CVSS alone isn’t enough! Security teams need a smarter way to prioritize vulnerabilities.

EPSS predicts exploitation risk within 30 days, helping teams focus on real threats.

Learn how this model can sharpen your risk mitigation strategies: https://thehackernews.com/2024/09/epss-vs-cvss-whats-best-approach-to.html

A newly disclosed #vulnerability in NVIDIA Container Toolkit (CVSS 9.0) could allow attackers to escape containers and gain full access to the underlying host.

Find details here: https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html

Ensure you're running v1.16.2 to mitigate the risk.

U.S. and Dutch authorities have sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, for facilitating the laundering of illicit funds linked to cybercrime, ransomware, and fraud shops.

Learn more: https://thehackernews.com/2024/09/us-sanctions-two-crypto-exchanges-for.html

🔧 Legacy SIEM systems are failing to keep up with the modern threat landscape—too many alerts, not enough time.

Learn about a fresh approach to tackling legacy SIEM challenges in our upcoming ⚡ webinar.

Save your spot now: https://thehackernews.com/2024/09/overloaded-with-siem-alerts-discover.html

⚠️ HTML smuggling is delivering DCRat malware, bypassing traditional security controls by embedding malicious payloads in HTML files. This advanced technique poses a global threat to unsuspecting users.

Read: https://thehackernews.com/2024/09/new-html-smuggling-campaign-delivers.html

🔐 Learn how weak credentials and over-privileged accounts are being exploited in the latest Storm-0501 #ransomware attacks targeting hybrid cloud infrastructures.

Read details here > https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html

🚨 New CUPS vulnerabilities in Linux allow attackers to execute remote commands via print jobs! Affected systems include Debian, Fedora, RHEL.

Find details of CVE-2024-47176 here: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html

Disable ‘cups-browsed’ & block UDP port 631 until patches arrive.

🚀 Cybersecurity certifications are becoming essential for professionals to stand out in the competitive job market. With 37% of certified pros seeing salary boosts, they’re a smart career & financial investment.

Stay ahead—explore certifications: https://thehackernews.com/2024/09/cybersecurity-certifications-gateway-to.html

Ransomware attackers are using human-driven intrusions that mimic normal user behavior, making detection harder. Penetration testing, combining human expertise and automation, helps identify vulnerabilities before attackers strike.

Learn more: https://thehackernews.com/2024/09/how-to-plan-and-prepare-for-penetration.html

⚠️ Progress Software has released critical updates to patch six vulnerabilities in WhatsUp Gold, two of which carry a CVSS score of 9.8. Patch your systems before attackers exploit these flaws.

Read: https://thehackernews.com/2024/09/progress-software-releases-patches-for.html

Three Iranian hackers linked to the IRGC are accused of targeting U.S. officials and political campaigns using spear-phishing and social engineering.

The U.S. government is offering up to $10M for information leading to their arrest.

Read: https://thehackernews.com/2024/09/us-charges-three-iranian-nationals-for.html

⚡ A fake "WalletConnect" app on Android stole over $70,000 in 💸 cryptocurrency before being pulled from Google Play, with 10,000+ downloads and 150+ victims.

Learn more: https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html

Stay alert and protect your assets from DeFi scams!

Meta faces a €91 million GDPR fine for storing Facebook and Instagram user passwords in plaintext.

Meta failed to report the breach promptly and did not document these incidents correctly—a clear GDPR violation.

Read details: https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html

🚨 Critical vulnerabilities in 6 ATG systems could lead to remote attacks, causing physical damage, environmental hazards, and economic losses.

Gas stations, hospitals, and military bases are at risk, with thousands of ATGs exposed online.

https://thehackernews.com/2024/09/critical-flaws-in-tank-gauge-systems.html

Microsoft 365 is a prime #ransomware target, with hackers exploiting weak points to encrypt vital business data. Its widespread use across 400M+ users makes a breach devastating.

Stay protected—implement proactive defense strategies now: https://thehackernews.com/2024/09/why-microsoft-365-protection-reigns-supreme.html

🔑 🚨 Attackers are using modern session hijacking to steal credentials and access sensitive data. Even with MFA, stolen session cookies can bypass defenses and access cloud apps.

Learn what you can do to protect your cloud environments: https://thehackernews.com/2024/09/session-hijacking-20-latest-way-that.html

U.K. national charged for hacking execs’ Microsoft 365 accounts, earning millions through insider trading.

Read details: https://thehackernews.com/2024/10/uk-hacker-charged-in-375-million.html

🚨 This week's #CybersecurityRecap is packed!

From critical CUPS vulnerabilities 🖥️, to Google’s move to Rust reducing Android threats 📉, and Kia cars' security scare 🚗🔐. Plus, Kaspersky’s U.S. exit and mysterious "Noise Storms" 👀.

https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top_30.html

UPDATE: NSO Group responds to Apple's motion to dismiss, agreeing it should be dropped. NSO defends its Pegasus tool as essential for fighting crime in an era of end-to-end encryption (E2EE) and criticizes Apple for not cooperating with law enforcement.

https://thehackernews.com/2024/09/apple-drops-spyware-case-against-nso.html#nso-group-responds

🛑 Researchers uncovered a cryptojacking campaign exploiting Docker API endpoints to join malicious Docker Swarms. Attackers use tools like masscan to find vulnerabilities, spreading malware across Kubernetes & SSH networks.

Details: https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html