Tata Power, India's largest integrated power company, has been hit by a cyberattack.

Read: https://thehackernews.com/2022/10/indian-energy-company-tata-powers-it.html

Interpol has announced the arrest of 75 people as part of a coordinated global operation against an organized cybercrime syndicate called "Black Axe."

Read: https://thehackernews.com/2022/10/interpol-led-operation-takes-down-black.html

Zimbra has finally released security patches for an actively exploited RCE vulnerability (CVE-2022-41352) in its Enterprise Collaboration Suite that could be used to upload arbitrary files to vulnerable instances.

Read: https://thehackernews.com/2022/10/zimbra-releases-patch-for-actively.html

Microsoft warns about a newly discovered ransomware campaign called "Prestige" that targets companies in the transportation and related logistics industries in Ukraine and Poland.

Read: https://thehackernews.com/2022/10/new-prestige-ransomware-targeting.html

New research has uncovered a security weakness in Microsoft 365 that could be exploited to determine the content of encrypted messages due to the use of a broken cryptographic algorithm.

Read: https://thehackernews.com/2022/10/researchers-claim-microsoft-office-365.html

Hackers behind the Black Basta ransomware attacks have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks.

Read: https://thehackernews.com/2022/10/black-basta-ransomware-hackers.html

Police in Europe have arrested members of a cybercrime ring that used a hacking tool to steal cars without a physical key fob.

Read: https://thehackernews.com/2022/10/european-police-arrest-gang-that-hacked.html

Operation CuckooBees: A Chinese-aligned espionage hacking group is targeting government organizations in Hong Kong.

Read: https://thehackernews.com/2022/10/chinese-spyder-loader-malware-spotted.html

A critical RCE vulnerability has been discovered in the popular Cobalt Strike exploitation framework that could allow an attacker to take control of the target system.

Read: https://thehackernews.com/2022/10/critical-rce-vulnerability-discovered.html

HelpSystems releases an out-of-band patch update to fix the issue.

Chinese APT hackers, codenamed DiceyF, have been linked to a string of attacks aimed at online casinos in Southeast Asia for years.

Read: https://thehackernews.com/2022/10/chinese-hackers-targeting-online.html

Security researchers warn of a new, stealthy PowerShell backdoor that disguises itself as a Windows update process.

Details: https://thehackernews.com/2022/10/experts-warn-of-stealthy-powershell.html

CISA has published two Industrial Control Systems (ICS) advisories warning of serious security vulnerabilities in Advantech R-SeeNet and Hitachi Energy APM Edge appliances.

Details: https://thehackernews.com/2022/10/cisa-warns-of-critical-flaws-affecting.html

Researchers have disclosed more details about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could allow an attacker to gain administrative privileges on the cluster.

Read: https://thehackernews.com/2022/10/researchers-detail-azure-sfx-flaw-that.html

A newly discovered variant of the Ursnif malware has focused on ransomware and data theft extortion attacks instead of banking fraud.

Read: https://thehackernews.com/2022/10/latest-ursnif-variant-shifts-focus-from.html

Domestic Kitten hacking group has been spotted spying on Iranians using an updated version of FurBall Android malware.

Read: https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html

Around 20 million Android users have been infected with the Clicker #malware after installing 16 malicious apps from Google Play.

Read: https://thehackernews.com/2022/10/these-16-clicker-malware-infected.html

Brazilian police announced Wednesday that they have arrested a person suspected of belonging to the notorious LAPSUS$ hacking group.

Read: https://thehackernews.com/2022/10/brazilian-police-arrest-suspected.html

A Russian ransomware group dubbed "OldGremlin" has been attributed to 16 multi-million dollar campaigns targeting businesses in Russia.

Read: https://thehackernews.com/2022/10/oldgremlin-ransomware-targeted-over.html

Researchers have detected active exploitation attempts targeting the recently disclosed critical RCE vulnerability (CVE-2022-42889) in Apache Commons Text.

Read details: https://thehackernews.com/2022/10/hackers-started-exploiting-critical.html

Multiple malware campaigns are exploiting a vulnerability in VMware Workspace ONE Access to infect targeted systems with cryptocurrency miners and ransomware.

Details: https://thehackernews.com/2022/10/multiple-campaigns-exploit-vmware.html

Microsoft has confirmed that it inadvertently exposed data related to 65,000+ of customers following a security lapse that left an endpoint publicly accessible over the internet.

Details: https://thehackernews.com/2022/10/microsoft-confirms-server.html