Password spraying attacks on NetScaler/NetScaler Gateway – December 2024 - https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html 

NodeLoader Exposed: The Node.js Malware Evading Detection - https://www.zscaler.com/blogs/security-research/nodeloader-exposed-node-js-malware-evading-detection 

Clop ransomware claims responsibility for Cleo data theft attacks - https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/ 

New Yokai Side-loaded Backdoor Targets Thai Officials - https://www.netskope.com/blog/new-yokai-side-loaded-backdoor-targets-thai-officials 

Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials - https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/ 

Declawing PUMAKIT - https://www.elastic.co/security-labs/declawing-pumakit#stage-2-memory-resident-executables-overview 

CVE-2024-49071 - Windows Defender Information Disclosure Vulnerability - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49071 

CVE-2024-49147 - Vulnerabilidade de elevação de privilégio do Catálogo do Microsoft Update - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49147 

Careto is back: what’s new after 10 years of silence? - https://securelist.com/careto-is-back/114942/ 

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine - https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/ 

Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus - https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware 

Likely China-based Attackers Target High-profile Organizations in Southeast Asia - https://www.security.com/threat-intelligence/china-southeast-asia-espionage 

Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation - https://www.akamai.com/blog/security-research/2024-december-windows-ui-automation-attack-technique-evades-edr 

Atualizações de Segurança de dezembro de 2024 - https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec 

December Security Update - https://www.ivanti.com/blog/december-security-update 

SAP Security Patch Day – December 2024 - https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2024.html 

CISA Releases Seven Industrial Control Systems Advisories - https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-releases-seven-industrial-control-systems-advisories 

AppLite: A New AntiDot Variant Targeting Mobile Employee Devices - https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/ 

Inside Zloader’s Latest Trick: DNS Tunneling - https://www.zscaler.com/blogs/security-research/inside-zloader-s-latest-trick-dns-tunneling 

Silent Push Unwraps the AIZ—Aggressive Inventory Zombies—Retail & Crypto Phishing Network Campaign - https://www.silentpush.com/blog/aiz-retail-crypto-phishing/ 

Inside a New OT/IoT Cyberweapon: IOCONTROL - https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol 

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels - https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/ 

黑白通吃：Glutton木马潜伏主流PHP框架，隐秘侵袭长达1年 - https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks/ 

Threat Advisory: Oh No Cleo! Cleo Software Actively Being Exploited in the Wild - https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild

Cleo Product Security Advisory - CVE-2024-50623 - https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory-CVE-2024-50623 

MC LR Router and GoCast unpatched vulnerabilities - https://blog.talosintelligence.com/mc-lr-router-and-gocast-zero-day-vulnerabilities-2/ 

Compromised ultralytics PyPI package delivers crypto coinminer - https://www.reversinglabs.com/blog/compromised-ultralytics-pypi-package-delivers-crypto-coinminer 

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/ 

URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it - https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html 

New Windows zero-day exposes NTLM credentials, gets unofficial patch - https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/ 

BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure - https://go.recordedfuture.com/hubfs/reports/cta-ru-2024-1205.pdf 

Mitel Product Security Advisory MISA-2024-0029 MiCollab Path Traversal Vulnerability - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 

Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ 

U.S. Organization in China Targeted by Attackers - https://www.security.com/threat-intelligence/us-china-espionage 

Something to Remember Us By Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed - https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/ 

Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120 

Exploit released for critical WhatsUp Gold RCE flaw, patch now - https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-whatsup-gold-rce-flaw-patch-now/ 

Veeam Service Provider Console Vulnerabilities (CVE-2024-42448 | CVE-2024-42449) - https://www.veeam.com/kb4679 

Enhanced Visibility and Hardening Guidance for Communications Infrastructure - https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure 

SmokeLoader Attack Targets Companies in Taiwan - https://www.fortinet.com/blog/threat-research/sophisticated-attack-targets-taiwan-with-smokeloader 

Unveiling RevC2 and Venom Loader - https://www.zscaler.com/blogs/security-research/unveiling-revc2-and-venom-loader 

Gafgyt Malware Targeting Docker Remote API Servers - https://www.trendmicro.com/en_us/research/24/l/gafgyt-malware-targeting-docker-remote-api-servers.html