HOT NEWS 2024 NOVEMBER January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(24) November(114) December(126) | HOT NEWS 2026 HOT NEWS 2025 HOT NEWS 2024
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
29.11.24 |
"Operation Undercut"Shows Multifaceted Nature of SDA’s Influence Operations |
OPERATION |
||
|
29.11.24 |
Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. |
PHISHING |
||
|
29.11.24 |
A CWE-78 "Improper Neutralization
of Special Elements used in an OS Command ('OS Command Injection')"
|
CVE |
||
|
28.11.24 |
Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft |
HACKING |
||
|
28.11.24 |
Gaming Engines: An Undetected Playground for Malware Loaders |
LOADER |
||
|
28.11.24 |
An Update on Recent Cyberattacks Targeting the US Wireless Companies |
INCIDENT |
||
|
28.11.24 |
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. |
CVE |
||
|
27.11.24 |
Bootkitty: Analyzing the first UEFI bootkit for Linux |
BOOTKIT |
||
|
27.11.24 |
Attacks by the attack group APT-C-60 using legitimate services |
APT |
||
|
27.11.24 |
Matrix Unleashes A New Widespread DDoS Campaign |
BOTNET |
||
|
26.11.24 |
The Spam protection, Anti-Spam,
FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized
Arbitrary Plugin Installation due to |
CVE |
||
|
26.11.24 |
The Spam protection, Anti-Spam,
FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized
Arbitrary Plugin Installation due to |
CVE |
||
|
26.11.24 |
(CVSS score: 9.8) - A use-after-free vulnerability in Firefox's Animation component (Patched by Mozilla in October 2024) |
CVE |
||
|
26.11.24 |
(CVSS score: 8.8) - A privilege escalation vulnerability in Windows Task Scheduler (Patched by Microsoft in November 2024) |
CVE |
||
|
26.11.24 |
RomCom exploits Firefox and Windows zero days in the wild |
GROUP |
||
|
26.11.24 |
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries |
RAT |
||
|
26.11.24 |
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions |
GROUP |
||
|
26.11.24 |
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. |
CVE |
||
|
25.11.24 |
The Dark Side of Domain-Specific Languages: Uncovering New Attack Techniques in OPA and Terraform |
ATTACK |
||
|
25.11.24 |
When Guardians Become Predators: How Malware Corrupts the Protectors |
ROOTKIT |
||
|
23.11.24 |
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON |
GROUP |
||
|
22.11.24 |
Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell |
APT |
||
|
22.11.24 |
Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY |
GROUP |
||
|
22.11.24 |
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike |
GROUP |
||
|
22.11.24 |
Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository. |
STEALER |
||
|
22.11.24 |
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) |
CVE |
||
|
22.11.24 |
CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface |
CVE |
||
|
21.11.24 |
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine |
LINUX BACK. |
||
|
21.11.24 |
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine |
GROUP |
||
|
21.11.24 |
Attacks on Ukraine’s Energy Infrastructure: Harm to the Civilian Population |
MALWARE |
||
|
21.11.24 |
Issue summary: Use of the low-level
GF(2^m) elliptic curve APIs with untrusted explicit values for the field
polynomial can lead to |
CVE |
||
|
21.11.24 |
Python NodeStealer Targets Facebook Ads Manager with New Techniques |
STEALER |
||
|
20.11.24 |
Ghost Tap: New cash-out tactic with NFC Relay |
NFC |
||
|
19.11.24 |
Qualys discovered that needrestart,
before version 3.8, allows local attackers to execute arbitrary code as
root by tricking needrestart into running the |
CVE |
||
|
19.11.24 |
Qualys discovered that needrestart,
before version 3.8, allows local attackers to execute arbitrary code as
root by winning a race condition and tricking |
CVE |
||
|
19.11.24 |
Qualys discovered that needrestart,
before version 3.8, allows local attackers to execute arbitrary code as
root by tricking needrestart into running the |
CVE |
||
|
19.11.24 |
Qualys discovered that needrestart,
before version 3.8, passes unsanitized data to a library (Modules::ScanDeps)
which expects safe input. This could allow |
CVE |
||
|
19.11.24 |
Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector |
GROUP |
||
|
19.11.24 |
(CVSS score: 8.8) - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content |
CVE |
||
|
19.11.24 |
(CVSS score: 6.1) - A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content |
