01/23

Hundreds of fake Reddit sites push Lumma Stealer malware

https://www.bleepingcomputer.com/news/security/hundreds-of-fake-reddit-sites-push-lumma-stealer-malware/
Hundreds of fake Reddit sites push Lumma Stealer malware

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

https://thehackernews.com/2025/01/custom-backdoor-exploiting-magic-packet.html
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform · GitHub

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform · GitHub

Stealthy 'Magic Packet' malware targets Juniper VPN gateways

https://www.bleepingcomputer.com/news/security/stealthy-magic-packet-malware-targets-juniper-vpn-gateways/
Stealthy 'Magic Packet' malware targets Juniper VPN gateways

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

https://thehackernews.com/2025/01/palo-alto-firewalls-found-vulnerable-to.html
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

Tesla EV charger hacked twice on second day of Pwn2Own Tokyo

https://www.bleepingcomputer.com/news/security/tesla-ev-charger-hacked-twice-on-second-day-of-pwn2own-tokyo/
Tesla EV charger hacked twice on second day of Pwn2Own Tokyo

SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-rce-flaw-exploited-in-zero-day-attacks/
SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

FortiGate Dump Domains - Grouped by TLD and Sorted Alphabetically · GitHub

https://gist.github.com/Neo23x0/e2cb09c3a193218c28424fe768605103
FortiGate Dump Domains - Grouped by TLD and Sorted Alphabetically · GitHub

FBI: North Korean IT workers steal source code to extort employers

https://www.bleepingcomputer.com/news/security/fbi-north-korean-it-workers-steal-source-code-to-extort-employers/
FBI: North Korean IT workers steal source code to extort employers

CISA: Hackers still exploiting older Ivanti bugs to breach networks

https://www.bleepingcomputer.com/news/security/cisa-hackers-still-exploiting-older-ivanti-bugs-to-breach-networks/
CISA: Hackers still exploiting older Ivanti bugs to breach networks

https://raw.githubusercontent.com/GossiTheDog/Monitoring/refs/heads/main/Fortigate-Config-Dump-emails.txt

https://raw.githubusercontent.com/GossiTheDog/Monitoring/refs/heads/main/Fortigate-Config-Dump-emails.txt

Oh my .. ! - Suspicious network traffic detected including Ransomware | dfir.ch

https://dfir.ch/posts/suspicious_network_traffic_ransomware/
Oh my .. ! - Suspicious network traffic detected including Ransomware | dfir.ch

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Critical zero-days impact premium WordPress real estate plugins

https://www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/
Critical zero-days impact premium WordPress real estate plugins

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

https://thehackernews.com/2025/01/qakbot-linked-bc-malware-adds-enhanced.html
QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

https://www.bleepingcomputer.com/news/security/qnap-fixes-six-rsync-vulnerabilities-in-hbs-nas-backup-recovery-app/
QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

https://thehackernews.com/2025/01/sonicwall-urges-immediate-patch-for.html
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

https://thehackernews.com/2025/01/experts-find-shared-codebase-linking.html
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

Tesla Charger Exploits Earn Hackers $129,000 at Pwn2Own - SecurityWeek

https://www.securityweek.com/tesla-charger-exploits-earn-hackers-129000-at-pwn2own/
Tesla Charger Exploits Earn Hackers $129,000 at Pwn2Own - SecurityWeek

Cloudflare CDN flaw leaks user location data, even through secure chat apps

https://www.bleepingcomputer.com/news/security/cloudflare-cdn-flaw-leaks-user-location-data-even-through-secure-chat-apps/
Cloudflare CDN flaw leaks user location data, even through secure chat apps

SonicWall Learns From Microsoft About Potentially Exploited Zero-Day - SecurityWeek

https://www.securityweek.com/sonicwall-learns-from-microsoft-about-potentially-exploited-zero-day/
SonicWall Learns From Microsoft About Potentially Exploited Zero-Day - SecurityWeek

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

New Android Identity Check locks settings outside trusted locations

https://www.bleepingcomputer.com/news/security/new-android-identity-check-locks-settings-outside-trusted-locations/
New Android Identity Check locks settings outside trusted locations

Tracking Adversaries: Ghostwriter APT Infrastructure

https://blog.bushidotoken.net/2025/01/tracking-adversaries-ghostwriter-apt.html
Tracking Adversaries: Ghostwriter APT Infrastructure