*Security researchers discovered attackers can re-register abandoned AWS S3 buckets to intercept millions of file requests and deliver malware, a vulnerability AWS has not addressed despite warnings.
01 10 11 Table of Contents 1. Update: Poseidon Stealer Targets Mac Users via Fake DeepSeek Website 2. 200 Malicious GitHub Repositories Distributing Malware to Developers 3. Over 35,000 Websites Hacked to Inject Malicious Scripts Redirecting Users to Chinese Websites 1. A sophisticated malware campaign actively targets macOS users
01001 10110 11010 00101 11100 01111 Breakdown In recent years, there has been a significant increase in voice phishing, or "vishing," attacks, largely due to advancements in artificial intelligence (AI). AI-powered voice cloning technology enables scammers to create highly convincing audio deepfakes, mimicking the voices o
01 10 11 Table of Contents 1. SpyLend Android Malware Downloaded 100,000 Times from Google Play 2. GhostSocks Malware Uses SOCKS5 Proxy to Evade Detection Systems 3. LockBit Ransomware Strikes: Exploiting a Confluence Vulnerability 1. SpyLend, an Android malware app posing as a financial management tool, was downloaded over
01 10 11 Table of Contents 1. New Darcula 3.0 Tool Generates Phishing Kits to Mimic Global Brands 2. Pegasus Spyware Now Targeting Business Executives and Financial Sector Professionals 3. CL0P Ransomware Launches Large-Scale Attacks on Telecom and Healthcare Sectors 1. The cybercriminal group behind the Darcula-suite phishing platform
01 10 11 Table of Contents 1. Phishing Attack Hides JavaScript Using Invisible Unicode Trick 2. Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability 3. CISA and FBI: Ghost Ransomware Breached Orgs in 70 Countries 1. A newly discovered JavaScript obfuscation technique leveraging invisible Unicode characters is being actively
01 10 11 Table of Contents 1. New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection 2. Chinese hackers abuse Microsoft APP-v tool to evade antivirus 3. Mozilla Addresses High-Severity Memory Safety Vulnerabilities in Firefox 135.0.1 4. CISA Warns of Active Exploitation of SonicWall SonicOS RCE Vulnerability
Monthly Wrap
Overview The cybersecurity landscape in January 2025 exhibited a rapid evolution of attack techniques, increased supply chain compromises, and advanced AI-powered threats. Major threat actors, including state-sponsored advanced persistent threat (APT) groups and financially motivated cybercriminals, continued to exploit vulnerabilities in critical infrastructure, enterprise networks, and cloud environments. One of