HOT NEWS 2024 DECEMER January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(24) November(114) December(126) | HOT NEWS 2026 HOT NEWS 2025 HOT NEWS 2024
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
31.12.24 |
In 24, a malicious actor exploited Uzum's brand in a series of campaigns targeting mobile users in Uzbekistan. |
|||
|
31.12.24 |
A vulnerability has been discovered in Privileged Remote
Access (PRA) and Remote Support (RS) which can allow an attacker with
existing a |
VULNEREBILITY |
||
|
31.12.24 |
A critical vulnerability has been discovered in Privileged
Remote Access (PRA) and Remote Support (RS) products which can allow an |
VULNEREBILITY |
||
|
31.12.24 |
Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration |
VULNEREBILITY |
||
|
30.12.24 |
Ficora and Capsaicin botnets leverage old vulnerabilities for distribution |
According to the researchers from Fortinet, two Linux botnet variants Ficora and Capsaicin have been distributed in recently observed campaigns. |
||
|
28.12.24 |
Skuld Infostealer malware continues to target developers via npm registry |
A malware campaign deploying the Skuld infostealer via the npm registry has been reported, targeting developers with ambiguous packages. |
||
|
28.12.24 |
Gosar is a recently identified Golang-based variant of the Quasar backdoor. |
|||
|
28.12.24 |
Latest XWorm distribution campaign targets the hospitality sector |
A new campaign distributing the XWorm commodity malware has been reported in the wild. |
||
|
28.12.24 |
Recent I2PRAT malware variant leverages anonymous peer-to-peer network communication |
The latest I2PRAT malware variant has been observed to leverage I2P anonymous peer-to-peer network for the purpose of C2 communication. |
||
|
28.12.24 |
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. |
VULNEREBILITY |
||
|
28.12.24 |
OtterCookie, a new malware used by Contagious Interview |
JavaScript |
||
|
28.12.24 |
Cloud Atlas seen using a new tool in its attacks |
GROUP |
||
|
28.12.24 |
CVE-24-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet |
VULNEREBILITY |
||
|
28.12.24 |
Botnets Continue to Target Aging D-Link Vulnerabilities |
BOTNET |
||
|
28.12.24 |
The ObjectSerializationDecoder in Apache MINA uses Java’s
native deserialization protocol to process incoming serialized data but
lacks the necessary |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could allow an attacker to obtain the devices serial number if
physically adjacent |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x uses an inherently dangerous function which could allow an attacker
to send a |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could allow an attacker to subscribe to partial possible topics in
Ruijie MQTT broker, |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x uses weak credential mechanism that could allow an attacker to
easily calculate |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could enable an attacker to correlate a device serial number and the
user's phone |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x contains a feature that could enable attackers to invalidate a
legitimate user's |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x contains a weak mechanism for its users to change their passwords
which leaves |
VULNEREBILITY |
||
|
26.12.24 |
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", |
VULNEREBILITY |
||
|
26.12.24 |
BellaCPP: Discovering a new BellaCiao variant written in C++ |
Malware |
||
|
26.12.24 |
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. |
VULNEREBILITY |
||
|
26.12.24 |
Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability during JSP compilation in Apache Tomcat permits an RCE on case
insensitive |
VULNEREBILITY |
||
|
26.12.24 |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. |
VULNEREBILITY |
||
|
26.12.24 |
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces |
PHAAS |
||
|
22.12.24 |
HeartCrypt was originally discovered through underground forums and reported by security researchers in February and March 24. |
Crypto |
||
|
22.12.24 |
The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD). |
RAT |
||
|
21.12.24 |
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware |
Backdoor |
||
|
21.12.24 |
On Wednesday, December 11, 24, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. |
BOTNET |
||
|
21.12.24 |
ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks. |
HACKING |
||
|
21.12.24 |
(CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 9.8) - Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 10.0) - Nice Linear eMerge E3-Series OS Command Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 9.8) - A pre-auth SQL injection vulnerability in the email protection feature that could lead to remote code execution, |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 9.8) - A weak credentials vulnerability arising from a suggested and non-random SSH login passphrase for High Availability (HA) |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 8.8) - A post-auth code injection vulnerability in the User Portal that allows authenticated users to gain remote code execution. |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 8.8), an authenticated command injection flaw
that has also been fixed in FortiWLM 8.6.6, to obtain remote code execution
in |
VULNEREBILITY |
||
|
21.12.24 |
[FortiWLM] Unauthenticated limited file read vulnerability |
VULNEREBILITY |
||
|
18.12.24 |
Effective Phishing Campaign Targeting European Companies and Organizations |
Phishing |
||
|
18.12.24 |
File upload logic in Apache Struts is flawed. |
VULNEREBILITY |
||
|
18.12.24 |
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks |
APT |
||
|
18.12.24 |
A critical vulnerability has been discovered in Privileged
Remote Access (PRA) and Remote Support (RS) products which can allow an
unauthenticated |
VULNEREBILITY |
||
|
18.12.24 |
Sha zhu pan scam uses AI chat tool to target iPhone and Android users |
SPAM |
||
|
18.12.24 |
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion |
RAT |
||
|
18.12.24 |
Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads |
Backdoor |
||
|
17.12.24 |
Proofpoint observed advanced
persistent threat (APT) TA397 targeting a Turkish defense sector
organization with a lure about public infrastructure |
GROUP |
||
|
17.12.24 |
BITTER APT Targets Chinese Government Agency |
APT |
||
|
17.12.24 |
Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time |
RAT |
||
|
17.12.24 |
Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets |
RAT |
||
|
17.12.24 |
CoinLurker: The Stealer Powering the Next Generation of Fake Updates |
STEALER |
||
|
17.12.24 |
Careto is back: what’s new after 10 years of silence? |
APT |
||
|
17.12.24 |
(CVSS score: 7.4) - Adobe
ColdFusion contains an improper access control vulnerability that could
allow an attacker to access or modify restricted files |
CVE |
||
|
17.12.24 |
(CVSS score: 7.8) - Microsoft
Windows Kernel-Mode Driver contains an untrusted pointer dereference
vulnerability that allows a local attacker to escalate |
CVE |
||
|
17.12.24 |
DrayTek Routers Exploited in Massive Ransomware Campaign: Analysis and Recommendations |
EXPLOIT |
||
|
16.12.24 |
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising |
MALWARETISING |
||
|
16.12.24 |
“A Digital Prison”: Surveillance and the suppression of civil society in Serbia |
ANDROID |
||
|
16.12.24 |
Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals |
BACKDOOR |
||
|
16.12.24 |
New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9 |
BACKDOOR |
||
|
16.12.24 |
BADBOX Botnet Is Back |
BOTNET |
||
|
14.12.24 |
New Yokai Side-loaded Backdoor Targets Thai Officials |
BACKDOOR |
||
|
14.12.24 |
NodeLoader Exposed: The Node.js Malware Evading Detection |
LOADER |
||
|
14.12.24 |
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials |
GROUP |
||
|
13.12.24 |
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. |
CVE |
||
|
13.12.24 |
Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by Iran-affiliated attackers to attack Israel- and U.S.-based OT/IoT devices. |
IoT |
||
|
13.12.24 |
PUMAKIT is a sophisticated loadable
kernel module (LKM) rootkit that employs advanced stealth mechanisms to
hide its presence and maintain communication |
ROOTKIT |
||
|
12.12.24 |
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
ANDROID |
||
|
12.12.24 |
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
ANDROID |
||
|
12.12.24 |
Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. |
APT |
||
|
12.12.24 |
Unauthorized access to iCloud: analyzing an iOS vulnerability that could expose sensitive data to attackers |
CVE |
||
|
12.12.24 |
Unauthorized Plugin Installation/Activation in Hunk Companion |
CVE |
||
|
11.12.24 |
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine |
GROUP |
||
|
11.12.24 |
Upgraded Kazuar Backdoor Offers Stealthy Power |
BACKDOOR |
||
|
11.12.24 |
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation |
HACKING |
||
|
11.12.24 |
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass |
CVE |
||
|
11.12.24 |
Inside Zloader’s Latest Trick: DNS Tunneling |
TROJAN |
||
|
11.12.24 |
Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus |
SPYWARE |
||
|
11.12.24 |
