50,000 Fortinet Firewalls Remain Vulnerable to Critical Zero-Day Exploit 

As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches. 

Source: https://cybersecuritynews.com/50000-fortinet-firewalls-remain-vulnerable-to-critical-zero-day-exploit/
 

GDPR complaints filed against TikTok, Temu for sending user data to China 

Non-profit privacy advocacy group “None of Your Business” (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user’s data to China and infringing European Union’s general data protection regulation (GDPR). 

Source: https://www.bleepingcomputer.com/news/security/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china/
 

HPE investigates breach as hacker claims to steal source code 

Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company’s developer environments. 

Source: https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-investigates-new-breach-claims/
 

Mercedes-Benz User Experience Systems Exploited to Gain Remote Access 

Cybersecurity researchers have identified significant vulnerabilities within the Mercedes-Benz User Experience (MBUX) infotainment system, leading to unauthorized remote access capabilities.   

Source: https://cybersecuritynews.com/mercedes-benz-user-experience-systems-exploited/
 

Otelier data breach exposes info, hotel reservations of millions 

Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests’ personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. 

Source: https://www.bleepingcomputer.com/news/security/otelier-data-breach-exposes-info-hotel-reservations-of-millions/
 

FTC orders GM to stop collecting and selling driver’s data 

The Federal Trade Commission (FTC) is taking action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and selling drivers’ precise geolocation and driving behavior data from millions of vehicles. 

Source: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/
 

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks 

Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. 

Source: https://www.bleepingcomputer.com/news/security/ransomware-gangs-pose-as-it-support-in-microsoft-teams-phishing-attacks

Star Blizzard hackers abuse WhatsApp to target high-value diplomats 

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. 

Source: https://www.bleepingcomputer.com/news/security/star-blizzard-hackers-abuse-whatsapp-to-target-high-value-diplomats/
 

Fake Homebrew Google ads target Mac users with malware 

Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. 

Source: https://www.bleepingcomputer.com/news/security/fake-homebrew-google-ads-target-mac-users-with-malware/
 

1,000+ Malicious Domains Mimic Reddit & WeTransfer To Deliver Malware 

Over 1,000 malicious domains have been identified that impersonate popular platforms like Reddit and WeTransfer to distribute malware, primarily the notorious Lumma Stealer. 

Source: https://cybersecuritynews.com/1000-malicious-domains-mimic-reddit-wetransfer/
 

  

Smarttech247