Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown - Related to major, $65, stealing, 2024,, exploited
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck expressed [website] of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were publicly disclosed.
This marks a slight decrease from 2023's [website], indicating that exploitation attempts can take place at any time in a vulnerability's lifecycle.
"During 2024, 1% of the CVEs ," VulnCheck's Patrick Garrity noted in a study shared with The Hacker News. "This number is expected to grow as exploitation is often discovered long after a CVE is published."
The investigation comes over two months after the business revealed that 15 different Chinese hacking groups out of a total of 60 named threat actors have been linked to the abuse of at least one of the top 15 routinely exploited vulnerabilities in 2023.
"Not surprisingly, the Log4j CVE (CVE-2021-44228) is associated with the most threat actors overall, with 31 named threat actors linked to its exploitation," Garrity noted late last year, adding the organization identified 65,245 hosts potentially vulnerable to the flaw.
In all, there are roughly 400,000 internet-accessible systems likely susceptible to attacks stemming from the exploitation of 15 security shortcomings in Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho products.
"Organizations should evaluate their exposure to these technologies, enhance visibility into potential risks, leverage robust threat intelligence, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing exposure of these devices wherever possible," VulnCheck noted.
Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the [website] have issued...
An insufficient validation input flaw, one of 11 patched in an modification this week, could allow for arb...
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threa...
Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP.
The effort, which took place between January 28 and 30, 2025, targeted the following domains -.
Visitors to these websites are now greeted by a seizure banner that says they were confiscated as part of Operation Talent that involved authorities from Australia, France, Greece, Italy, Romania, Spain, and the United States, along with Europol.
"This website, as well as the information on the consumers and victims of the website, has been seized by international law enforcement partners," the message reads.
Operational since at 2015 and 2018, both Nulled and Cracked have been used to peddle various hack tools, such as ScrubCrypt, a malware obfuscation engine that has been observed delivering stealer malware in the past.
The maintainers of Cracked confirmed the development on their Telegram channel, stating they are "still waiting for the official court documentation."
"A sad day indeed for our community," they added.
, Cracked and Nulled had more than 10 million people in total, acting as underground marketplaces for illegal goods and crimeware solutions, such as stolen data, malware or hacking tools. The websites are estimated to have made €1 million ($[website] million) in profits.
Concurrent to the takedowns, two suspects – a man and a woman, per the National Police of Spain – have been apprehended, seven properties were searched, and 17 servers and over 50 electronic devices were seized. Approximately €300,000 in cash and cryptocurrency were also appropriated.
"Other associated services were also taken down; including a financial processor named Sellix which was used by Cracked, and a hosting service called StarkRDP, which was promoted on both of the platforms and run by the same suspects," Europol noted.
Dismantling cybercrime hubs has been a major focus of law enforcement in recent years, hoping to cripple malicious actors looking to profit off their illicit warez and help even less technically-skilled individuals to carry out attacks at scale.
"These two forums also offered AI-based tools and scripts to automatically scan for security vulnerabilities and optimize attacks," the agency added. "Advanced phishing techniques are frequently developed and shared on these platforms, sometimes employing AI to create more personalised and convincing messages."
The Federal Criminal Police Office (aka Bundeskriminalamt or BKA), in a coordinated announcement, showcased a total of eight people were identified as directly involved in the operation of the criminal services, including two German citizens aged 29 and 32 who reside in the district of Segeberg and Valencia. The other defendants are aged between 21 and 29.
As many as 17 million victims from the United States have been impacted by tools and data sold on Cracked, the Department of Justice (DoJ) noted. Among the products sold was a tool that offered access to "billions of leaked websites," allowing its consumers to search for stolen login credentials.
"Cracked had over four million consumers, listed over 28 million posts advertising cybercrime tools and stolen information, generated approximately $4 million in revenue," the DoJ mentioned, adding "Nulled had over five million consumers, listed over 43 million posts advertising cybercrime tools and stolen information, and generated approximately $1 million in yearly revenue."
The Justice Department has also unsealed charges against one of Nulled's administrators, a 29-year-old Argentinian national residing in Spain named Lucas Sohn, for his role as a facilitator of cybercrime by permitting Nulled's end-customers to complete illicit transactions.
Sohn has been charged with conspiracy to traffic in passwords and similar information through which computers may be accessed without authorization; and conspiracy to solicit another person for the purpose of offering an access device or selling information regarding an access device.
He has also been charged with a conspiracy to possess, transfer, or use a means of identification of another person with the intent to commit or to aid and abet or in connection with any unlawful activity that is a violation of federal law.
