🚨 A highly aggressive cloud campaign by the TeamTNT group called Silentbob has infected 196 hosts! They're targeting Docker, Kubernetes, Redis, Postgres, and more. The focus appears to be testing the botnet rather than cryptomining.

Read: https://thehackernews.com/2023/07/teamtnts-silentbob-botnet-infecting-196.html

A new report reveals a series of cyberattacks targeting government entities, military organizations, & civilian users in #Ukraine & Poland. The attacks aim to steal sensitive data and gain remote access to infected systems.

Learn more: https://thehackernews.com/2023/07/picassoloader-malware-used-in-ongoing.html

Zimbra users, be cautious! Email collaboration software company has warned of an actively exploited zero-day vulnerability in its software.

Read details here: https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html

Apply the patch ASAP to eliminate the attack vector.

🚨 Alert! A new malware strain called AVrecon has quietly targeted over 70,000 small office/home office (SOHO) routers worldwide, forming a massive botnet of 40,000 nodes across 20 countries.

Read: http://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

TeamTNT has expanded its cloud credential stealing campaign beyond AWS, now also targeting Azure and Google Cloud Platform.

Learn more about it: https://thehackernews.com/2023/07/teamtnts-cloud-credential-stealing.html

⚠️ Heads up: Over a million WordPress sites are affected by a critical bug in the All-In-One Security (AIOS) plugin.

It stored user passwords in plaintext, posing a risk if admins reused them on other services.

Read: https://thehackernews.com/2023/07/aios-wordpress-plugin-faces-backlash.html

🚨 🔐 Microsoft admits a validation issue in its code that enabled China-based hackers to forge authentication tokens, granting unauthorized access to Azure AD and Outlook[.]com accounts of over two dozen organizations.

Read: https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html

A new generative AI cybercrime tool called WormGPT is gaining popularity in underground forums. It enables cybercriminals to automate advanced phishing and BEC attacks, using personalized fake emails to increase success rates.

Read: https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html

⚠️ New report reveals the alarming activities of Gamaredon, a notorious Russian hacking crew. They exploit email and messaging platforms to compromise systems, exfiltrating files in a matter of minutes.

Read: https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html

Cybercriminals are leveraging exploits for CVE-2021-40444 and CVE-2022-30190 to execute code through malicious Word files. Once opened, LokiBot malware is downloaded, logging keystrokes, capturing screenshots, and stealing data.

Read: https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html

🚨 Cyber attacks via infected USB drives have tripled in the first half of 2023. Learn more about the SOGU and SNOWYDRIVE campaigns targeting public and private sector entities worldwide.

Read: https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html

Heads up! Hackers are exploiting WebAPK technology to trick Android users into downloading fake banking apps that steal sensitive information.

Read details: https://thehackernews.com/2023/07/hackers-exploit-webapk-to-deceive.html

JumpCloud confirms that a nation-state actor was behind the recent security incident. The breach targeted a specific group of customers.

Learn more: https://thehackernews.com/2023/07/jumpcloud-blames-sophisticated-nation.html

Beware! A critical security flaw (CVE-2023-28121) in the WooCommerce Payments #WordPress plugin is currently being actively exploited by threat actors.

In addition to this, Rapid7 has also discovered ongoing exploitation of Adobe ColdFusion flaws (including CVE-2023-29298), resulting in web shell deployments.

Read details here: https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html

Conor Brian Fitzpatrick, the owner of BreachForums, pleads guilty to charges related to operating a cybercrime forum and possessing child pornography—faces up to 40 years in jail and $750,000 in fines.

Read: https://thehackernews.com/2023/07/owner-of-breachforums-pleads-guilty-to.html

FIN8, notorious financially motivated hacker group, has adopted a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware.

Learn more: https://thehackernews.com/2023/07/fin8-group-using-modified-sardonic.html

Attention VirusTotal users!

A database containing 5,600 customers' details has been exposed, including government agencies like the FBI, NSA, and more.

Learn more: https://thehackernews.com/2023/07/virustotal-data-leak-exposes-some.html

A sophisticated threat actor is targeting Pakistan government entities through a trojanized version of the E-Office application.

Read details: https://thehackernews.com/2023/07/pakistani-entities-targeted-in.html

ALERT: Critical security flaw in Citrix NetScaler ADC and Gateway being actively exploited! CVE-2023-3519 allows unauthenticated remote code execution.

Read: https://thehackernews.com/2023/07/zero-day-attacks-exploited-critical.html

🚨 U.S. government puts Cytrox and Intellexa, foreign commercial spyware vendors, on an economic blocklist for their potential misuse of surveillance tools.

Read details here: https://thehackernews.com/2023/07/us-government-blacklists-cytrox-and.html

🔒 Cybersecurity researchers have discovered a privilege escalation vulnerability, dubbed Bad Build, in Google Cloud. Attackers could tamper with app images and infect users, leading to supply chain attacks.

Read: https://thehackernews.com/2023/07/badbuild-flaw-in-google-cloud-build.html