Russian-linked cyber espionage group TAG-110 is targeting organizations in Central Asia, East Asia, and Europe using sophisticated custom malware tools, HATVIBE and CHERRYSPY.

Learn how to defend against these targeted cyberattacks— https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html

A China-linked nation-state group named TAG-112 targeted Tibetan media and university websites, using a cyber espionage campaign to deliver the Cobalt Strike post-exploitation toolkit.

Learn more — https://thehackernews.com/2024/11/china-linked-tag-112-targets-tibetan.html

🛑 Watch out! The threat actor Mysterious Elephant (APT-K-47) is using a new trick: exploiting WinRAR’s security flaw to spread malware.

Their latest campaign uses Hajj-themed lures to deceive victims into executing a malicious payload disguised as a Microsoft CHM file.

Learn more about the tactics https://thehackernews.com/2024/11/apt-k-47-uses-hajj-themed-lures-to.html

Sapphire Sleet, a North Korea-linked threat group, has stolen over $10 million in cryptocurrency through sophisticated social engineering schemes.

Curious how these attacks work? Learn more: https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

Google blocks over 1,000 websites linked to China’s GLASSBRIDGE influence operation.

These fake news sites push pro-China narratives, disguising themselves as legitimate news outlets.

Learn more: https://thehackernews.com/2024/11/google-exposes-glassbridge-pro-china.html

Researchers have uncovered new attack techniques targeting infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Open Policy Agent (OPA), posing a severe risk to cloud platforms.

Learn how this attack works: https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html

Ever heard of attackers mimicking your device's profile to bypass security? It’s happening right now.

Modern phishing attacks gather detailed device info to impersonate victims, making detection harder than ever.

Learn more about these advanced techniques: https://thehackernews.com/2024/11/flying-under-radar-security-evasion.html

Google has just rolled out a new feature called "Restore Credentials," making it easier than ever to securely access third-party apps when transferring data to a new #Android device.

Discover how this feature works. https://thehackernews.com/2024/11/googles-new-restore-credentials-tool.html

🚨 A critical security flaw (CVE-2023-28461) impacting Array Networks AG and vxAG gateways has been added to the CISA's Known Exploited Vulnerabilities catalog after reports of active exploitation.

Read more about the flaw, its exploitation: https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html

A previously unknown China-linked hacking group, Earth Estries, has been discovered using custom backdoors—GHOSTSPIDER and MASOL RAT—to target Southeast Asian telecoms, #technology companies, and governments.

Read full details: https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

A Russia-aligned hacker group has used zero-day flaws in Firefox and Windows to deliver the RomCom backdoor malware.

The attack requires no user interaction—just visiting a compromised site is enough to trigger the exploit.

Read the full article: https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html

Turn strategy into action step-by-step! 👇

Master the 5 stages of the CTEM framework and take your cybersecurity to the next level:

1️⃣ Scoping
2️⃣ Discovery
3️⃣ Prioritization
4️⃣ Validation
5️⃣ Mobilization

Don’t just react to threats—stay ahead of them. Learn how XM Cyber can help you operationalize CTEM and secure your organization effectively.

👉 Discover the Guide: https://thn.news/operationalizing-ctem

💡 Swipe through the carousel to explore each stage in detail! 🚀

🛑 Two critical vulnerabilities found in WordPress’s CleanTalk plugin leave sites exposed to malicious attacks and data theft.

This exploit impacts over 200,000 sites—update your CleanTalk plugin ASAP!

Get the full details here: https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html

🚨 New threat alert: Matrix, a lone-wolf hacker, is using IoT devices as a botnet to launch widespread DDoS attack.

Learn how you can secure your systems and prevent similar threats. Full story here: https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html

🔒 INTERPOL’s massive operation across 19 African nations has resulted in over 1,000 arrests and the takedown of 134,000+ malicious networks.

Learn more about how this operation — https://thehackernews.com/2024/11/interpol-busts-african-cybercrime-1006.html

Zero Trust isn’t just a buzzword—it’s a necessity. Zero Trust Network Access (ZTNA) can replace VPNs, reduce lateral movement, and harden existing devices, making them nearly impossible to exploit.

Find out how to get started with Zero Trust for a stronger security posture: https://thehackernews.com/expert-insights/2024/11/defensible-security-architecture-and.html

APT-C-60 strikes again – this time with a targeted attack exploiting the WPS Office vulnerability (CVE-2024-7262) to deploy the SpyGlace backdoor.

Read more about how this advanced attack works: https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html

A new UEFI bootkit called Bootkitty has been discovered, designed specifically for Linux systems—marking a significant shift in the cyber threat landscape.

Read the full analysis — https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

Multi-stage cyberattacks are getting harder to detect and more dangerous than ever. Learn how they trick you into letting your guard down.

Attackers use links, embedded QR codes, and other sneaky methods to steal your credentials.

Learn how to spot these hidden threats: https://thehackernews.com/2024/11/latest-multi-stage-attack-scenarios.html

A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited.

It allows attackers to execute malicious code on vulnerable servers.

Don’t wait for an attack—patch now: https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html

T-Mobile has detected attempted cyber intrusions from an external provider's network—but no sensitive data was accessed.

Find out more: https://thehackernews.com/2024/11/us-telecom-giant-t-mobile-detects.html