Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html

In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack.This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity_10.html

Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit, Trend Micro researchers Ted Lee and https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems.The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html

Given Oktas role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for https://thehackernews.com/2025/02/dont-overlook-these-6-critical-okta.html

You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: Pay $2 million in Bitcoin within 48 hours or lose everything.And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get https://thehackernews.com/2025/02/top-3-ransomware-threats-active-in-2025.html

Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023.The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.The number of ransomware events increased into H2, but on-chain payments declined, https://thehackernews.com/2025/02/ransomware-extortion-drops-to-8135m-in.html

Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China.This actor has increasingly targeted key roles https://thehackernews.com/2025/02/fake-google-chrome-sites-distribute.html

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.The vulnerabilities are listed below -CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote https://thehackernews.com/2025/02/cisco-patches-critical-ise.html