In 2024, Web3 security incidents led to losses exceeding $2.36 billion, primarily driven by phishing attacks and private key compromises, with Ethereum being the most affected cryptocurrency.
Microsoft has addressed two critical vulnerabilities in Active Directory Domain Controllers, CVE-2024-49112 and CVE-2024-49113, which pose significant risks of denial-of-service and remote code execution, with a proof-of-concept exploit demonstrating the severity of the latter.
A sophisticated data theft campaign has compromised at least 35 browser extensions, affecting approximately 2.6 million Google Chrome users and exposing sensitive information, including Facebook account details, to attackers.
DoubleClickjacking, a sophisticated cyber threat developed by Paulos Yibelo, exploits double-click sequences to bypass security measures on major websites, increasing the risk of unauthorized account access.
In December 2024, a significant cyberattack by Chinese state-backed hackers targeted multiple offices within the US Treasury Department, exploiting a vulnerability in third-party vendor BeyondTrust to access sensitive information related to US financial sanctions against Chinese organizations.
The US Department of Health and Human Services has announced proposed updates to the HIPAA Security Rule aimed at enhancing protections for electronic protected health information in response to a significant rise in cybersecurity threats and data breaches in the healthcare sector.
