⚠️ Ukraine’s CERT-UA uncovers a malware attack targeting military personnel.

Disguised as the Army+ app, this sophisticated attack:

» Exploits Cloudflare Workers and Pages to host fake login pages.
» Tricks users into giving up credentials.
» Installs OpenSSH and steals cryptographic keys via the TOR network.

💡 Even legitimate services are becoming a haven for cybercriminals, raising red flags for CISOs and CTOs.

🔗 Read the full analysis here: https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html

Netflix has been fined €4.75M for violating GDPR by failing to explain how it used customer data like email addresses and payment details between 2018–2020.

Read more: https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html

🔥 Critical Alert: CISA’s new directive, BOD 25-01, sets a new benchmark in cloud security for federal agencies.

Why? Misconfigurations and weak controls are opening doors to attackers.

Key Deadlines:
» By Feb 2025: Identify all cloud tenants
» By Apr 2025: Deploy SCuBA assessment tools
» By Jun 2025: Implement mandatory policies

🔗 Learn how to protect your communications effectively: https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html

🛡️ Regularly update security configurations to reduce your attack surface.

🛑 Fortinet's Wireless LAN Manager (FortiWLM) is vulnerable to a path traversal flaw (CVE-2023-34990) with a 9.6/10 CVSS score.

Why it’s urgent: It allows attackers to...
1️⃣ Access admin accounts using static session IDs.
2️⃣ Execute unauthorized commands by chaining vulnerabilities.
3️⃣ Gain root access to your network in minutes.

🛠️ Patch now:
Affected versions: 8.5.0 to 8.6.5.
Fixed in 8.6.6—update immediately.

Read: https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html

🚨 What if your device unknowingly became a tool for cybercrime? It’s happening now.

Mirai malware strikes Juniper SSR devices, leveraging default passwords to turn them into DDoS attack machines. Over 90% of breached systems had unaltered factory settings.

🔑 Don’t leave the door open. Secure your systems today.

Read the full report: https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html

Threat actors are tricking developers with fake npm packages like typescript-eslint lookalikes, amassing thousands of downloads.

Compromised tools = compromised enterprises. One wrong download could breach your entire development cycle.

🔒 Your move:
✅ Review your dependencies.
✅ Learn how these attacks work.
✅ Build a resilient security strategy.

👉 Read here: https://thehackernews.com/2024/12/thousands-download-malicious-npm.html

🚨 CISA warns of an actively exploited critical flaw (CVE-2024-12356, CVSS: 9.8) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) products.

Attackers can exploit this flaw to run arbitrary commands—no authentication required.

Read: https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html

🛑 Attackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect.

They’ve already targeted companies across 12 countries, leveraging:

» SQL injection for unauthorized access
» Password recovery tools like Mimikatz
» PowerShell scripts for persistence

Don’t just patch vulnerabilities—assume attackers are already inside.

Find details here: https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html

🔔 Alert: Two critical vulnerabilities in Sophos Firewalls could grant attackers remote code execution and privileged access.

🔧 Action Plan:
✔️ Update to v21 MR1 or newer.
✔️ Restrict SSH access immediately.
✔️ Ensure user portals are not WAN-exposed.

🔗 Full advisory here: https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html

The notorious Lazarus Group is targeting nuclear engineers using trojanized VNC tools disguised as job assessments for aerospace roles.

They’ve introduced a new modular malware—CookiePlus—capable of evading top-tier detection systems.

🔗 Explore the full story here: https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html

🔥 A dual Russian-Israeli national charged as the mastermind behind LockBit ransomware—a cyber weapon that caused chaos across 120+ countries and left $500M in illicit profits.

» Targeted hospitals, schools, and critical infrastructure.
» Gained access to systems using custom malware to disable antivirus.
» LockBit is now planning a comeback with version 4.0!

Explore the full story of LockBit’s rise and fall: https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html

🔒 Italy has fined OpenAI €15 Million for violating GDPR.

Key issues:
» Processing user data without legal basis
» Failing to notify users about a 2023 security breach
» No age verification, exposing kids under 13 to risky content

🔗 Full story here: https://thehackernews.com/2024/12/italy-fines-openai-15-million-for.html

🔒 A U.S. judge held NSO Group liable for breaching WhatsApp’s terms of service and misusing its servers to silently deploy Pegasus spyware, targeting 1,400 users within a single month.

Learn more: https://thehackernews.com/2024/12/us-judge-rules-against-nso-group-in.html

🚨 Rockstar2FA, a notorious phishing-as-a-service (PhaaS) toolkit, suffered a major collapse on November 11. In its place, FlowerStorm has emerged as the new threat. These tools exploit legitimate services like Cloudflare Turnstile to bypass detection effortlessly.

📍 Key Targets:
» Sectors: Engineering, real estate, consulting
» Countries: U.S., Canada, UK, Germany, India

If you operate in these industries, you’re already in the crosshairs of attackers. Basic MFA protections are no longer sufficient.

🔗 Full story here: https://thehackernews.com/2024/12/rockstar2fa-collapse-fuels-expansion-of.html

🚨 Top 10 Cybersecurity Trends for 2025: From AI-powered attacks to zero-day threats & supply chain risks, the future of cyber defense is evolving fast. Are you ready?

🔗 Read: https://thehackernews.com/2024/12/top-10-cybersecurity-trends-to-expect.html

👨‍💻 Is AI rewriting cybersecurity rules? Criminals are using LLMs to create natural-looking malware that evades detection.

🛡️ What’s happening:
» 10,000+ malware variants generated at scale.
» 88% trick tools like VirusTotal.
» Detection systems risk degradation over time.

🔗 Learn more: https://thehackernews.com/2024/12/ai-could-generate-10000-malware.html

⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.

An uploaded file could turn into malicious JSP code—resulting in remote code execution.

» Affected Versions: Tomcat 9.0.0-M1 to 11.0.1
» Java users: Incorrect configurations = higher risk.
» Severity? CVE-2024-50379 scored a 9.8 on CVSS!

Details here 👉 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

🚨 CISA has added a high-severity vulnerability in USAHERDS (CVE-2021-44207) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw has an 8.1 CVSS score and allows attackers to execute arbitrary code on affected servers.

Learn more: https://thehackernews.com/2024/12/cisa-adds-acclaim-usaherds.html

🔒 $308M stolen in a daring crypto heist targeting DMM Bitcoin. North Korean hackers used social engineering and malware to exploit insider access.

👉 Learn More: https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html

🚨 Charming Kitten strikes again! Iranian hackers deploy a new C++ variant of the infamous BellaCiao malware, targeting machines across Asia.

Learn how BellaCPP operates and prepare your team for emerging threats: https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html

⚠️ Apache Traffic Control users—an SQL injection flaw (CVE-2024-45387) has been found, enabling attackers to execute commands directly in your database.

This flaw is easily exploitable by sending a specially crafted PUT request.

🔧 How to act now:
» Update to version 8.0.2 ASAP.
» Audit access permissions for high-risk roles.
» Double-check database configurations for security loopholes.

Read: https://thehackernews.com/2024/12/critical-sql-injection-vulnerability-in.html