If convicted, the defendant faces a maximum penalty of five years in prison for conspiracy to traffic in passwords, 10 years in prison for access device fraud, and 15 years in prison for identity fraud.
(The story was updated after publication to include additional actions taken by the [website] Department of Justice.).
[website] and Dutch law enforcement agencies have unveiled that they have dismantled 39 domains and their associated servers as part of efforts to disrupt......
The [website] Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of h......
Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of informa......
Canadian charged with stealing $65 million using DeFI crypto exploits
The [website] Justice Department has charged a Canadian man with stealing roughly $65 million after exploiting two decentralized finance (DeFI) protocols.
DeFI platforms are blockchain-based systems that facilitate peer-to-peer financial services, eliminating the need for conventional centralized financial intermediaries like banks or brokerages.
These platforms deliver various financial services related to digital assets, enabling their customers to lend, invest, earn interest, and trade assets through smart contracts and decentralized applications (dApps).
As revealed in court documents, 22-year-old Andean Medjedovic allegedly exploited vulnerabilities in the automated smart contracts used by the KyberSwap and Indexed Finance decentralized exchange aggregators and operators of digital token liquidity pools on the Ethereum network.
In total, he drained approximately $[website] million in digital tokens from 77 different KyberSwap Elastic liquidity pools and roughly $[website] million from two Indexed Finance liquidity pools (also known as index pools).
In November 2023, after exploiting KyberSwap, he allegedly attempted to extort victims with a fake settlement proposal, demanding control of the KyberSwap protocol and its decentralized organization in exchange for returning half of the stolen assets.
"Medjedovic borrowed hundreds of millions of dollars in digital tokens, which he used to engage in deceptive trading that he knew would cause the protocols' smart contracts to falsely calculate key variables," the [website] DOJ expressed in a Monday press release.
"Through his deceptive trades, Medjedovic was able to, and ultimately did, withdraw millions of dollars of investor funds from the protocols at artificial prices, rendering the victims' investments essentially worthless."
Medjedovic is also accused of laundering proceeds from his fraudulent operations through transactions that concealed the funds' source by using crypto exchange accounts opened using false identification, a cryptocurrency mixer, and swap and bridging transactions.
He is charged with one count of wire fraud, one count of unauthorized damage to a protected computer, one count of attempted Hobbs Act extortion, one count of conspiracy to commit money laundering, and one count of money laundering.
If found guilty, Medjedovic could face a maximum sentence of 10 years for unauthorized damage to a protected computer and up to 20 years for each of the other charges.
Fake travel reservations are exacting more pain from the travel weary, already dealing with the mise...
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP....
A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his involvement ...
Market Impact Analysis
Market Growth Trend
| 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|
| 8.7% | 10.5% | 11.0% | 12.2% | 12.9% | 13.3% | 13.4% |
Quarterly Growth Rate
| Q1 2024 | Q2 2024 | Q3 2024 | Q4 2024 |
|---|---|---|---|
| 12.5% | 12.9% | 13.2% | 13.4% |
Market Segments and Growth Drivers
| Segment | Market Share | Growth Rate |
|---|---|---|
| Network Security | 26% | 10.8% |
| Cloud Security | 23% | 17.6% |
| Identity Management | 19% | 15.3% |
| Endpoint Security | 17% | 13.9% |
| Other Security Solutions | 15% | 12.4% |
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity:
Competitive Landscape Analysis
| Company | Market Share |
|---|---|
| Palo Alto Networks | 14.2% |
| Cisco Security | 12.8% |
| Crowdstrike | 9.3% |
| Fortinet | 7.6% |
| Microsoft Security | 7.1% |
Future Outlook and Predictions
The Cves Exploited 2024 landscape is evolving rapidly, driven by technological advancements, changing threat vectors, and shifting business requirements. Based on current trends and expert analyses, we can anticipate several significant developments across different time horizons:
Year-by-Year Technology Evolution
Based on current trajectory and expert analyses, we can project the following development timeline:
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity, influencing adoption timelines and investment priorities:
Innovation Trigger
- Generative AI for specialized domains
- Blockchain for supply chain verification
Peak of Inflated Expectations
- Digital twins for business processes
- Quantum-resistant cryptography
Trough of Disillusionment
- Consumer AR/VR applications
- General-purpose blockchain
Slope of Enlightenment
- AI-driven analytics
- Edge computing
Plateau of Productivity
- Cloud infrastructure
- Mobile applications
Technology Evolution Timeline
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
Expert Perspectives
Leading experts in the cyber security sector provide diverse perspectives on how the landscape will evolve over the coming years:
"Technology transformation will continue to accelerate, creating both challenges and opportunities."