CVE |
||
|
19.11.24 |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). |
CVE |
||
|
19.11.24 |
One Sock Fits All: The use and abuse of the NSOCKS botnet |
BOTNET |
||
|
19.11.24 |
Helldown Ransomware: an overview of this emerging threat |
RANSOMWARE |
||
|
19.11.24 |
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. |
CVE |
||
|
19.11.24 |
Babble Babble Babble Babble Babble Babble BabbleLoader |
LOADER |
||
|
18.11.24 |
The Abuse of ITarian RMM by Dolphin Loader |
LOADER |
||
|
18.11.24 |
LodaRAT: Established Malware, New Victim Patterns |
RAT |
||
|
18.11.24 |
Mr.Skeleton RAT - new malware based on the njRAT code |
RAT |
||
|
18.11.24 |
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. |
CVE |
||
|
16.11.24 |
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) |
CVE |
||
|
16.11.24 |
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA |
GROUP |
||
|
16.11.24 |
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA |
STEALER |
||
|
15.11.24 |
Malware Spotlight: A Deep-Dive Analysis of WezRat |
RAT |
||
|
15.11.24 |
New PXA Stealer targets government and education sectors for sensitive information |
STEALER |
||
|
15.11.24 |
PostgreSQL PL/Perl environment variable changes execute arbitrary code |
CVE |
||
|
15.11.24 |
(CVSS score: 9.9) - Palo Alto Networks Expedition OS Command Injection Vulnerability |
CVE |
||
|
15.11.24 |
(CVSS score: 9.3) - Palo Alto Networks Expedition SQL Injection Vulnerability |
CVE |
||
|
14.11.24 |
DNS Predators Hijack Domains to Supply their Attack Infrastructure |
DNS |
||
|
14.11.24 |
Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes |
DOWNLOADER |
||
|
14.11.24 |
CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild |
CVE |
||
|
13.11.24 |
Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity |
GROUP |
||
|
13.11.24 |
Iranian “Dream Job” Campaign 11.24 |
CAMPAIGN |
||
|
13.11.24 |
(CVSS score: 6.5) - Windows NTLM Hash Disclosure Spoofing Vulnerability |
CVE |
||
|
13.11.24 |
(CVSS score: 8.8) - Windows Task Scheduler Elevation of Privilege Vulnerability |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.2), which allows an attacker to impersonate a hub and hijack a device |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.2), which allows an attacker to claim arbitrary unclaimed devices by bypassing the requirement for a serial number |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.2), which allows an attacker to upload arbitrary firmware updates resulting in code execution |
CVE |
||
|
13.11.24 |
(CVSS v4 score: 9.1), which allows an attacker to impersonate a hub and unclaim devices arbitrarily and subsequently exploit other flaws to claim it |
CVE |
||
|
12.11.24 |
(CVSS score: 5.1) - Privilege escalation to NetworkService Account access |
CVE |
||
|
12.11.24 |
(CVSS score: 5.1) - Limited remote code execution with the privilege of a NetworkService Account access |
CVE |
||
|
12.11.24 |
APT Actors Embed Malware within macOS Flutter Applications |
MacOS |
||
|
12.11.24 |
Ymir: new stealthy ransomware in the wild |
STEALER |
||
|
11.11.24 |
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign |
LOADER |
||
|
11.11.24 |
Machine Learning Bug Bonanza – Exploiting ML Services |
AI |
EXPLOIT |
|
|
08.11.24 |
Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave |
BOTNET |
||
|
08.11.24 |
Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT |
RAT |
||
|
08.11.24 |
Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber |
STEALER |
||
|
08.11.24 |
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging |
LINUX |
||
|
08.11.24 |
Android Framework Privilege Escalation Vulnerability |
CVE |
||
|
08.11.24 |
CyberPanel Incorrect Default Permissions Vulnerability |
CVE |
||
|
08.11.24 |
Nostromo nhttpd Directory Traversal Vulnerability |
CVE |
||
|
08.11.24 |
Palo Alto Expedition Missing Authentication Vulnerability |
CVE |
||
|
08.11.24 |
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence |
CRYPTO |
||
|
07.11.24 |
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits |
EXPLOIT |
||
|
07.11.24 |
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency |
TROJAN |
||
|
07.11.24 |
A vulnerability in the web-based
management interface of Cisco Unified Industrial Wireless Software for
Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could |
CVE |
||
|
07.11.24 |
Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2 |
EXPLOIT |
||
|
06.11.24 |
Threat Campaign Spreads Winos4.0 Through Game Application |
