North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign The Hacker [email protected] (The Hacker News)
December 27, 2024

North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that …


Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia The Hacker [email protected] (The Hacker News)
December 27, 2024

The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims …


Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately The Hacker [email protected] (The Hacker News)
December 27, 2024

Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS …


FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks The Hacker [email protected] (The Hacker News)
December 27, 2024

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) …


Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization The Hacker [email protected] (The Hacker News)
December 26, 2024

The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific …


Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts The Hacker [email protected] (The Hacker News)
December 26, 2024

A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira, 29, …


Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks The Hacker [email protected] (The Hacker News)
December 25, 2024

Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect …


Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now The Hacker [email protected] (The Hacker News)
December 25, 2024

The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured …


Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware The Hacker [email protected] (The Hacker News)
December 25, 2024

The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version …


Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts The Hacker [email protected] (The Hacker News)
December 24, 2024

Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according …