🌊 Attacks using stolen credentials are surging, fueled by the rise in infostealers and the criminal marketplaces dealing in them.



TI feeds can alert you to stolen credentials when they appear for sale, but TI providers have no way to check if the credentials are actually valid or not.



Using Push Security, you can now eliminate the noise and get alerts only when verified credentials belonging to your employees appear on criminal marketplaces.



Push’s browser extension compares stolen credentials from widely-used TI feeds directly against the credentials your employees are actually using ✅



Find out more here 👉 https://thn.news/push-credential-detection

🚨 A new phishing campaign is slipping past email defenses! Corrupted ZIP files and Office documents bypass antivirus and spam filters, landing directly in your inbox.

🚩 Why care? These cleverly crafted files could lead you straight to fake login pages or malware-laden sites. One wrong click could cost your data—or worse.

Read the full breakdown: https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html

🚨 Alert: A critical vulnerability (CVE-2024-10905) in SailPoint's IdentityIQ software exposes sensitive content.

CVSS score? A whopping 10.0—maximum severity.

Affected versions span from 8.2 to 8.4 and earlier, putting countless systems at risk. Static files that should be locked down are now vulnerable to unauthorized access.

Learn more: https://thehackernews.com/2024/12/critical-sailpoint-identityiq.html

🛡️ Veeam users, take note! A critical flaw in the Service Provider Console (CVE-2024-42448) could allow remote code execution (RCE).

CVSS score: 9.9/10—this is as serious as it gets.

🔗 Don't wait, secure your systems today — https://thehackernews.com/2024/12/veeam-issues-patch-for-critical-rce.html

Cybersecurity agencies have issued a coordinated advisory along with an urgent checklist to combat the Salt Typhoon threat—a nation-state group linked to China that has been infiltrating U.S. telecom networks to steal sensitive data.

Dive into the full story: https://thehackernews.com/2024/12/joint-advisory-warns-of-prc-backed.html

A software supply chain attack targeted Solana's popular Solana's web3.js npm library (400,000+ weekly downloads). Malicious versions (1.95.6 and 1.95.7) were designed to steal users' private keys and drain cryptocurrency wallets.

The backdoor was cleverly hidden in the “addToQueue” function, seamlessly blending into legitimate code.

Learn more here 👉 https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html

Check out @anyrun_app's Black Friday specials 🚀

🎁 Get up to 3 sandbox licenses for your team as a gift
🔎 Double your search limit in TI Lookup — #ANYRUN's threat intelligence database — for FREE

Secure your deal before Dec 8 👉 https://thn.news/anyrun-black-friday-tg

Europol has dismantled MATRIX, an invite-only encrypted messaging service used by criminals, intercepting 2.3 million messages tied to drug trafficking, arms deals, and money laundering.

Read the full story: https://thehackernews.com/2024/12/europol-dismantles-criminal-messaging.html

Russia-linked APT group Turla has been hijacking the infrastructure of a Pakistani hacking group to spy on Afghan and Indian government targets by deploying custom #malware, TwoDash and Statuezy.

Learn more: https://thehackernews.com/2024/12/russia-linked-turla-exploits-pakistani.html

🚨 CISA flags ProjectSend, Zyxel and CyberPanel flaws as actively exploited.

One of these enables attackers to bypass authentication and execute arbitrary commands — ransomware campaigns like PSAUX & Helldown are already exploiting it.

Read: https://thehackernews.com/2024/12/cisa-warns-of-active-exploitation-of.html

U.K. National Crime Agency has disrupted Russian money laundering networks, leading to 84 arrests and the seizure of £20 million in cash and #cryptocurrency.

These networks weren’t just about money—they funded Russian espionage and connected to cybercriminal gangs across the globe.

🔗 Read more: https://thehackernews.com/2024/12/nca-busts-russian-crypto-networks.html

MirrorFace, a China-linked group, is deploying the dormant ANEL backdoor—unused since 2018—in a new spear-phishing campaign targeting Japan.

Explore how these tactics are bypassing security measures: https://thehackernews.com/2024/12/anel-and-noopdoor-backdoors-weaponized.html

🚨 Chinese hackers launched a stealthy four-month-long cyberattack targeting a major U.S. organization, harvesting emails and stealing sensitive data.

The attackers exploited Exchange Servers and used advanced tools like FileZilla and PowerShell.

Read the full story 👉 https://thehackernews.com/2024/12/researchers-uncover-4-month-cyberattack.html

🚨 Earth Minotaur is using an advanced toolkit, MOONSHINE, to deploy the DarkNimbus backdoor across Android and Windows devices, targeting vulnerable communities like Tibetans and Uyghurs.

Find details here —https://thehackernews.com/2024/12/hackers-target-uyghurs-and-tibetans.html

🚨 A critical vulnerability (CVE-2024-41713) in Mitel MiCollab could let attackers access sensitive system files and potentially perform unauthorized administrative actions without authentication.

Full details here: https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html

Europol has shut down Manson Market, a notorious marketplace facilitating large-scale online fraud, seizing over 50 servers and arresting two suspects.

Learn more: https://thehackernews.com/2024/12/europol-shuts-down-manson-market-fraud.html

🚨 77 banks and crypto exchanges under attack...

DroidBot, a new Android malware, is wreaking havoc across Europe. This $3,000/month malware-as-a-service disguises itself as popular apps to infiltrate devices.

Discover how this hidden threat operates and which countries are under attack: https://thehackernews.com/2024/12/this-3000-android-trojan-targeting.html

⚠️ Gamaredon threat actor is leveraging Cloudflare Tunnels and DNS fast-fluxing to hide malware delivery systems, targeting Ukrainian entities with GammaDrop malware.

Learn about these advanced tactics: https://thehackernews.com/2024/12/hackers-leveraging-cloudflare-tunnels.html

🚨 New Malware Alert! Passwords, cookies, and more—gone in seconds.

The RevC2 backdoor, part of the More_eggs operation, is now stealing browser data using WebSockets.

Read the full story here: https://thehackernews.com/2024/12/moreeggs-maas-expands-operations-with.html

🚨 New vulnerabilities in MLflow, H2O, PyTorch, and MLeap expose open-source machine learning (ML) tools and AI frameworks to the risk of remote code execution.

Read the full story for more details: https://thehackernews.com/2024/12/researchers-uncover-flaws-in-popular.html