their expansion beyond their initial focus on Central Asia,

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

CVE-2025-22217

•

27by info@thehackernews.com (The Hacker News) / 4d

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. "A malicious user with network access may be able to use specially crafted SQL queries to gain database

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

6 TTPs

•

52by info@thehackernews.com (The Hacker News) / 4d

Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert

E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries

2 TTPs

•

29by info@thehackernews.com (The Hacker News) / 4d

•

EU sanctions GRU members for cyberattacks

The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said. Per the council decision, all the

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

12 TTPs

•

87by info@thehackernews.com (The Hacker News) / 5d

•

PureCrypter targets Poland Germany users

A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so

OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

5 TTPs

•

70by info@thehackernews.com (The Hacker News) / 5d

Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including

AI SOC Analysts: Propelling SecOps into the future

33by info@thehackernews.com (The Hacker News) / 5d

Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. Security

Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations

14 TTPs

•

68by info@thehackernews.com (The Hacker News) / 5d

•

Ransomware targets VMware ESXi stealthily

Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

68by info@thehackernews.com (The Hacker News) / 5d

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them