🚨 Software supply chain attack alert!

Two popular Python AI library versions, Ultralytics 8.3.41 & 8.3.42, were compromised to deliver cryptocurrency miners.

Read details here: https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html

🚨 A botnet named Socks5Systemz has infected over 85,000 machines worldwide, transforming them into anonymous proxy servers marketed on PROXY[.]AM for as much as $700/month.

Learn more: https://thehackernews.com/2024/12/socks5systemz-botnet-powers-illegal.html

🔑 Identity isn’t enough. Privileged access needs extra layers of security.

From privilege elevation to quantum-safe connections, here are 7 bolt-ons IAMs like Entra ID need now.

Secure your critical sessions. Read more: https://thehackernews.com/2024/12/seven-bolt-ons-to-make-your-entra-id.html

🛑 Researchers uncover DeepSeek’s XSS vulnerability and Anthropic’s Claude’s “ZombAIs” technique, revealing how prompt injection can hijack user accounts and execute malicious commands.

Learn how these attacks work: https://thehackernews.com/2024/12/researchers-uncover-prompt-injection.html

Exabyte-scale data is here, and traditional methods can’t handle the challenges of securing it across multi-cloud environments.

Learn how Sentra’s Data Security Platform helps organizations tackle these challenges.

Read: https://thn.news/sentra-exabyte-data-security

🚨 Black Basta ransomware operators have adopted new social engineering tricks, targeting victims with email bombs and impersonating IT staff on Microsoft Teams.

Click for insights 👉 https://thehackernews.com/2024/12/black-basta-ransomware-evolves-with.html

⚠️ A Russia-linked group, UAC-0185, is ramping up phishing attacks targeting Ukraine's defense forces. These attacks use malware delivered through malicious links, leveraging PowerShell scripts and HTML applications to install remote control tools like MeshAgent, giving attackers full access to compromised systems.

Full details: https://thehackernews.com/2024/12/cert-ua-warns-of-phishing-attacks.html

🚨 90% of modern applications rely on open source software (OSS)—but this innovation comes with a major security price tag. Recent attacks like SolarWinds and Log4j prove just how fragile the supply chain is.

Discover actionable strategies to protect your software supply chain.

Don’t wait for the next attack—read more now: https://thehackernews.com/expert-insights/2024/12/securing-open-source-lessons-from.html

🚨 Cyberattacks are evolving fast! From stealthy zero-day exploits to fileless malware and phishing hosted on trusted platforms, the latest threats demand smarter defenses.

🔍 See how tools like ANYRUN's sandbox expose hidden dangers in real-time.

🌐 Stay ahead—read the full breakdown here: https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html

A suspected China-linked cyber espionage campaign, Operation Digital Eye, targeted major IT service providers in Southern Europe, exploiting Visual Studio Code Remote Tunnels to infiltrate systems.

Learn more: https://thehackernews.com/2024/12/hackers-weaponize-visual-studio-code.html

Belgian and Dutch authorities have arrested 8 suspects linked to a massive phishing scam that stole millions. The gang used fake banking calls and phishing links to con victims, with some even posing as police at victims' doorsteps.

Full story: https://thehackernews.com/2024/12/phone-phishing-gang-busted-eight.html

The Georgetown Master's in Cybersecurity Risk Management covers business, law, computer science, and organizational change.

Learn more: https://thn.news/georgetown-masters-cyber-risk-ig

🚨 Sophisticated mobile phishing campaign uncovered! Attackers are distributing the updated Antidot banking trojan, now called AppLite Banker, targeting unsuspecting job seekers.

Learn how this threat operates and what measures to take: https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html

A critical vulnerability (CVE-2024-50623) in Cleo's file transfer software is under active, widespread exploitation—affecting fully patched systems.

The flaw allows unauthenticated remote code execution through unrestricted file uploads, enabling attackers to execute arbitrary code.

Over 4,200 organizations use Cleo software globally—this is a major security concern for logistics, consumer products, and more.

Get critical insights: https://thehackernews.com/2024/12/cleo-file-transfer-vulnerability-under.html

🤖 Traditional pentesting is falling behind. Cyberattacks happen daily—automation ensures your defenses are always ready, not just once a year.

Automated pentesting delivers frequent, accurate, and cost-efficient assessments, ensuring real-time visibility into your vulnerabilities.

Discover how automation is changing the game: https://thehackernews.com/2024/12/the-future-of-network-security.html

🔥 Critical Security Alert! Ivanti uncovers a CVSS 10.0-rated vulnerability allowing unauthenticated attackers to gain admin access in their Cloud Services Application.

This flaw isn’t alone—Ivanti has patched multiple critical vulnerabilities in its Connect Secure and CSA products.

🔗 Don't wait—explore the critical details and ensure your systems are secure: https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html

U.S. has unsealed charges against a Chinese hacker for exploiting a zero-day #vulnerability in 81,000 Sophos firewalls, enabling the infiltration of critical systems, the theft of sensitive data, and targeting U.S. infrastructure.

Learn more: https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

💻 Microsoft’s final Patch Tuesday of 2024 fixed 72 vulnerabilities, including one actively exploited in the wild: CVE-2024-49138.

Ensure your systems are updated now.

🔗 Read more: https://thehackernews.com/2024/12/microsoft-fixes-72-flaws-including.html

Discover how Zero Trust, immutable backups, and encryption can secure Microsoft365—starting with Zero Trust, where every access request is verified.

Learn key strategies to protect your environment.

Read the full article now: https://thehackernews.com/expert-insights/2024/12/5-strategies-to-combat-ransomware-and.html

🚨 A new surveillance tool, EagleMsgSpy, has been exposed as a powerful spyware linked to Chinese police departments, secretly collecting vast data from mobile devices since 2017.

🔗 Read full details here: https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html