🔥 Critical Security Alert! Ivanti uncovers a CVSS 10.0-rated vulnerability allowing unauthenticated attackers to gain admin access in their Cloud Services Application.

This flaw isn’t alone—Ivanti has patched multiple critical vulnerabilities in its Connect Secure and CSA products.

🔗 Don't wait—explore the critical details and ensure your systems are secure: https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html

U.S. has unsealed charges against a Chinese hacker for exploiting a zero-day #vulnerability in 81,000 Sophos firewalls, enabling the infiltration of critical systems, the theft of sensitive data, and targeting U.S. infrastructure.

Learn more: https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

💻 Microsoft’s final Patch Tuesday of 2024 fixed 72 vulnerabilities, including one actively exploited in the wild: CVE-2024-49138.

Ensure your systems are updated now.

🔗 Read more: https://thehackernews.com/2024/12/microsoft-fixes-72-flaws-including.html

Discover how Zero Trust, immutable backups, and encryption can secure Microsoft365—starting with Zero Trust, where every access request is verified.

Learn key strategies to protect your environment.

Read the full article now: https://thehackernews.com/expert-insights/2024/12/5-strategies-to-combat-ransomware-and.html

🚨 A new surveillance tool, EagleMsgSpy, has been exposed as a powerful spyware linked to Chinese police departments, secretly collecting vast data from mobile devices since 2017.

🔗 Read full details here: https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html

⚡ WEBINAR ALERT: SaaS apps are transforming business—but are they secure?

Join KPMG Canada & AppOmni to learn how to protect your data from risks.

Register now: https://thehackernews.uk/saas-appsec-cyber-risk

🔒 ZLoader #malware is back—with a stealthy upgrade. The latest version employs DNS tunneling for encrypted communication, raising the stakes for detection efforts.

This isn’t just an update; ZLoader now includes an interactive shell capable of executing over a dozen commands, a game-changer for #ransomware attacks.

Dive into the details. https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

🚨 A security flaw, dubbed AuthQuake, in Microsoft’s Multi-Factor Authentication (MFA) allowed attackers to bypass protection within an hour – no alerts, no interaction required.

Get the full story here: https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html

🚨 A trusted Windows feature, UI Automation, can be exploited by #malware to bypass EDR detection, execute stealthy commands, and steal data undetected.

🔗 Explore how this attack works: https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html

A Russian state-sponsored group, Secret Blizzard, is leveraging other hackers’ #malware to deploy its tools in Ukraine, raising the stakes in cyber warfare.

Read the full story: https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html

🚨 Operation PowerOFF — Global law enforcement just shut down 27 DDoS-for-hire platforms, dismantling major stresser services used by cybercriminals to disrupt websites.

Over 300 users and 3 admins are under investigation, with arrests made in France and Germany.

Read: https://thehackernews.com/2024/12/europol-dismantles-27-ddos-attack.html

Did you know? Your team could be using dozens of SaaS tools you’re unaware of—right now!

Unapproved apps, duplicate tenants, and risky OAuth grants are just the tip of the iceberg. Discover how Nudge Security is revolutionizing SaaS visibility and governance.

Read more about the solution here: https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html

Critical flaw in Hunk Companion plugin (CVE-2024-11972, CVSS: 9.8) allows attackers to install vulnerable plugins, potentially leading to Remote Code Execution (RCE), SQL Injection, and administrative backdoors.

Over 10,000 WordPress sites are at risk. Learn steps to secure your site now: https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html

[Free] Cloud Risk Self-Assessment Checklist

Ready to secure your cloud? Easily evaluate and uncover cloud risk with this simple checklist to help strengthen your security posture.

Downlod Checklist: https://thn.news/cloud-risk-checklist

🚨 Apple's TCC framework #vulnerability exposed!

A now-patched flaw (CVE-2024-44131) allowed unauthorized apps to access sensitive data like Health info, microphone, and #iCloud backups—without users knowing.

Learn more: https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html

Gamaredon, a Russian-linked hacking group, targets mobile devices with BoneSpy and PlainGnome, #spyware stealing SMS, call logs, location, and photos in former Soviet states.

Find details here: https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html

Over 296,000 Prometheus Node Exporter instances and 40,300 servers are publicly accessible, exposing sensitive credentials and API keys.

Read the full article: https://thehackernews.com/2024/12/296000-prometheus-instances-exposed.html

U.S. DoJ dismantles Rydox marketplace, seizes $225K in cryptocurrency, arrests three Kosovo nationals for selling stolen data and cybercrime tools, impacting 18,000 users.

Read the story: https://thehackernews.com/2024/12/fbi-busts-rydox-marketplace-with-7600.html

🚨 New Malware Alert: PUMAKIT, a #Linux rootkit, employs advanced stealth tactics to evade detection and escalate privileges.

It’s not just hiding files—it’s altering core system behavior while remaining invisible to system tools.

Learn how PUMAKIT operates 👉 https://thehackernews.com/2024/12/new-linux-rootkit-pumakit-uses-advanced.html

🔥 Iranian-linked IOCONTROL malware exploits IoT and OT devices, targeting SCADA systems and fuel infrastructure with advanced evasion tactics like MQTT and DNS-over-HTTPS.

🔗 Learn how this sophisticated malware operates https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html

🚨 U.S. DoJ indicts 14 North Koreans for a $88M IT fraud scheme involving identity theft, extortion, and data breaches. $2.26M seized and a $5M reward announced for tips.

Learn more: https://thehackernews.com/2024/12/doj-indicts-14-north-koreans-for-88m-it.html