Multi-stage cyberattacks are getting harder to detect and more dangerous than ever. Learn how they trick you into letting your guard down.

Attackers use links, embedded QR codes, and other sneaky methods to steal your credentials.

Learn how to spot these hidden threats: https://thehackernews.com/2024/11/latest-multi-stage-attack-scenarios.html

A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited.

It allows attackers to execute malicious code on vulnerable servers.

Don’t wait for an attack—patch now: https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html

T-Mobile has detected attempted cyber intrusions from an external provider's network—but no sensitive data was accessed.

Find out more: https://thehackernews.com/2024/11/us-telecom-giant-t-mobile-detects.html

Cybercriminals are using Godot Engine, a popular open-source game engine, to spread #malware undetected across Windows, macOS, and Linux devices.

Over 17,000 systems have been infected since June 2024.

Find details here — https://thehackernews.com/2024/11/cybercriminals-exploit-popular-game.html

🚨 A software supply chain attack has been active for over a year on npm.

Researchers discovered a seemingly harmless xmlrpc library that secretly exfiltrated sensitive data and mined cryptocurrency.

👉 Read more: https://thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html

With tools struggling to keep up, AppSec teams are often left overwhelmed. "Shift left" was supposed to be the answer, but the true breakthrough is “shift right.”

Curious about how this change is shaping AppSec?

Learn more in the article: https://thehackernews.com/expert-insights/2024/11/breathing-new-life-into-stagnant-appsec.html

Nearly two dozen security vulnerabilities have been identified in Advantech EKI industrial-grade wireless access point devices, which could allow remote attackers to fully compromise industrial systems

Learn more — https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html

🔓 A 59-year-old man sentenced to 4 years for sharing sensitive corporate and political data with China's Ministry of State Security (MSS).

🔗 Read more: https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html

🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild.

Get the full details — https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html

⚠️ Warning: Rockstar 2FA phishing kit bypasses Microsoft 365 MFA, intercepting credentials and session cookies. MFA is no longer enough.

Learn how this threat works and how to protect your business: https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html

The digital and physical worlds are merging, opening up new opportunities but also creating significant security challenges.

Failing to secure both realms can lead to devastating breaches.

Learn how to protect your business from these evolving threats: https://thehackernews.com/2024/11/protecting-tomorrows-world-shaping.html

Russian hacker Mikhail Matveev, tied to LockBit & Hive ransomware, arrested in Russia. The US had offered a $10M reward for his role in global ransomware attacks.

Learn more: https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html

💰 Operation HAECHI-V, led by INTERPOL and 40 countries, dismantled a massive e-crime syndicate, arresting over 5,500 suspects, seizing $400M in virtual assets, and recovering billions, delivering a strong warning to cybercriminals worldwide.

https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html

🚨 Over a dozen #Android apps on Google Play, downloaded over 8 million times, have been found to carry malware called SpyLoan. These apps prey on vulnerable users seeking quick loans.

These apps don’t just trap users in high-interest loans—they steal personal and financial data, leading to extortion and harassment.

Find out how this global scam operates: https://thehackernews.com/2024/12/8-million-android-users-hit-by-spyloan.html

⚡ WEBINAR ALERT: Hackers are already targeting AI apps while you’re building them. If security isn’t baked in, the costs could be devastating.

Ready to future-proof your AI development? Join the webinar that’s equipping developers and tech leaders to secure tomorrow’s innovations, today.

Register Now: https://thehackernews.com/2024/12/a-guide-to-securing-ai-app-development.html

Manufacturing & healthcare sectors are being targeted by SmokeLoader #malware—modular, evasive, and deadly.

With plugins that steal data, mine crypto, and launch DDoS, no system is safe.

Full story here: https://thehackernews.com/2024/12/smokeloader-malware-resurfaces.html

🚨 Over 1,000 victims targeted by the new Horns&Hooves malware campaign.

Using fake emails disguised as customer requests, attackers deploy NetSupport RAT & BurnsRAT, leading to data theft & ransomware risks.

🔗 Read more: https://thehackernews.com/2024/12/horns-campaign-delivers-rats-via-fake.html

📧 Kimsuky, a North Korea-aligned #hacking group, now uses Russian email services like Mail[.]ru to disguise phishing attacks aimed at stealing credentials.

Discover how these campaigns operate: https://thehackernews.com/2024/12/north-korean-kimsuky-hackers-use.html

Researchers have uncovered critical vulnerabilities in Palo Alto Networks and SonicWall VPN clients, which could allow attackers to achieve remote code execution on Windows and macOS systems, install malicious root certificates, and execute privileged commands.

A proof-of-concept tool, NachoVPN, has been released.

🔗 Read more: https://thehackernews.com/2024/12/nachovpn-tool-exploits-flaws-in-popular.html

Cybersecurity is moving beyond 'castle & moat' defenses. Modern threats target critical systems—lights, water, cities—raising stakes to safety & national security.

Legacy OT systems need modern solutions like PAM & Zero Trust to stay secure.

Learn more: https://thehackernews.com/expert-insights/2024/11/beyond-castle-walls-operational.html

A 10-year-old flaw in Cisco ASA (CVE-2014-2120) is being actively exploited. This vulnerability allows attackers to execute XSS attacks remotely.

If your Cisco ASA isn't updated, you could be the next target.

Learn more: https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html