🔐 A serious flaw in Microsoft Azure AD's OAuth process has been uncovered, that could have enabled complete account takeover!

Learn how a simple misconfiguration allows hackers to exploit the "Log in with Microsoft" feature.

Details: https://thehackernews.com/2023/06/critical-noauth-flaw-in-microsoft-azure.html

Operation Triangulation: Your iOS device might be at risk! Spyware called TriangleDB infiltrates iPhones and iPads via invisible iMessage attachments.

Learn how attackers exploit kernel vulnerabilities to access your personal info: https://thehackernews.com/2023/06/new-report-exposes-operation.html

🔒 ScarCruft, a North Korean threat group, developed an information-stealing malware with wiretapping abilities. Using the Ably messaging service, this malware poses a serious risk to organizations.

Learn more: https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html

🔒 Urgent: Apple releases critical updates to address actively exploited vulnerabilities in iOS, iPadOS, macOS, watchOS, and Safari.

Learn more: https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html

Ensure your devices are up-to-date to fend off cyber threats.

Attention online retailers! A critical security flaw in the "Abandoned Cart Lite for WooCommerce" plugin puts over 30,000 WordPress websites at risk.

Learn more: https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.html

Update to version 5.15.2 immediately to prevent unauthorized access.

⚡️ Don't wait for a data breach to happen! Discover the vital role of data exfiltration detection and how Machine Learning algorithms & NDR technology help identify and prevent cyberattacks.

Learn how to enhance your security posture https://thehackernews.com/2023/06/unveiling-unseen-identifying-data.html

💥 Chinese cyber espionage group, Camaro Dragon, expands its reach with a new self-propagating #malware, dubbed WispRider, spreading through USB drives.

Check out the latest research findings: https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html

A new phishing campaign named MULTI#STORM targets India and the U.S., using JavaScript files to deploy remote access trojans on compromised systems.

Discover the intricate attack chain: https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html

⚠️ Urgent action required!

Internet-facing Linux systems and IoT devices are under attack! Discover how threat actors hijack SSH credentials, deploy backdoors and mining cryptocurrency.

Learn more: https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html

NSA shares crucial guidance to detect and tackle BlackLotus: a powerful UEFI bootkit bypassing Windows Secure Boot, granting attackers full control.

Discover how it evades security mechanisms and executes additional payloads: https://thehackernews.com/2023/06/nsa-releases-guide-to-combat-powerful.html

New #JavaScript Dropper PindOS delivers dangerous payloads like Bumblebee and IcedID, acting as loaders for ransomware and other malware.

Explore the article for more details: https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html

Attackers are increasingly targeting vulnerable developer laptops to infiltrate production systems without directly attacking them, warned cloud security expert Lee Atchison.

Learn more: https://thn.news/HIq4tcGM

Watch out, BPOs! Discover how 'Muddled Libra' cybercrime group is leveraging the 0ktapus phishing kit and social engineering tactics to infiltrate organizations and steal sensitive data.

Learn more: https://thehackernews.com/2023/06/cybercrime-group-muddled-libra-targets.html

U.K. hacker Joseph James O'Connor sentenced to 5 years for massive Twitter breach, targeting 130 high-profile accounts, executing a crypto scam, and netting $120,000 in illegal profits.

Read details: https://thehackernews.com/2023/06/twitter-hacker-sentenced-to-5-years-in.html

🔒 6 known exploited vulnerabilities have been added to CISA's catalog. Apple, VMware, and Zyxel devices are affected, exposing them to code execution, zero-click exploits, & cyberespionage attacks.

Get the details and patch your systems ASAP: https://thehackernews.com/2023/06/us-cybersecurity-agency-adds-6-flaws-to.html

Chinese group Volt Typhoon poses a new cyber espionage threat. Learn how they infiltrate and persistently access critical infrastructure targets using web shells, living-off-the-land binaries, and stealthy tactics.

Read: https://thehackernews.com/2023/06/chinese-hackers-using-never-before-seen.html

Microsoft exposes a surge in 🔒 credential-stealing attacks by Russian hacker group Midnight Blizzard. These hackers employ residential proxy services to conceal their targeting of governments, defense, and critical sectors.

Details: https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

A Japanese cryptocurrency exchange fell victim to a recent cyberattack, deploying the stealthy JokerSpy backdoor on Apple macOS.

Find out how this sophisticated toolkit targets macOS machines: https://thehackernews.com/2023/06/japanese-cryptocurrency-exchange-falls.html

Did you know that generative AI tools can lead to data leaks? Protect your organization from inadvertent data exposure and breaches.

Discover effective strategies for securing your SaaS environment from AI-related risks.

Read: https://thehackernews.com/2023/06/how-generative-ai-can-dupe-saas.html

🔒 Researchers have uncovered an ingenious side-channel attack that can recover secret keys from a device using video footage of its power LED.

Find out how threat actors exploit this: https://thehackernews.com/2023/06/researchers-find-way-to-recover.html

⚡️ Urgent security alert! Fortinet has released urgent updates to fix a critical vulnerability (CVE-2023-33299) in FortiNAC, exposing networks to arbitrary code execution.

Learn more: https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html