— Industry Expert
"Organizations must balance innovation with practical implementation to achieve meaningful results."
— Technology Analyst
"The most successful adopters will focus on business outcomes rather than technology for its own sake."
— Research Director
Areas of Expert Consensus
- Acceleration of Innovation: The pace of technological evolution will continue to increase
- Practical Integration: Focus will shift from proof-of-concept to operational deployment
- Human-Technology Partnership: Most effective implementations will optimize human-machine collaboration
- Regulatory Influence: Regulatory frameworks will increasingly shape technology development
Short-Term Outlook (1-2 Years)
In the immediate future, organizations will focus on implementing and optimizing currently available technologies to address pressing cyber security challenges:
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
These developments will be characterized by incremental improvements to existing frameworks rather than revolutionary changes, with emphasis on practical deployment and measurable outcomes.
Mid-Term Outlook (3-5 Years)
As technologies mature and organizations adapt, more substantial transformations will emerge in how security is approached and implemented:
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
This period will see significant changes in security architecture and operational models, with increasing automation and integration between previously siloed security functions. Organizations will shift from reactive to proactive security postures.
Long-Term Outlook (5+ Years)
Looking further ahead, more fundamental shifts will reshape how cybersecurity is conceptualized and implemented across digital ecosystems:
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
These long-term developments will likely require significant technical breakthroughs, new regulatory frameworks, and evolution in how organizations approach security as a fundamental business function rather than a technical discipline.
Key Risk Factors and Uncertainties
Several critical factors could significantly impact the trajectory of cyber security evolution:
Organizations should monitor these factors closely and develop contingency strategies to mitigate potential negative impacts on technology implementation timelines.
Alternative Future Scenarios
The evolution of technology can follow different paths depending on various factors including regulatory developments, investment trends, technological breakthroughs, and market adoption. We analyze three potential scenarios:
Optimistic Scenario
Rapid adoption of advanced technologies with significant business impact
Key Drivers: Supportive regulatory environment, significant research breakthroughs, strong market incentives, and rapid user adoption.
Probability: 25-30%
Base Case Scenario
Measured implementation with incremental improvements
Key Drivers: Balanced regulatory approach, steady technological progress, and selective implementation based on clear ROI.
Probability: 50-60%
Conservative Scenario
Technical and organizational barriers limiting effective adoption
Key Drivers: Restrictive regulations, technical limitations, implementation challenges, and risk-averse organizational cultures.
Probability: 15-20%
Scenario Comparison Matrix
| Factor | Optimistic | Base Case | Conservative |
|---|---|---|---|
| Implementation Timeline | Accelerated | Steady | Delayed |
| Market Adoption | Widespread | Selective | Limited |
| Technology Evolution | Rapid | Progressive | Incremental |
| Regulatory Environment | Supportive | Balanced | Restrictive |
| Business Impact | Transformative | Significant | Modest |
Transformational Impact
Technology becoming increasingly embedded in all aspects of business operations. This evolution will necessitate significant changes in organizational structures, talent development, and strategic planning processes.
The convergence of multiple technological trends—including artificial intelligence, quantum computing, and ubiquitous connectivity—will create both unprecedented security challenges and innovative defensive capabilities.
Implementation Challenges
Technical complexity and organizational readiness remain key challenges. Organizations will need to develop comprehensive change management strategies to successfully navigate these transitions.
Regulatory uncertainty, particularly around emerging technologies like AI in security applications, will require flexible security architectures that can adapt to evolving compliance requirements.
Key Innovations to Watch
Artificial intelligence, distributed systems, and automation technologies leading innovation. Organizations should monitor these developments closely to maintain competitive advantages and effective security postures.
Strategic investments in research partnerships, technology pilots, and talent development will position forward-thinking organizations to leverage these innovations early in their development cycle.
Technical Glossary
Key technical terms and definitions to help understand the technologies discussed in this article.
Understanding the following technical concepts is essential for grasping the full implications of the security threats and defensive measures discussed in this article. These definitions provide context for both technical and non-technical readers.
platform intermediate
firewall intermediate
zero-day intermediate
Timeline showing vulnerability discovery to patch developmentthreat intelligence intermediate
SOC intermediate
malware beginner
Common malware types and their characteristicsphishing beginner
Anatomy of a typical phishing attackRelated Articles
