🆘 Attention, Palo Alto Networks users!

A critical vulnerability (CVE-2024-3400) in PAN-OS could expose your systems to remote code execution attacks.

Good news: Hotfixes and remediation steps available.

Read full advisory: https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html

🛡️ Did you know 70% of successful breaches begin at the endpoint? Unprotected devices are gateways for devastating cyberattacks.

This guide shares 10 must-know tips, from identifying vulnerabilities to implementing robust security solutions: https://thehackernews.com/2024/04/10-critical-endpoint-security-tips-you.html

Multiple severe vulnerabilities discovered in Brocade SANnav SAN management application.

From insecure root access to lack of authentication and encryption, one flaw even allows unauthenticated remote attackers to log in as root!

Read: https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html

🚨 Developers Beware! A new social engineering scam is on the rise, luring software engineers with fake job interviews only to infect their systems with BeaverTail and InvisibleFerret backdoors malware.

https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html

Cybersecurity researchers have uncovered a targeted cyber attack against Ukraine that leveraged a 7-year-old Microsoft Office flaw to deploy Cobalt Strike beacons on victims' systems.

Read: https://thehackernews.com/2024/04/ukraine-targeted-in-cyberattack.html

Heads up! Okta is sounding the alarm on an unprecedented spike in credential stuffing attacks targeting online services.

These attacks are powered by readily available tools and stolen credentials.

Details: https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html

🚨 Multiple vulnerabilities have been discovered in the popular Judge0 online code execution system, putting users at risk of complete system compromise.

Get the details: https://thehackernews.com/2024/04/sandbox-escape-vulnerabilities-in.html

Learn how Exposure Management empowers organizations to prioritize the most critical exposures based on their potential impact and proactively strengthen cybersecurity posture.

Read the full article to discover the power of Exposure Management ➡️ https://thehackernews.com/2024/04/navigating-threat-landscape.html

👨‍💻🔐 A new security vulnerability (CVE-2024-27322) has been discovered in the R programming language. It could allow attackers to execute arbitrary code through malicious RDS files, exposing your projects to supply chain attacks.

Read: https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html

🚨 NEW THREAT ALERT!

Cybersecurity researchers have uncovered "Muddling Meerkat" - a sophisticated Chinese threat actor abusing DNS for global reconnaissance since 2019.

Details: https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html

Just in! Google is tightening the screws on bad actors:

200K app submissions rejected
333K bad accounts blocked
2.28 million policy-violating apps prevented
31 SDKs impacting 790,000+ apps had data access limited
1.5 million outdated apps removed

https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html

🔒 Say goodbye to easily guessable passwords on your smart home devices!

The U.K.'s PSTI act prohibits DEFAULT PASSWORDS from April 2024 onwards. Manufacturers must up their security game or face hefty fines up to £10 MILLION.

Read: https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html

🤖 U.S. government releases new AI security guidelines to protect critical systems like power grids and water treatment plants from AI threats.

Learn more: https://thehackernews.com/2024/04/us-government-releases-new-ai-security.html

🚨 MILLIONS of malicious "imageless" containers have been planted on Docker Hub over the past 5 years in multiple cybercriminal campaigns designed to phish users and deliver #malware payloads.

Get details here: https://thehackernews.com/2024/04/millions-of-malicious-imageless.html

Former NSA employee, Jareh Sebastian Dalke, has been sentenced to a nearly 22-year prison sentence for attempting to sell classified documents to Russia in exchange for $85,000.

Read: https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html

ZLoader, a dangerous malware, has resurfaced with an enhanced anti-analysis feature that prevents it from running on any machine other than the one initially infected.

Learn more about it: https://thehackernews.com/2024/05/zloader-malware-evolves-with-anti.html

Are your employees snoozing through outdated cybersecurity training? 69% admit to bypassing security guidelines.

Wake them up! Engage your team with relevant, expertly crafted lessons that drive real behavioral change.

Read on to learn how: https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html

Researchers have uncovered a new Android malware called Wpeeper that uses compromised WordPress sites to hide its true command-and-control servers.

This sneaky backdoor can collect device info, manage files, & execute malicious commands.

Learn more: https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html

🕵️‍♀️ Forensic analysis uncovers criminal Bitcoin clusters tied to money laundering.

Scientists teamed up to analyze blockchain data, revealing shady transactions to crypto exchanges. Hunt on to stop bad actors.

Read on: https://thehackernews.com/2024/05/bitcoin-forensic-analysis-uncovers.html

🚨 Attention router users!

A new stealthy malware called Cuttlefish is targeting SOHO routers to monitor ALL traffic passing through infected devices to steals authentication credentials.

Read: https://thehackernews.com/2024/05/new-cuttlefish-malware-hijacks-router.html

🚨 Attention GitLab users!

A critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses.

Read details: https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html

Update to the latest patched versions immediately.