⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.

An uploaded file could turn into malicious JSP code—resulting in remote code execution.

» Affected Versions: Tomcat 9.0.0-M1 to 11.0.1
» Java users: Incorrect configurations = higher risk.
» Severity? CVE-2024-50379 scored a 9.8 on CVSS!

Details here 👉 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

🚨 CISA has added a high-severity vulnerability in USAHERDS (CVE-2021-44207) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw has an 8.1 CVSS score and allows attackers to execute arbitrary code on affected servers.

Learn more: https://thehackernews.com/2024/12/cisa-adds-acclaim-usaherds.html

🔒 $308M stolen in a daring crypto heist targeting DMM Bitcoin. North Korean hackers used social engineering and malware to exploit insider access.

👉 Learn More: https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html

🚨 Charming Kitten strikes again! Iranian hackers deploy a new C++ variant of the infamous BellaCiao malware, targeting machines across Asia.

Learn how BellaCPP operates and prepare your team for emerging threats: https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html

⚠️ Apache Traffic Control users—an SQL injection flaw (CVE-2024-45387) has been found, enabling attackers to execute commands directly in your database.

This flaw is easily exploitable by sending a specially crafted PUT request.

🔧 How to act now:
» Update to version 8.0.2 ASAP.
» Audit access permissions for high-risk roles.
» Double-check database configurations for security loopholes.

Read: https://thehackernews.com/2024/12/critical-sql-injection-vulnerability-in.html

A Brazilian hacker faces U.S. charges for extorting $3.2M in Bitcoin after stealing confidential data from 300,000 customers.

Learn more: https://thehackernews.com/2024/12/brazilian-hacker-charged-for-extorting.html

🚨 A critical CVE-2024-52046 vulnerability in Apache MINA, scoring a perfect CVSS 10.0, could enable remote code execution.

The flaw lies in Java’s deserialization protocol, leaving systems wide open to attack if improperly secured.

Read now: https://thehackernews.com/2024/12/apache-mina-cve-2024-52046-cvss-100.html

🔒 When Devices Turn Against You!

Two dangerous botnets—FICORA and CAPSAICIN—are hijacking vulnerable D-Link routers through known weaknesses.

⚠️ Attack methods include brute force, shell execution, and 12+ DDoS variations.

See how to patch vulnerabilities and prevent attacks here: https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html

🔥 CVE-2024-3393 Alert! A single malicious DNS packet can reboot your Palo Alto firewall and leave your network defenseless.

Important to Know:
» This flaw impacts PAN-OS 10.X & 11.X, including Prisma Access.
» Repeated attacks could force your firewall into maintenance mode.
» Legacy PAN-OS 11.0 users? No fixes—it’s time to upgrade!

⚙️ How to Fix:
» Update to PAN-OS 10.1.14-h8 or later.
» Use workarounds to disable risky logging until upgrades are complete.

Read now: https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html

🛑 Cloud Atlas is deploying VBShower and PowerShower—malware that operates in stages, infiltrating networks and harvesting credentials.

📂 Quick Actions:
✔️ Patch outdated vulnerabilities like CVE-2018-0802 immediately
✔️ Monitor for unusual cloud storage activity
✔️ Deploy advanced monitoring tools for NTFS file changes.
✔️ Conduct phishing simulations to bolster employee awareness.

Find details here: https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html

North Korean hackers are targeting job seekers with a deceptive campaign, deploying a new malware called OtterCookie through fake interview tools.

This new JavaScript malware, is:
» Stealing files and cryptocurrency wallets.
» Communicating directly with attackers via socket(.)io
» Constantly evolving to bypass detection.

🔗 Full Report: https://thehackernews.com/2024/12/north-korean-hackers-deploy-ottercookie.html

⚠️ 15,000+ Four-Faith routers are exposed, with attackers actively exploiting a command injection flaw (CVE-2024-12856).

1️⃣ Attackers execute commands remotely via the adj_time_year parameter.
2️⃣ Reverse shells enable hackers to stay hidden and in control.

Read: https://thehackernews.com/2024/12/15000-four-faith-routers-exposed-to-new.html

🛑 600,000+ users impacted! A widespread campaign compromised 16+ extensions, including tools for AI and VPNs, using phishing and malicious code injection.

Learn more: https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html

What if your password manager or note-taking tool became a hacker’s entry point? Recent attacks on Chrome Store extensions reveal just how exposed your organization might be.

❓ Why It Matters:
» Browser extensions are a silent threat—granted access to sensitive data like cookies and identities.
» Credential theft can lead to organizational data breaches and compliance nightmares.

💡Key Takeaways:
» Limit user-installed extensions.
» Implement risk-based policies to block risky permissions.
» Stay updated on the latest threats.

🔗 Check out this guide to learn how: https://thehackernews.com/2024/12/when-good-extensions-go-bad-takeaways.html

🚨 Are hospitals prepared for the next big cyber attack? The HHS proposes new HIPAA updates to safeguard patient data and critical systems.

👉Proposed Solutions:
💾 Encrypt sensitive data everywhere
📊 Map assets and identify vulnerabilities
⏱ Set recovery protocols within 72 hours

Read more: https://thehackernews.com/2024/12/new-hipaa-rules-mandate-72-hour-data.html

🛑 Three flaws in Microsoft Azure's Apache Airflow integration could have let attackers:

🚩 Gain shadow admin access to Kubernetes clusters
🕵️‍♂️ Exfiltrate sensitive data
🎯 Deploy undetected malware

🔒 These misconfigurations allow attackers to tamper with logs, deploy privileged pods, and burrow deeper into cloud environments—all under the radar.

📖 Learn more: https://thehackernews.com/2024/12/misconfigured-kubernetes-rbac-in-azure.html

🚨 Suspected Chinese state-sponsored hackers breached the U.S. Treasury via a compromised API key from BeyondTrust, a third-party vendor.

💡 Here’s what happened:
» Attackers gained access to a key securing BeyondTrust’s cloud-based remote support service.
» They bypassed security to remotely access Treasury workstations and unclassified documents.
» CVE-2024-12356, a critical vulnerability (CVSS 9.8), was actively exploited.

➡️ Read More: https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html

🔒 Department of Justice has finalized a rule blocking bulk transfers of Americans’ sensitive personal data to adversarial nations like China, Russia, and North Korea.

» Data like Social Security numbers, geolocation, biometrics, and health information is now protected.
» These countries have used such data for espionage, AI development, and suppressing freedoms.

Read full story here 👉 https://thehackernews.com/2024/12/new-us-doj-rule-halts-bulk-data.html

The U.S. Treasury just sanctioned two major entities—one Iranian and one Russian—for meddling in the 2024 presidential election through AI-powered disinformation campaigns.

Here’s what they did:
🛠️ Created deepfakes and synthetic content using AI.
🌐 Built a network of 100+ fake news sites to spread misinformation.
💰 Backed by intelligence agencies like Iran's IRGC and Russia's GRU.

Learn the latest tactics 👉 https://thehackernews.com/2025/01/iranian-and-russian-entities-sanctioned.html

⚠️ Click. Click. Hacked?

DoubleClickjacking: A new clickjacking variant that stealthily exploits timing gaps between clicks to hijack accounts.

This attack bypasses protections like X-Frame-Options and SameSite cookies.

Read the article: https://thehackernews.com/2025/01/new-doubleclickjacking-exploit-bypasses.html