Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 2, 2025

Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, …


Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 2, 2025

In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud …


Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 2, 2025

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source …


Three Russian-German Nationals Charged with Espionage for Russian Secret Service The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 2, 2025

German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for …


New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 1, 2025

Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been …


Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics The Hacker Newsinfo@thehackernews.com (The Hacker News)
January 1, 2025

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 …


New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy The Hacker Newsinfo@thehackernews.com (The Hacker News)
December 31, 2024

The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such …


Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents The Hacker Newsinfo@thehackernews.com (The Hacker News)
December 30, 2024

The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.  "On December 8, 2024, Treasury …


Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation The Hacker Newsinfo@thehackernews.com (The Hacker News)
December 30, 2024

Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct …


U.S. Army Soldier Arrested in AT&T, Verizon Extortions Krebs on SecurityBrianKrebs
December 30, 2024

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier …