New Linux vulnerability (CVE-2023-4911) named Looney Tunables found in the GNU C library's dynamic loader. Exploitation could lead to root privileges.

Learn how it affects major #Linux distributions: https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

From DragonEgg to LightSpy — Discover the hidden links between Android and iOS spyware, exposing a sophisticated network of surveillance.

Learn more in this report: https://thehackernews.com/2023/10/researchers-link-dragonegg-android.html

Atlassian releases patch for a new zero-day vulnerability (CVE-2023-22515) in Confluence, risking admin account breaches on Data Center and Server instances.

Find details here: https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html

Update to the latest versions 8.3.3+, 8.4.3+, or 8.5.2 for a shield against potential exploits.

🚨 Attention iPhone and iPad users! Apple rushes in with iOS 17.0.3 and iPadOS 17.0.3 updates to patch an actively exploited kernel vulnerability.

Learn more about CVE-2023-42824: https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html

🚨 Alert: CISA flags active exploits. Two recent vulnerabilities come under the scanner:

— CVE-2023-42793: TeamCity Auth Bypass
— CVE-2023-28229: Win CNG Flaw

Read details here: https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html

Act fast, secure your networks—patch by Oct 25!

⚠️ Alert: A new Android banking trojan, named GoldDigger, has surfaced, targeting over 50 banking apps in the Asia-Pacific (APAC) and Spanish-speaking regions.

Learn more: https://thehackernews.com/2023/10/golddigger-android-trojan-targets.html

Researchers uncover "Operation Jacana," a targeted cyber espionage campaign using spear-phishing and DinodasRAT that breached a Guyana government entity.

Learn more: https://thehackernews.com/2023/10/guyana-governmental-entity-hit-by.html

💪 It's time to revolutionize your data security strategy for the cloud era

Dive into the groundbreaking realm of DSPM and decode the future of risk management in this exclusive webinar featuring Gartner and BigID. Sign up: https://thn.news/sGbfvuhX

🆘 Urgent: Cisco releases patch for a critical vulnerability in Emergency Responder, allowing remote attackers to sign in using hard-coded credentials and execute commands as root.

Read: https://thehackernews.com/2023/10/cisco-releases-urgent-patch-to-fix.html

🕵️‍♂️ Despite infrastructure disruption, QakBot malware operators are still active in an ongoing phishing campaign, delivering Ransom Knight ransomware & Remcos RAT.

Learn more: https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html

🚨 Multiple security flaws in Supermicro's BMC firmware pose severe risks. Know the risks from CVE-2023-40284 to CVE-2023-40290, allowing unauthenticated attackers to gain root access.

Read: https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html

Is your system one of the 70,000 exposed?

GitHub's secret scanning just got even better! Now supporting AWS, Microsoft, Google, and Slack tokens, ensuring your code's safety.

Learn how to amp up your code security with this powerful feature:https://thehackernews.com/2023/10/githubs-secret-scanning-feature-now.html

🤖 Cyber Intrusion Alert! Semiconductor companies in East Asia are under attack.

Threat actors posing as TSMC deploy Cobalt Strike beacons via HyperBro backdoor.

Read now: https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html

🔒 Strengthen your organization's security posture! Satori's UDPS offers real-time policy updates, non-intrusive encryption, and compatibility with diverse data platforms.

Learn how to safeguard your data effortlessly: https://thehackernews.com/2023/10/new-os-tool-tells-you-who-has-access-to.html

Cryptocurrency laundering hits $7 BILLION 💰

Report reveals Lazarus Group, tied to North Korea, involved in $900 million cross-chain bridge laundering spree. As mixers face scrutiny, crypto criminals shift tactics.

Read details: https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html

⚡️ Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom.

Microsoft's report exposes tactics, including employing LinkedIn fakes & dynamic C2 infra on Google Drive.

Read: https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html

🚨 Heads up, Developers! Curl library, backbone of data transfers, to address TWO security vulnerabilities on October 11, 2023.

Read: https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html

CVE-2023-38545 & CVE-2023-38546 pose risks; details under wraps.

🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data.

Get the details: https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html

🚨 Heads up, senior executives! A new phishing campaign is on the rise, targeting Senior Executives in U.S. firms.

Read: https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html

Cybercriminals using EvilProxy to hijack accounts, specifically hitting banking, finance, insurance & manufacturing.

Ever dreamed in code? Moonlock Lab's #malware research engineer did, seeing 'MyHotKeyHandler,' 'Keylogger,' and 'macOS.'

#ChatGPT recreated the malicious code, revealing the risky world of AI jailbreaks and prompt engineering.

Learn how prompt injections make AI models go rogue: https://thehackernews.com/2023/10/i-had-dream-and-generative-ai-jailbreaks.html

📱 PEACHPIT alert! This ad fraud botnet, linked to China's BADBOX operation, targeted 15M+ Android & iOS users.

Learn how threat actors exploited devices for ad fraud and data theft: https://thehackernews.com/2023/10/peachpit-massive-ad-fraud-botnet.html