Zyxel has released patches to address four vulnerabilities affecting its firewall, AP controller, and AP products that allow execution of arbitrary operating system commands and theft of selected information.

Read: https://thehackernews.com/2022/05/zyxel-issues-patches-for-4-new-flaws.html

Researchers demonstrate "GhostTouch," a new type of attack that could let attackers use electromagnetic signals to control (tap and swipe) touchscreen devices, including answering an eavesdropping call, swiping up to unlock, or entering a password.

Read: https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html

Researchers at Numen Cyber Labs have released details of a new, recently reported critical UAF RCE vulnerability affecting the Chrome dev channel and related Chromium-based web browsers.

Details: https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html

GitHub reveals that hackers behind the recent OAuth token breach gained access to login credentials of nearly 100,000 NPM users

https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html

In an unrelated issue, plaintext credentials for npm were recorded in GitHub's internal logs for an unspecified no. of users.

Microsoft discloses 4 new high-severity vulnerabilities in a framework used by pre-installed Android system apps with millions of downloads.

Read: https://thehackernews.com/2022/05/microsoft-finds-critical-bugs-in-pre.html

A 37-year-old New York man has been sentenced to four years in prison for buying stolen credit card information and working with a cybercrime cartel known as "The Infraud Organization."

Read details: https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html

FBI warns of hackers selling VPN credentials for U.S. colleges and universities in public forums and criminal marketplaces on the Internet.

Read details: https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html

A new ransomware strain called "GoodWill" forces victims to donate money and clothes to the poor and take underprivileged children to Domino's Pizza, Pizza Hut, or KFC to give them a treat.

Read details: https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.html

Researchers have spotted a new zero-day exploit for Microsoft Office in the wild that could be exploited to execute arbitrary code on affected Windows systems, even if macros are disabled.

Details: https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html

Linux-based botnet "Enemybot" has expanded its arsenal to exploit recently disclosed vulnerabilities in IoT devices, web servers, Android devices, and content management systems (CMS).

Read details: https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html

SideWinder APT hackers have been linked to more than 1,000 cyberattacks since April 2020.

Read: https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

As the mobile threat landscape evolves in 2022, new and existing banking trojans are increasingly targeting Android devices to perform on-device frauds.

Read details: https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html

Chinese APT hackers aligned with state interests have been observed weaponizing the new zero-day vulnerability in Microsoft Office to compromise affected systems.

Read details: https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

A new version of the XLoader botnet malware has been discovered that uses a probability-based approach to camouflage its command and control (C&C) infrastructure.

Read details: https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html

Researchers have developed a new open-source framework — called YODA — that helps detect 47,000 malicious WordPress plugins installed on more than 24,000 websites.

Read details: https://thehackernews.com/2022/06/yoda-tool-found-47000-malicious.html

A new unpatched vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve RCE on the email server simply by sending a specially crafted email to a victim.

Read: https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html

U.S. Department of Justice seizes 3 web domains used by cybercriminals to trade stolen information and offer DDoS services.

Read — https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

SideWinder hackers have added a new custom tool and fake VPN apps to their arsenal of malware tools used to attack public and private entities in Pakistan.

Read details: https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html

Researchers have discovered a new security flaw in UNISOC's chipset that can be used to disrupt smartphone radio communications through a malformed packet.

Read details: https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html

ExpressVPN is removing its India-based VPN servers in response to a new cybersecurity directive from India's Computer Emergency Response Team (CERT-In) that requires all VPN providers to store users' data for at least 5 years.

Read: https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html

Researchers demonstrate R4IoT ransomware that exploits IoT devices to gain access and move laterally in an IT network and compromise the OT network.

Read details: https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html