A new #vulnerability in Styra's Open Policy Agent (CVE-2024-8260) could expose NTLM credentials to attackers.

Attackers can exploit it to relay authentication, reinforcing the need for stringent input validation across all applications.

Read: https://thehackernews.com/2024/10/security-flaw-in-styras-opa-exposes.html

North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector.

Exploitation strategy involved social media manipulation and fake game promotions.

Learn more: https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html

Cisco has patched CVE-2024-20481, a #vulnerability affecting its ASA and Firepower devices that could lead to a denial-of-service (DoS) for Remote Access VPNs.

Learn more: https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html

Researchers identified a #vulnerability in AWS CDK that may lead to account takeover, with over 1% of users at risk from predictable S3 bucket names.

The solution: update your CDK version and customize bucket names.

Read: https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html

Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access.

Find details here → https://thehackernews.com/2024/10/researchers-discover-command-injection.html

High-severity CVE-2024-50550 #vulnerability in LiteSpeed Cache plugin allows unauthorized access, highlighting critical security implications for WordPress users.

Read: https://thehackernews.com/2024/10/litespeed-cache-plugin-vulnerability.html

Google warns of active exploitation of CVE-2024-43093 in Android.

This #vulnerability allows unauthorized access to critical directories, emphasizing the need for timely updates and patching processes.

https://thehackernews.com/2024/11/google-warns-of-actively-exploited-cve.html

🚨 CISA has added a critical #vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog.

This flaw allows attackers to take over admin accounts, risking sensitive data.

👉 Read details: https://thehackernews.com/2024/11/cisa-alerts-to-active-exploitation-of.html

Researchers have identified a #vulnerability in Citrix Virtual Apps that allows unauthenticated RCE through improper deserialization.

Read more: https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html

Patches are available, but many organizations may still be exposed if not updated.

Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft.

Read: https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html

⚠️ Researchers have identified a high-severity #vulnerability (CVE-2024-10979) in PostgreSQL, allowing unprivileged users to alter environment variables, leading to potential code execution or information leaks.

Read: https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html

🔴 New Threat Alert: BrazenBamboo, a well-resourced group, is exploiting an UNPATCHED zero-day #vulnerability in Fortinet's FortiClient for Windows to extract VPN credentials.

Learn more: https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html

Google's AI-driven tool OSS-Fuzz uncovered 26 flaws across various open-source repositories, including a serious flaw (CVE-2024-9143) in OpenSSL, marking a milestone in automated #vulnerability detection.

Read the full article here — https://thehackernews.com/2024/11/googles-ai-powered-oss-fuzz-tool-finds.html

False positives are a headache, but a false negative? That’s where the real danger lies.

Imagine thinking you've fixed a #vulnerability, only for attackers to sneak in undetected. Aesop’s Boy Who Cried Wolf is still relevant today.

A false negative could cost your company everything—from compromised credentials to ransomware. Are your defenses really working?

Find out why ASV tools are the cybersecurity game-changer you need. Read the full story here: https://thehackernews.com/2024/11/cyber-story-time-boy-who-cried-secure.html

A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited.

It allows attackers to execute malicious code on vulnerable servers.

Don’t wait for an attack—patch now: https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html

U.S. has unsealed charges against a Chinese hacker for exploiting a zero-day #vulnerability in 81,000 Sophos firewalls, enabling the infiltration of critical systems, the theft of sensitive data, and targeting U.S. infrastructure.

Learn more: https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

🚨 Apple's TCC framework #vulnerability exposed!

A now-patched flaw (CVE-2024-44131) allowed unauthorized apps to access sensitive data like Health info, microphone, and #iCloud backups—without users knowing.

Learn more: https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html

🛡️ Critical OpenWrt #vulnerability (CVE-2024-54143) discovered — With just a 12-character hash collision, attackers can replace legitimate firmware with a malicious alternative, all without authentication.

Discover the technical details: https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html