NonEuclid Remote Access Trojan - https://www.cyfirma.com/research/noneclid-rat/ 

HIGH: Vulnerable POP3 Report - https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-pop3-report/ 

Treasury says Chinese hackers remotely accessed documents in 'major' cyber incident - https://www.npr.org/2024/12/31/nx-s1-5243850/china-hacking-treasury-cyber-security 

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents - https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html 

Beijing denies involvement in US treasury cyber-attack - https://www.theguardian.com/technology/2024/dec/31/beijing-denies-involvement-in-us-treasury-cyber-attack 

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability - https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/ 

Cyberhaven’s Chrome extension security incident and what we’re doing about it - https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it 

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft - https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html 

Inside FireScam : An Information Stealer with Spyware Capabilities - https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/ 

Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild - https://vulncheck.com/blog/four-faith-cve-2024-12856 

Botnets Continue to Target Aging D-Link Vulnerabilities - https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities 

Contagious Interviewが使用する新たなマルウェアOtterCookieについて - https://polite-sea-077fba000.1.azurestaticapps.net/tech_blog/contagious-interview-ottercookie 

CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet - https://security.paloaltonetworks.com/CVE-2024-3393 

Security updates available for Adobe ColdFusion | APSB24-107 - https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html 

[SECURITY] CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet - CVE-2024-50379 mitigation was incomplete - https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp 

CVE-2024-45387: Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments - https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr 

Analyzing Malicious Intent in Python Code: A Case Study - https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code 

Cloud Atlas seen using a new tool in its attacks - https://securelist.com/cloud-atlas-attacks-with-new-backdoor-vbcloud/115103/ 

Sophos discloses critical Firewall remote code execution flaw - https://www.bleepingcomputer.com/news/security/sophos-discloses-critical-firewall-remote-code-execution-flaw/ 

Lazarus group evolves its infection chain with old and new malware - https://securelist.com/lazarus-new-malware/115059/ 

Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript - https://unit42.paloaltonetworks.com/using-llms-obfuscate-malicious-javascript/ 

S2-067 - CVE-2024-53677 - https://cwiki.apache.org/confluence/display/WW/S2-067 

New critical Apache Struts flaw exploited to find vulnerable servers - https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/ 

2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged - https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US 

Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs - https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats 

Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks - https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html 

TAG Bulletin: Q4 2024 - https://blog.google/threat-analysis-group/tag-bulletin-q4-2024/ 

Effective Phishing Campaign Targeting European Companies and Institutions - https://unit42.paloaltonetworks.com/european-phishing-campaign/ 

BADBOX Botnet Is Back - https://www.bitsight.com/blog/badbox-botnet-back 

ESET Threat Report H2 2024 - https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/

“DeceptionAds” - Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising - https://labs.guard.io/deceptionads-fake-captcha-driving-infostealer-infections-and-a-glimpse-to-the-dark-side-of-0c516f4dc0b6

CoinLurker: The Stealer Powering the Next Generation of Fake Updates - https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Technical Analysis of RiseLoader - https://www.zscaler.com/blogs/security-research/technical-analysis-riseloader

Password spraying attacks on NetScaler/NetScaler Gateway – December 2024 - https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html 

NodeLoader Exposed: The Node.js Malware Evading Detection - https://www.zscaler.com/blogs/security-research/nodeloader-exposed-node-js-malware-evading-detection 

Clop ransomware claims responsibility for Cleo data theft attacks - https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/ 

New Yokai Side-loaded Backdoor Targets Thai Officials - https://www.netskope.com/blog/new-yokai-side-loaded-backdoor-targets-thai-officials 

Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials - https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/