Author: TheHackerNews

3 Actively Exploited Zero-Day Flaws Patched in Microsoft’s Latest Security Update
Summary: Microsoft has released patches for 161 security vulnerabilities, including three actively exploited zero-days, marking the largest monthly update since 2017. Among the critical flaws, several could allow attackers to execute remote code or gain elevated privileges on affected systems.

Threat Actor: Unknown | unknown Victim: Microsoft Users | Microsoft Users

Key Point :

Microsoft addressed 161 vulnerabilities, including 11 rated Critical and 149 Important.…
Read More
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Summary: Recent research reveals a vulnerability in Google’s “Sign in with Google” authentication that allows unauthorized access to sensitive data by exploiting domain ownership changes. This flaw could potentially endanger millions of users’ data linked to defunct startups.

Threat Actor: Unknown | unknown Victim: Millions of users | millions of users

Key Point :

The vulnerability allows attackers to access accounts of former employees by purchasing defunct domains.…
Read More
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Summary: Microsoft has revealed a security vulnerability in Apple macOS that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. The flaw, identified as CVE-2024-44243, has been patched in macOS Sequoia 15.2.

Threat Actor: Unknown | unknown Victim: Apple | Apple

Key Point :

The vulnerability allows attackers running as “root” to bypass SIP protections.…
Read More
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Summary: The increasing prevalence of SaaS applications introduces significant identity, data security, and third-party risks, which are exacerbated by SaaS sprawl. Organizations must prioritize securing their SaaS attack surface in 2025 to mitigate these vulnerabilities effectively.

Threat Actor: Cybercriminals | cybercriminals Victim: Organizations using SaaS | organizations using SaaS

Key Point :

Modern work heavily relies on SaaS, leading to rapid account creation and an expanded attack surface.…
Read More
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
Summary: A new cyber campaign has targeted Fortinet FortiGate firewall devices with exposed management interfaces, leading to unauthorized access and configuration changes. The attackers exploited vulnerabilities to create new accounts and establish SSL VPN access for lateral movement within compromised networks.

Threat Actor: Unknown | unknown Victim: Various organizations | various organizations

Key Point :

The campaign began in mid-November 2024, with attackers gaining unauthorized access to firewall management interfaces.…
Read More
Illicit HuiOne Telegram Market Surpasses Hydra, Hits Billion in Crypto Transactions
Summary: HuiOne Guarantee has emerged as the largest online illicit marketplace, surpassing Hydra with over $24 billion in cryptocurrency transactions. The platform is linked to various criminal activities, including money laundering and human trafficking, and has connections to organized crime groups globally.

Threat Actor: HuiOne Guarantee | HuiOne Guarantee Victim: Global online users | online users

Key Point :

HuiOne Guarantee has received at least $24 billion in cryptocurrency, significantly more than the defunct Hydra marketplace.…
Read More
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
Summary: The U.S. CISA has added a medium-severity vulnerability (CVE-2024-12686) affecting BeyondTrust products to its Known Exploited Vulnerabilities catalog, highlighting active exploitation in the wild. This follows the discovery of another critical flaw (CVE-2024-12356) that could lead to arbitrary command execution, both linked to a cyber incident involving a compromised API key.…
Read More
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
Summary: A critical security flaw in the Aviatrix Controller cloud networking platform, identified as CVE-2024-50603, is being actively exploited to deploy backdoors and cryptocurrency miners. The vulnerability allows for unauthenticated remote code execution, posing significant risks to cloud environments.

Threat Actor: Unknown | unknown Victim: Cloud enterprises | cloud enterprises

Key Point :

The vulnerability has a CVSS score of 10.0, indicating maximum severity.…
Read More
Ransomware on ESXi: The mechanization of virtualized attacks
Summary: In 2024, ransomware attacks on VMware ESXi servers surged, with average ransom demands reaching $5 million, primarily driven by variants of Babuk ransomware. The attacks exploit vulnerabilities in the vCenter server architecture, necessitating urgent security enhancements for organizations.

Threat Actor: Ransomware Groups | Babuk Victim: Organizations using VMware ESXi | VMware ESXi

Key Point :

Ransomware attacks on ESXi servers are increasingly targeting critical file types, including VMDK, VMEM, VSWP, and VMSN files.…
Read More
âš¡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Summary: This week’s cybersecurity recap highlights critical vulnerabilities, ongoing exploits, and legal actions against threat actors, emphasizing the importance of proactive security measures. Staying informed about these threats and implementing protective strategies is essential for individuals and organizations alike.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

A critical vulnerability in Ivanti Connect Secure appliances has been exploited as a zero-day, allowing for remote code execution.…
Read More
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
Summary: A cybersecurity operation by watchTowr Labs has successfully hijacked over 4,000 unique web backdoors by taking control of abandoned domains, allowing them to track compromised systems and potentially commandeer them. This initiative highlights vulnerabilities in the infrastructure used by various threat actors, revealing significant oversight in their operations.…
Read More
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Summary: Cybersecurity researchers have identified a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into database tables, allowing attackers to capture sensitive payment information. This campaign also includes phishing tactics and novel techniques to exploit Web3 wallet features for cryptocurrency theft.…
Read More
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
Summary: The U.S. Department of Justice has indicted three Russian nationals for their roles in operating cryptocurrency mixing services Blender.io and Sinbad.io, which were allegedly used for laundering criminal funds. The mixers facilitated transactions that obscured the origins of funds linked to various cyber crimes, including ransomware and wire fraud.…
Read More
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Summary: Cybersecurity researchers have identified a new AI-assisted ransomware group called FunkSec, which has targeted over 85 victims since its emergence in late 2024. The group employs double extortion tactics and operates under a ransomware-as-a-service model, with connections to hacktivist activities.

Threat Actor: FunkSec | FunkSec Victim: Various organizations | various organizations

Key Point :

FunkSec uses double extortion tactics, combining data theft with encryption to pressure victims.…
Read More
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Summary: The China-nexus RedDelta threat actor has targeted multiple Southeast Asian countries to deploy a customized version of the PlugX backdoor, utilizing various social engineering tactics. Their activities, which include sophisticated infection chains and the use of legitimate services for command-and-control, reflect a strategic focus on government entities in the region.…
Read More
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Summary: A high-severity security flaw in the Monkey’s Audio (APE) decoder on Samsung smartphones could allow remote code execution without user interaction. The vulnerability, tracked as CVE-2024-49415, has been patched in December 2024 security updates for affected devices running Android versions 12, 13, and 14.

Threat Actor: Remote attackers | remote attackers Victim: Samsung smartphone users | Samsung smartphone users

Key Point :

The vulnerability allows for arbitrary code execution via specially crafted audio messages sent through Google Messages.…
Read More
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Summary: Elisity offers an innovative identity-based microsegmentation solution that addresses the challenges of traditional segmentation methods, particularly in healthcare and manufacturing sectors. By leveraging existing network infrastructure, it simplifies policy management and enhances security without requiring extensive hardware investments.

Threat Actor: Cybercriminals | cybercriminals Victim: Healthcare Organizations | healthcare organizations

Key Point :

Elisity’s Virtual Edge allows for microsegmentation without new hardware, using lightweight virtual connectors.…
Read More
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
Summary: Palo Alto Networks has released patches for critical vulnerabilities in its Expedition migration tool, including a high-severity SQL injection flaw that could allow authenticated attackers to access sensitive data. Additionally, SonicWall and Securing have also addressed significant security flaws in their respective products.

Threat Actor: (authenticated attacker, unauthenticated attacker) | threat actor Victim: (Palo Alto Networks, SonicWall, Aviatrix) | Palo Alto Networks, SonicWall, Aviatrix

Key Point :

Palo Alto Networks addressed multiple vulnerabilities in its Expedition tool, including SQL injection and XSS flaws.…
Read More