Likely China-based Attackers Target High-profile Organizations in Southeast Asia |
APT |
||
|
11.12.24 |
(CVSS score: 10.0) - An
authentication bypass vulnerability in the admin web console of Ivanti
CSA before 5.0.3 that allows a remote unauthenticated attacker |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - A command
injection vulnerability in the admin web console of Ivanti CSA before
version 5.0.3 that allows a remote authenticated attacker |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - An SQL
injection vulnerability in the admin web console of Ivanti CSA before
version 5.0.3 that allows a remote authenticated attacker |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - An argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4 |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - A command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 |
CVE |
||
|
11.12.24 |
(CVSS score: 8.8) - An insecure permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 |
CVE |
||
|
10.12.24 |
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can |
CVE |
||
|
10.12.24 |
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices |
BANKING |
||
|
10.12.24 |
Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels |
APT |
||
|
10.12.24 |
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers |
APT |
||
|
10.12.24 |
Operation Tainted Love | Chinese APTs Target Telcos in New Attacks |
APT |
||
|
09.12.24 |
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware |
RANSOMWARE |
||
|
09.12.24 |
PROXY.AM Powered by Socks5Systemz Botnet |
BOTNET |
||
|
07.12.24 |
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows |
STEALER |
||
|
06.12.24 |
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples |
MOBILE |
||
|
06.12.24 |
Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats |
AI |
||
|
06.12.24 |
(CVSS score: 7.2) - An insufficient
sanitization issue in MLflow that leads to a cross-site scripting (XSS)
attack when running an untrusted recipe |
CVE |
||
|
06.12.24 |
(CVSS score: 7.5) - An unsafe deserialization issue in H20 when importing an untrusted ML model, potentially resulting in RCE |
CVE |
||
|
06.12.24 |
(CVSS score: 7.5) - A path traversal issue in MLeap when loading a saved model in zipped format can lead to a Zip Slip vulnerability, |
CVE |
||
|
06.12.24 |
Unveiling RevC2 and Venom Loader |
LOADER |
||
|
06.12.24 |
BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure |
DROPPER |
||
|
06.12.24 |
DroidBot: Insights from a new Turkish MaaS fraud operation |
ANDROID |
||
|
06.12.24 |
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) |
CVE |
||
|
05.12.24 |
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks |
EXPLOIT KIT |
||
|
05.12.24 |
Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 24 |
PHISHING |
||
|
05.12.24 |
(CVSS score: 10.0) - An incorrect
default permissions vulnerability that allows for authentication bypass
and the execution of arbitrary |
CVE |
||
|
05.12.24 |
(CVSS score: 7.5) - An improper restriction of XML External Entity (XXE) reference vulnerability that could allow a remote, |
CVE |
||
|
05.12.24 |
(CVSS score: 9.8) - An improper authentication vulnerability that allows a remote, unauthenticated attacker to create accounts, |
CVE |
||
|
05.12.24 |
(CVSS score: 7.5) - A path traversal vulnerability in the web management interface that could allow an attacker to download or |
CVE |
||
|
04.12.24 |
Snowblind: The Invisible Hand of Secret Blizzard |
APT |
||
|
04.12.24 |
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage |
ESPIONAGE |
||
|
04.12.24 |
From the VSPC management agent
machine, under condition that the management agent is authorized on the
server, it is possible to |
CVE |
||
|
04.12.24 |
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, |
CVE |
||
|
04.12.24 |
The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox |
EXPLOIT |
||
|
03.12.24 |
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject |
CVE |
||
|
03.12.24 |
(CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto Networks GlobalProtect for Windows, macOS, |
CVE |
||
|
03.12.24 |
(CVSS score: 7.1) - A vulnerability impacting SonicWall SMA100 NetExtender Windows client that could allow an attacker to execute |
CVE |
||
|
03.12.24 |
Analysis of Kimsuky Threat Actor's Email Phishing Campaign |
APT |
||
|
03.12.24 |
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
RAT |
||
|
03.12.24 |
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
RAT |
||
|
02.12.24 |
SmokeLoader Attack Targets Companies in Taiwan |
LOADER |
||
|
02.12.24 |
SpyLoan: A Global Threat Exploiting Social Engineering |
SPYWARE |