🛑 Two critical vulnerabilities found in WordPress’s CleanTalk plugin leave sites exposed to malicious attacks and data theft.

This exploit impacts over 200,000 sites—update your CleanTalk plugin ASAP!

Get the full details here: https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html

🚨 New threat alert: Matrix, a lone-wolf hacker, is using IoT devices as a botnet to launch widespread DDoS attack.

Learn how you can secure your systems and prevent similar threats. Full story here: https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html

🔒 INTERPOL’s massive operation across 19 African nations has resulted in over 1,000 arrests and the takedown of 134,000+ malicious networks.

Learn more about how this operation — https://thehackernews.com/2024/11/interpol-busts-african-cybercrime-1006.html

Zero Trust isn’t just a buzzword—it’s a necessity. Zero Trust Network Access (ZTNA) can replace VPNs, reduce lateral movement, and harden existing devices, making them nearly impossible to exploit.

Find out how to get started with Zero Trust for a stronger security posture: https://thehackernews.com/expert-insights/2024/11/defensible-security-architecture-and.html

APT-C-60 strikes again – this time with a targeted attack exploiting the WPS Office vulnerability (CVE-2024-7262) to deploy the SpyGlace backdoor.

Read more about how this advanced attack works: https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html

A new UEFI bootkit called Bootkitty has been discovered, designed specifically for Linux systems—marking a significant shift in the cyber threat landscape.

Read the full analysis — https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

Multi-stage cyberattacks are getting harder to detect and more dangerous than ever. Learn how they trick you into letting your guard down.

Attackers use links, embedded QR codes, and other sneaky methods to steal your credentials.

Learn how to spot these hidden threats: https://thehackernews.com/2024/11/latest-multi-stage-attack-scenarios.html

A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited.

It allows attackers to execute malicious code on vulnerable servers.

Don’t wait for an attack—patch now: https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html

T-Mobile has detected attempted cyber intrusions from an external provider's network—but no sensitive data was accessed.

Find out more: https://thehackernews.com/2024/11/us-telecom-giant-t-mobile-detects.html

Cybercriminals are using Godot Engine, a popular open-source game engine, to spread #malware undetected across Windows, macOS, and Linux devices.

Over 17,000 systems have been infected since June 2024.

Find details here — https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html

🚨 A software supply chain attack has been active for over a year on npm.

Researchers discovered a seemingly harmless xmlrpc library that secretly exfiltrated sensitive data and mined cryptocurrency.

👉 Read more: https://thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html

With tools struggling to keep up, AppSec teams are often left overwhelmed. "Shift left" was supposed to be the answer, but the true breakthrough is “shift right.”

Curious about how this change is shaping AppSec?

Learn more in the article: https://thehackernews.com/expert-insights/2024/11/breathing-new-life-into-stagnant-appsec.html

Nearly two dozen security vulnerabilities have been identified in Advantech EKI industrial-grade wireless access point devices, which could allow remote attackers to fully compromise industrial systems

Learn more — https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html

🔓 A 59-year-old man sentenced to 4 years for sharing sensitive corporate and political data with China's Ministry of State Security (MSS).

🔗 Read more: https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html

🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild.

Get the full details — https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html

⚠️ Warning: Rockstar 2FA phishing kit bypasses Microsoft 365 MFA, intercepting credentials and session cookies. MFA is no longer enough.

Learn how this threat works and how to protect your business: https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html

The digital and physical worlds are merging, opening up new opportunities but also creating significant security challenges.

Failing to secure both realms can lead to devastating breaches.

Learn how to protect your business from these evolving threats: https://thehackernews.com/2024/11/protecting-tomorrows-world-shaping.html

Russian hacker Mikhail Matveev, tied to LockBit & Hive ransomware, arrested in Russia. The US had offered a $10M reward for his role in global ransomware attacks.

Learn more: https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html

💰 Operation HAECHI-V, led by INTERPOL and 40 countries, dismantled a massive e-crime syndicate, arresting over 5,500 suspects, seizing $400M in virtual assets, and recovering billions, delivering a strong warning to cybercriminals worldwide.

https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html

🚨 Over a dozen #Android apps on Google Play, downloaded over 8 million times, have been found to carry malware called SpyLoan. These apps prey on vulnerable users seeking quick loans.

These apps don’t just trap users in high-interest loans—they steal personal and financial data, leading to extortion and harassment.

Find out how this global scam operates: https://thehackernews.com/2024/12/8-million-android-users-hit-by-spyloan.html

⚡ WEBINAR ALERT: Hackers are already targeting AI apps while you’re building them. If security isn’t baked in, the costs could be devastating.

Ready to future-proof your AI development? Join the webinar that’s equipping developers and tech leaders to secure tomorrow’s innovations, today.

Register Now: https://thehackernews.com/2024/12/a-guide-to-securing-ai-app-development.html