🛡️ Chinese state-sponsored hackers target Southeast Asian government in cyber espionage campaign using new malware like PocoProxy and updated EAGERBEE, along with other known families.

Details here: https://thehackernews.com/2024/06/chinese-state-backed-cyber-espionage.html

🚨 Major communication platform faces backlash for using user data to train AI models without proper consent.

Is your organization's sensitive data at risk?

Learn about the growing threat of Shadow AI & how to combat it with automated SSPM solutions: https://thehackernews.com/2024/06/unpacking-2024s-saas-threat-predictions.html

🐍 Python developers beware! A malicious package named "crytic-compilers" was discovered on PyPI, designed to deliver the Lumma info stealer.

Learn more: https://thehackernews.com/2024/06/hackers-target-python-developers-with.html

Google Settles Location Tracking Allegations.

Starting Dec 1, 2024, Google Maps Timeline data will be stored locally on users' devices, boosting privacy.

Learn more: https://thehackernews.com/2024/06/google-maps-timeline-data-to-be-stored.html

🚨 Alert: Hackers are exploiting legitimate packer software like "BoxedApp" to distribute malware undetected, targeting financial institutions and government agencies.

Read the full story here - https://thehackernews.com/2024/06/hackers-exploit-legitimate-packer.html

🔒 Password reuse can lead to devastating account takeovers.

Tom's story shows how reusing a strong password across different sites can still expose you to hackers.

Discover the best practices for preventing account takeover attacks: https://thehackernews.com/2024/06/prevent-account-takeover-with-better.html

🤖 Muhstik botnet malware is now exploits CVE-2023-33246 in Apache RocketMQ, targeting IoT devices and Linux servers for DDoS attacks and cryptomining.

Find more details on this ongoing threat here: https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html

🚨 61% of U.S. businesses were hit by software supply chain attacks last year, causing data breaches, financial losses, and reputational harm.

🔒 Learn how to protect your organization from these critical threats: https://thehackernews.com/2024/06/third-party-cyber-attacks-threat-no-one.html

New vulnerabilities are disclosed hourly, new exploits for old vulnerabilities are publicly released and threat actors are updating their techniques continuously.

Knowing where and how to prioritize your security resources to achieve the greatest impact with the least time invested is critical.

Join Intruder’s webinar on June 12, 2024, to learn how to get started: https://thn.news/exposure-management-lessons

Can’t make it? Register for the webinar and a copy will be sent.

Cybercriminals are exploiting vulnerabilities in Docker and ThinkPHP to deploy cryptominers and web shells.

Learn more about these cyberattacks - https://thehackernews.com/2024/06/commando-cat-cryptojacking-attacks.html

Secure your installations and update your applications to prevent attacks.

🔒 Alert: CERT-UA warns of cyber-attacks on Ukraine's defense forces using the SPECTR malware in SickSync espionage campaign.

Learn more about the tactics used by the Vermin group: https://thehackernews.com/2024/06/spectr-malware-targets-ukraine-defense.html

🔒 FBI has 7,000+ decryption keys for LockBit ransomware to help victims recover their data for free. If you're a victim, don't pay the ransom.

🔧 Here's how to unlock your data: https://thehackernews.com/2024/06/fbi-distributes-7000-lockbit-ransomware.html

Growing concerns over responsible 🤖 AI use:

✓ Google guides Android devs
✓ Meta faces EU privacy complaints
✓ Microsoft's Recall feature raises security red flags

Learn about the potential risks & how they could impact you: https://thehackernews.com/2024/06/the-ai-debate-googles-guidelines-metas.html

Traditional SCA tools often miss critical vulnerabilities and create alert fatigue. Learn how to protect your software supply chain from emerging threats.

🔗 Download the guide for more insights: https://thehackernews.com/2024/06/cyber-landscape-is-evolving-so-should.html

🚨 LightSpy, a malware framework, now targets macOS alongside iOS, Android, and Windows. It uses 10 plugins to gather extensive data from infected devices.

Learn more: https://thehackernews.com/2024/06/lightspy-spywares-macos-variant-found.html

Ransomware, DDoS, data breaches – 2023 was a tough year for cybersecurity.

The good news? Many of these attacks could have been prevented with better basic practices.

Learn more at our upcoming webinar: https://thehackernews.com/2024/06/ultimate-cyber-hygiene-guide-learn-how.html

SAVE YOUR SPOT NOW!

Big news from Microsoft!

They’ve disabled the AI-powered Recall feature by default after backlash over #privacy concerns.

Recall now includes enhanced security like Windows Hello biometric scanning and encrypted databases.

Learn more: https://thehackernews.com/2024/06/microsoft-revamps-controversial-ai.html

🛑 Attention Developers and SysAdmins!

A new PHP flaw (CVE-2024-4577) affects all of its Windows versions, enabling remote code execution via CGI argument injection.

Learn more: https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html

Patch is available—update to PHP 8.3.8, 8.2.20, or 8.1.29 immediately.

🚨 Threat Alert: Sticky Werewolf Targets Russian and Belarusian Entities.

Phishing attacks expand beyond government organizations to pharmaceutical, research, and aviation sectors.

Learn more about the latest campaign: https://thehackernews.com/2024/06/sticky-werewolf-expands-cyber-attack.html

Google takes down 1,320 YouTube channels and 1,177 Blogger blogs linked to Chinese influence operation.

Find out more about the coordinated campaign targeting U.S. foreign affairs: https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html

🔐 Researchers have uncovered a vulnerability in Azure Service Tags that could allow attackers to bypass firewall rules. Microsoft has issued guidance on this issue.

Discover how to safeguard your cloud assets: https://thehackernews.com/2024/06/azure-service-tags-vulnerability.html