A major #vulnerability (CVE-2024-47374) in the LiteSpeed Cache WordPress plugin could allow attackers to execute arbitrary #JavaScript and hijack accounts.

Find details here: https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html

Patch now to protect your site.

The largest-ever DDoS attack just occurred—3.8 Tbps in just 65 seconds!

Is your CPU capacity prepared to filter massive attack traffic? Attackers leveraged compromised ASUS routers, a serious reminder to address CVE-2024-3080 now.

Read: https://thehackernews.com/2024/10/cloudflare-thwarts-largest-ever-38-tbps.html

The U.S. Department of Justice and #Microsoft have seized 107 domains used by Russia-linked COLDRIVER hackers to launch phishing attacks, frequently targeting experts in Russian affairs, #privacy advocates, and intelligence officials.

Read: https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html

Continuous Threat Exposure Management (CTEM) enables continuous protection by helping you prioritize threats with real-time data.

🔗Learn how CTEM fits into your cybersecurity framework: https://thehackernews.com/2024/10/how-to-get-going-with-ctem-when-you.html

Apple has released critical iOS and iPadOS updates addressing a vulnerability (CVE-2024-44204) that could expose your passwords via VoiceOver technology.

Read: https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html

iPhone XS and later, plus iPads from the Pro, Air, and Mini series, are impacted.

Meta hit hard as Europe’s top court restricts #Facebook’s use of personal data for targeted ads, even with user consent.

Read > https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html

This ruling pushes all companies to adopt more transparent, privacy-first data practices.

🚨 Just dropped the latest Cybersecurity Recap newsletter! Dive into:

—Record-breaking DDoS attacks 🌐
—Evil Corp & LockBit takedowns 🕵️‍♂️
—New North Korean malware 🦠
—700K+ routers vulnerable to attack 🚨

Read: https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats-and.html

Stay secure, stay informed!

🔐 Google will soon block unsafe #Android sideloading in India, targeting apps that abuse sensitive permissions.

Learn more: https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html

The pilot has already stopped nearly 900,000 high-risk installs in Southeast Asia, making it a vital fraud protection tool.

A critical security flaw in Apache Avro SDK (CVE-2024-47561) threatens large-scale data processing systems.

Ensure your systems are patched to avoid arbitrary code execution risks.

Details here: https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html

Meet Gorilla, a new Mirai-based botnet issuing 300,000+ attack commands in just one month.

It exploits an Apache Hadoop vulnerability to control IoT devices and cloud hosts long-term.

Discover more about its capabilities.: https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html

⚠️💸 API vulnerabilities and bot attacks are costing organizations up to $186 billion a year. Learn how to protect your digital infrastructure from these growing threats.

👉 Read more: https://thehackernews.com/2024/10/vulnerable-apis-and-bot-attacks-costing.html

🔐 Qualcomm releases urgent security updates, including a critical patch for CVE-2024-43047—a flaw currently being exploited in the wild.

Learn more 👉 https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html

Qualcomm urges OEMs to deploy the update ASAP.

Ukraine claims a cyber attack on Russian state media VGTRK on Putin’s birthday. While VGTRK downplays damage, reports say hackers wiped servers, including backups—a warning for those relying on basic recovery plans.

Read: https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html

GoldenJackal strikes again—targeting high-profile, air-gapped networks in embassies and government entities with sophisticated #malware like JackalWorm.

Read: https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html

Use of USB drives to exfiltrate data underscores the importance of monitoring offline systems.

⚡ Cyber threat group "Awaken Likho" is targeting Russian government and industrial entities with spear-phishing attacks, disguising malicious files as Word or PDF documents to trick users.

Learn more: https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html

🔑 Discover how AI-powered identity systems, like One Identity’s Vigilance AI™ Threat Engine, are transforming #cybersecurity by detecting behavioral anomalies and preventing credential-based attacks.

Find details here: https://thehackernews.com/2024/10/the-value-of-ai-powered-identity.html

A recent case study shows how a malicious redirect led shoppers to a fake "evil twin" checkout page, stealing their financial info. Learn how quick action saved a retailer from costly damage.

Read: https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html

🎮 Alert: Hackers are tricking GAMERS searching for cheats into downloading Lua-based malware, which stays hidden and delivers payloads like RedLine Stealer.

Learn how it works and how to stay safe: https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html

⚠️ WARNING: Ivanti’s CSA is under attack! Three new zero-day vulnerabilities are being actively exploited in the wild.

These flaws, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, allow attackers to bypass restrictions, execute arbitrary SQL, and gain remote code execution—all with admin privileges.

Find details here: https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html

⚠️ Microsoft warns of cyberattacks abusing OneDrive, SharePoint & Dropbox.

Hackers use “living-off-trusted-sites” (LOTS) to bypass defenses. View-only files trick users into sharing 2FA tokens, leading to BEC & financial fraud.

Learn more: https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html