🚨 A critical security flaw (CVE-2023-28461) impacting Array Networks AG and vxAG gateways has been added to the CISA's Known Exploited Vulnerabilities catalog after reports of active exploitation.

Read more about the flaw, its exploitation: https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html

A previously unknown China-linked hacking group, Earth Estries, has been discovered using custom backdoors—GHOSTSPIDER and MASOL RAT—to target Southeast Asian telecoms, #technology companies, and governments.

Read full details: https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

A Russia-aligned hacker group has used zero-day flaws in Firefox and Windows to deliver the RomCom backdoor malware.

The attack requires no user interaction—just visiting a compromised site is enough to trigger the exploit.

Read the full article: https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html

Turn strategy into action step-by-step! 👇

Master the 5 stages of the CTEM framework and take your cybersecurity to the next level:

1️⃣ Scoping
2️⃣ Discovery
3️⃣ Prioritization
4️⃣ Validation
5️⃣ Mobilization

Don’t just react to threats—stay ahead of them. Learn how XM Cyber can help you operationalize CTEM and secure your organization effectively.

👉 Discover the Guide: https://thn.news/operationalizing-ctem

💡 Swipe through the carousel to explore each stage in detail! 🚀

🛑 Two critical vulnerabilities found in WordPress’s CleanTalk plugin leave sites exposed to malicious attacks and data theft.

This exploit impacts over 200,000 sites—update your CleanTalk plugin ASAP!

Get the full details here: https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html

🚨 New threat alert: Matrix, a lone-wolf hacker, is using IoT devices as a botnet to launch widespread DDoS attack.

Learn how you can secure your systems and prevent similar threats. Full story here: https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html

🔒 INTERPOL’s massive operation across 19 African nations has resulted in over 1,000 arrests and the takedown of 134,000+ malicious networks.

Learn more about how this operation — https://thehackernews.com/2024/11/interpol-busts-african-cybercrime-1006.html

Zero Trust isn’t just a buzzword—it’s a necessity. Zero Trust Network Access (ZTNA) can replace VPNs, reduce lateral movement, and harden existing devices, making them nearly impossible to exploit.

Find out how to get started with Zero Trust for a stronger security posture: https://thehackernews.com/expert-insights/2024/11/defensible-security-architecture-and.html

APT-C-60 strikes again – this time with a targeted attack exploiting the WPS Office vulnerability (CVE-2024-7262) to deploy the SpyGlace backdoor.

Read more about how this advanced attack works: https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html

A new UEFI bootkit called Bootkitty has been discovered, designed specifically for Linux systems—marking a significant shift in the cyber threat landscape.

Read the full analysis — https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

Multi-stage cyberattacks are getting harder to detect and more dangerous than ever. Learn how they trick you into letting your guard down.

Attackers use links, embedded QR codes, and other sneaky methods to steal your credentials.

Learn how to spot these hidden threats: https://thehackernews.com/2024/11/latest-multi-stage-attack-scenarios.html

A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited.

It allows attackers to execute malicious code on vulnerable servers.

Don’t wait for an attack—patch now: https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html

T-Mobile has detected attempted cyber intrusions from an external provider's network—but no sensitive data was accessed.

Find out more: https://thehackernews.com/2024/11/us-telecom-giant-t-mobile-detects.html

Cybercriminals are using Godot Engine, a popular open-source game engine, to spread #malware undetected across Windows, macOS, and Linux devices.

Over 17,000 systems have been infected since June 2024.

Find details here — https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html

🚨 A software supply chain attack has been active for over a year on npm.

Researchers discovered a seemingly harmless xmlrpc library that secretly exfiltrated sensitive data and mined cryptocurrency.

👉 Read more: https://thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html

With tools struggling to keep up, AppSec teams are often left overwhelmed. "Shift left" was supposed to be the answer, but the true breakthrough is “shift right.”

Curious about how this change is shaping AppSec?

Learn more in the article: https://thehackernews.com/expert-insights/2024/11/breathing-new-life-into-stagnant-appsec.html

Nearly two dozen security vulnerabilities have been identified in Advantech EKI industrial-grade wireless access point devices, which could allow remote attackers to fully compromise industrial systems

Learn more — https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html

🔓 A 59-year-old man sentenced to 4 years for sharing sensitive corporate and political data with China's Ministry of State Security (MSS).

🔗 Read more: https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html

🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild.

Get the full details — https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html

⚠️ Warning: Rockstar 2FA phishing kit bypasses Microsoft 365 MFA, intercepting credentials and session cookies. MFA is no longer enough.

Learn how this threat works and how to protect your business: https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html

The digital and physical worlds are merging, opening up new opportunities but also creating significant security challenges.

Failing to secure both realms can lead to devastating breaches.

Learn how to protect your business from these evolving threats: https://thehackernews.com/2024/11/protecting-tomorrows-world-shaping.html