🚨 90% of modern applications rely on open source software (OSS)—but this innovation comes with a major security price tag. Recent attacks like SolarWinds and Log4j prove just how fragile the supply chain is.

Discover actionable strategies to protect your software supply chain.

Don’t wait for the next attack—read more now: https://thehackernews.com/expert-insights/2024/12/securing-open-source-lessons-from.html

🚨 Cyberattacks are evolving fast! From stealthy zero-day exploits to fileless malware and phishing hosted on trusted platforms, the latest threats demand smarter defenses.

🔍 See how tools like ANYRUN's sandbox expose hidden dangers in real-time.

🌐 Stay ahead—read the full breakdown here: https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html

A suspected China-linked cyber espionage campaign, Operation Digital Eye, targeted major IT service providers in Southern Europe, exploiting Visual Studio Code Remote Tunnels to infiltrate systems.

Learn more: https://thehackernews.com/2024/12/hackers-weaponize-visual-studio-code.html

Belgian and Dutch authorities have arrested 8 suspects linked to a massive phishing scam that stole millions. The gang used fake banking calls and phishing links to con victims, with some even posing as police at victims' doorsteps.

Full story: https://thehackernews.com/2024/12/phone-phishing-gang-busted-eight.html

The Georgetown Master's in Cybersecurity Risk Management covers business, law, computer science, and organizational change.

Learn more: https://thn.news/georgetown-masters-cyber-risk-ig

🚨 Sophisticated mobile phishing campaign uncovered! Attackers are distributing the updated Antidot banking trojan, now called AppLite Banker, targeting unsuspecting job seekers.

Learn how this threat operates and what measures to take: https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html

A critical vulnerability (CVE-2024-50623) in Cleo's file transfer software is under active, widespread exploitation—affecting fully patched systems.

The flaw allows unauthenticated remote code execution through unrestricted file uploads, enabling attackers to execute arbitrary code.

Over 4,200 organizations use Cleo software globally—this is a major security concern for logistics, consumer products, and more.

Get critical insights: https://thehackernews.com/2024/12/cleo-file-transfer-vulnerability-under.html

🤖 Traditional pentesting is falling behind. Cyberattacks happen daily—automation ensures your defenses are always ready, not just once a year.

Automated pentesting delivers frequent, accurate, and cost-efficient assessments, ensuring real-time visibility into your vulnerabilities.

Discover how automation is changing the game: https://thehackernews.com/2024/12/the-future-of-network-security.html

🔥 Critical Security Alert! Ivanti uncovers a CVSS 10.0-rated vulnerability allowing unauthenticated attackers to gain admin access in their Cloud Services Application.

This flaw isn’t alone—Ivanti has patched multiple critical vulnerabilities in its Connect Secure and CSA products.

🔗 Don't wait—explore the critical details and ensure your systems are secure: https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html

U.S. has unsealed charges against a Chinese hacker for exploiting a zero-day #vulnerability in 81,000 Sophos firewalls, enabling the infiltration of critical systems, the theft of sensitive data, and targeting U.S. infrastructure.

Learn more: https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

💻 Microsoft’s final Patch Tuesday of 2024 fixed 72 vulnerabilities, including one actively exploited in the wild: CVE-2024-49138.

Ensure your systems are updated now.

🔗 Read more: https://thehackernews.com/2024/12/microsoft-fixes-72-flaws-including.html

Discover how Zero Trust, immutable backups, and encryption can secure Microsoft365—starting with Zero Trust, where every access request is verified.

Learn key strategies to protect your environment.

Read the full article now: https://thehackernews.com/expert-insights/2024/12/5-strategies-to-combat-ransomware-and.html

🚨 A new surveillance tool, EagleMsgSpy, has been exposed as a powerful spyware linked to Chinese police departments, secretly collecting vast data from mobile devices since 2017.

🔗 Read full details here: https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html

⚡ WEBINAR ALERT: SaaS apps are transforming business—but are they secure?

Join KPMG Canada & AppOmni to learn how to protect your data from risks.

Register now: https://thehackernews.uk/saas-appsec-cyber-risk

🔒 ZLoader #malware is back—with a stealthy upgrade. The latest version employs DNS tunneling for encrypted communication, raising the stakes for detection efforts.

This isn’t just an update; ZLoader now includes an interactive shell capable of executing over a dozen commands, a game-changer for #ransomware attacks.

Dive into the details. https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

🚨 A security flaw, dubbed AuthQuake, in Microsoft’s Multi-Factor Authentication (MFA) allowed attackers to bypass protection within an hour – no alerts, no interaction required.

Get the full story here: https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html

🚨 A trusted Windows feature, UI Automation, can be exploited by #malware to bypass EDR detection, execute stealthy commands, and steal data undetected.

🔗 Explore how this attack works: https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html

A Russian state-sponsored group, Secret Blizzard, is leveraging other hackers’ #malware to deploy its tools in Ukraine, raising the stakes in cyber warfare.

Read the full story: https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html

🚨 Operation PowerOFF — Global law enforcement just shut down 27 DDoS-for-hire platforms, dismantling major stresser services used by cybercriminals to disrupt websites.

Over 300 users and 3 admins are under investigation, with arrests made in France and Germany.

Read: https://thehackernews.com/2024/12/europol-dismantles-27-ddos-attack.html

Did you know? Your team could be using dozens of SaaS tools you’re unaware of—right now!

Unapproved apps, duplicate tenants, and risky OAuth grants are just the tip of the iceberg. Discover how Nudge Security is revolutionizing SaaS visibility and governance.

Read more about the solution here: https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html