🎭 North Korean actors are using fake identities and front companies to secure IT jobs globally. Their income is funneled back to fund DPRK’s WMD and ballistic missile programs.

Learn more: https://thehackernews.com/2024/11/north-korean-front-companies.html

Do your employees keep getting phished with adversary-in-the-middle AitM kits like Evilginx, Nakedpages, and Tycoon? You aren’t the only one…

Find out why attackers are getting through your anti-phishing controls in the latest webinar from Push Security.

Register for your space here: https://thn.news/phish-kit-webinar-tg

PAM automates password management and rotation, a simple yet powerful way to prevent breaches.

It minimizes human error, helping you stay ahead of credential-based attacks.

Learn how PAM secures your systems with automated password management: https://thehackernews.com/2024/11/10-most-impactful-pam-use-cases-for.html

🚨 New China-linked APT Gelsemium targets #Linux—The notorious group has launched a new Linux backdoor, WolfsBane, alongside another malware tool called FireWood, raising cybersecurity alarms.

WolfsBane and FireWood are targeting East & Southeast Asia, exploiting unknown vulnerabilities to steal sensitive data.

Read: https://thehackernews.com/2024/11/chinese-apt-gelsemium-targets-linux.html

Over 145,000 industrial control systems (ICS) are exposed to the internet across 175 countries, with the U.S. leading the pack.

New malware strains like FrostyGoop are leveraging vulnerabilities in Modbus TCP to target exposed ICS devices.

Read — https://thehackernews.com/2024/11/over-145000-industrial-control-systems.html

🚨 THREAT ALERT! Over 2,000 Palo Alto Networks devices have been compromised in an ongoing, widespread attack.

The vulnerabilities, CVE-2024-0012 and CVE-2024-9474, could allow attackers to execute arbitrary code and deploy malware on affected devices.

🔒 Don’t wait for a breach—learn more about this campaign and how to protect your devices: https://thehackernews.com/2024/11/warning-over-2000-palo-alto-networks.html

🛡️⚡ Is Your Business Prepared for Certificate Revocations?

Don’t wait for a crisis! Check out our latest webinar to learn how automation can quickly minimize disruptions when certificates are revoked.

Watch NOW and learn how to stay agile: https://thehacker.news/rapid-ssl-certificate

🛑 Malicious Python packages impersonating AI models like ChatGPT and Claude have been found on PyPI.

They’ve been used to deploy a dangerous information stealer, JarkaStealer, which silently harvested sensitive data from victims before erasing all traces.

Discover the full extent of this attack — https://thehackernews.com/2024/11/pypi-attack-chatgpt-claude.html

✅ Microsoft seized 240 fraudulent websites linked to an Egypt-based cybercriminal behind the ONNX phishing kit.

✅ The DoJ dismantled PopeyeTools, a marketplace for stolen financial data and fraud tools.

✅ Meta took down over 2M accounts tied to Southeast Asian pig butchering scam centers.

Find all details here: https://thehackernews.com/2024/11/microsoft-meta-and-doj-disrupt-global.html

Russian-linked cyber espionage group TAG-110 is targeting organizations in Central Asia, East Asia, and Europe using sophisticated custom malware tools, HATVIBE and CHERRYSPY.

Learn how to defend against these targeted cyberattacks— https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html

A China-linked nation-state group named TAG-112 targeted Tibetan media and university websites, using a cyber espionage campaign to deliver the Cobalt Strike post-exploitation toolkit.

Learn more — https://thehackernews.com/2024/11/china-linked-tag-112-targets-tibetan.html

🛑 Watch out! The threat actor Mysterious Elephant (APT-K-47) is using a new trick: exploiting WinRAR’s security flaw to spread malware.

Their latest campaign uses Hajj-themed lures to deceive victims into executing a malicious payload disguised as a Microsoft CHM file.

Learn more about the tactics https://thehackernews.com/2024/11/apt-k-47-uses-hajj-themed-lures-to.html

Sapphire Sleet, a North Korea-linked threat group, has stolen over $10 million in cryptocurrency through sophisticated social engineering schemes.

Curious how these attacks work? Learn more: https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

Google blocks over 1,000 websites linked to China’s GLASSBRIDGE influence operation.

These fake news sites push pro-China narratives, disguising themselves as legitimate news outlets.

Learn more: https://thehackernews.com/2024/11/google-exposes-glassbridge-pro-china.html

Researchers have uncovered new attack techniques targeting infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Open Policy Agent (OPA), posing a severe risk to cloud platforms.

Learn how this attack works: https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html

Ever heard of attackers mimicking your device's profile to bypass security? It’s happening right now.

Modern phishing attacks gather detailed device info to impersonate victims, making detection harder than ever.

Learn more about these advanced techniques: https://thehackernews.com/2024/11/flying-under-radar-security-evasion.html

Google has just rolled out a new feature called "Restore Credentials," making it easier than ever to securely access third-party apps when transferring data to a new #Android device.

Discover how this feature works. https://thehackernews.com/2024/11/googles-new-restore-credentials-tool.html

🚨 A critical security flaw (CVE-2023-28461) impacting Array Networks AG and vxAG gateways has been added to the CISA's Known Exploited Vulnerabilities catalog after reports of active exploitation.

Read more about the flaw, its exploitation: https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html

A previously unknown China-linked hacking group, Earth Estries, has been discovered using custom backdoors—GHOSTSPIDER and MASOL RAT—to target Southeast Asian telecoms, #technology companies, and governments.

Read full details: https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

A Russia-aligned hacker group has used zero-day flaws in Firefox and Windows to deliver the RomCom backdoor malware.

The attack requires no user interaction—just visiting a compromised site is enough to trigger the exploit.

Read the full article: https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html

Turn strategy into action step-by-step! 👇

Master the 5 stages of the CTEM framework and take your cybersecurity to the next level:

1️⃣ Scoping
2️⃣ Discovery
3️⃣ Prioritization
4️⃣ Validation
5️⃣ Mobilization

Don’t just react to threats—stay ahead of them. Learn how XM Cyber can help you operationalize CTEM and secure your organization effectively.

👉 Discover the Guide: https://thn.news/operationalizing-ctem

💡 Swipe through the carousel to explore each stage in detail! 🚀