TROJAN |
||
|
06.11.24 |
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM |
BANKING |
||
|
05.11.24 |
Improper neutralization of special
elements used in a command ('Command Injection') vulnerability in Task
Manager component in Synology BeePhotos before 1.0.2-10026 and |
CVE |
||
|
05.11.24 |
Typosquat Campaign Targeting npm Developers |
MALWARE |
||
|
05.11.24 |
In shouldHideDocument of
ExternalStorageProvider.java, there is a possible bypass of a file path
filter designed to prevent access to sensitive directories |
CVE |
||
|
04.11.24 |
As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a new variant of a well-known malware |
ANDROID |
||
|
04.11.24 |
(CVSS score: 7.5) - A vulnerability
that an attacker can exploit using /api/create an endpoint to determine
the existence of a file in the server |
CVE |
||
|
04.11.24 |
(CVSS score: 8.2) - An out-of-bounds
read vulnerability that could cause the application to crash by means of
the /api/create endpoint, resulting in a DoS condition |
CVE |
||
|
04.11.24 |
(CVSS score: 7.5) - A vulnerability
that causes resource exhaustion and ultimately a DoS when invoking the /api/create
endpoint repeatedly when passing |
CVE |
||
|
04.11.24 |
(CVSS score: 7.5) - A path
traversal vulnerability in the api/push endpoint that exposes the files
existing on the server and the entire directory structure |
CVE |
||
|
1.11.24 |
A new variant of the Android malware called FakeCall has been observed in the wild. |
|||
|
1.11.24 |
Sauron is a new ransomware variant recently found in the wild.
The malware appends ".sauron" extension to the encrypted files. The ransom
note is dropped in |
|||
|
1.11.24 |
UNC5812 campaigns against Ukraine with Android and Windows malware |
A recent report highlighted activity attributed to a suspected Russian threat actor identified as UNC5812. |
||
|
1.11.24 |
A new campaign delivering the Bumblebee loader has been reported this month. Bumblebee is a highly sophisticated downloader variant discovered initially back in 2022. |
|||
|
1.11.24 |
CVE-2024-40711 is a recently disclosed critical (CVSS score 9.8) deserialization vulnerability affecting the Veeam Backup and Replication software in version 12.1.2.172 or older. |
|||
|
1.11.24 |
A campaign involving a malicious Android app called "Lounge Pass" targeting air travelers at Indian airports has been observed. |
|||
|
1.11.24 |
Adware Campaign uses Fake CAPTCHA to deliver Lumma and Amadey malware |
Threat actors are increasingly using fake CAPTCHA as an initial attack vector. |
||
|
1.11.24 |
TeamTNT targets cloud-native environments in new Cryptojacking campaign |
A new campaign by the cryptojacking group TeamTNT has been reported targeting cloud-native environments for cryptocurrency mining and reselling compromised servers. |
||
|
1.11.24 |
Rekoobe malware found potentially targeting TradingView users |
An open directory has been discovered hosting Rekoobe malware, potentially aimed at targeting TradingView users along with other cyber espionage campaigns. |
||
|
1.11.24 |
Daggerfly targets Taiwanese entities with new CloudScout Toolset |
China-linked threat actor Daggerfly (also known as Evasive
Panda) has been reported targeting a government entity and a religious
organization in Taiwan with a previously |
||
|
1.11.24 |
Daggerfly targets Taiwanese entities with new CloudScout Toolset |
Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. |
||
|
1.11.24 |
Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. |
|||
|
1.11.24 |
A researcher recently identified a multi-stage cyberattack targeting the healthcare industry, initiated through a ZIP file containing a malicious shortcut (.lnk) file, likely spread via phishing emails. |
|||
|
1.11.24 |
Even before making Recall available to customers, we have
heard a clear signal that we can make it easier for people to choose to
enable Recall on their Copilot+ PC a |
SECURITY |
SECURITY |
|
|
1.11.24 |
Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit |
PHISHING KIT |
||
|
1.11.24 |
In May 2024, ThreatFabric published a report about LightSpy for macOS. During that investigation, we discovered that the threat actor was using the same server for both macOS and iOS campaigns. |
iOS |
||
|
1.11.24 |
Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin |
This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update the plugin to at least version 6.5.2. |
VULNEREBILITY |
|