📧🔓 Hackers are exploiting legit email accounts in transport companies to deliver RATs like NetSupport & DanaBot, causing disruptions, data theft, and major financial damage if not addressed quickly.

Learn more: https://thehackernews.com/2024/09/transportation-companies-hit-by.html

A vulnerability in the memory feature of OpenAI's ChatGPT app for macOS, dubbed "SpAIware," could hvae allowed attackers to embed #spyware, exposing user data across multiple conversations.

Learn more: https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html

Despite a decade of SOAR advancements, SOCs remain manual-heavy. Agentic AI is breaking new ground by automating the hardest SOC tasks—triage and investigation.

Learn how it could reshape your cybersecurity strategy: https://thehackernews.com/2024/09/agentic-ai-in-socs-solution-to-soars.html

🚨 New red team tool Splinter discovered by Palo Alto's Unit 42. Not as advanced as Cobalt Strike, but still a threat if misused. Built with Rust, it enables process injection & C2 communication.

Learn more: https://thehackernews.com/2024/09/cybersecurity-researchers-warn-of-new.html

Cyber pros, stay alert!

⚡ Phishing attacks are becoming harder to spot. Learn about key phishing indicators and discover effective ways to identify and mitigate these threats using advanced tools like ANYRUN.

Read: https://thehackernews.com/2024/09/expert-tips-on-how-to-spot-phishing-link.html

🔥 Mozilla's new Firefox browser feature, Privacy Preserving Attribution (PPA), is under fire for enabling tracking 👀 without user consent.

While it claims to protect privacy, watchdogs argue it violates EU's GDPR.

Learn more: https://thehackernews.com/2024/09/mozilla-faces-privacy-complaint-for.html

🔐 Google’s transition to Rust programming language has led to a staggering drop in memory safety vulnerabilities in Android—from 76% to just 24% over six years!

Learn more: https://thehackernews.com/2024/09/googles-shift-to-rust-programming-cuts.html

⚠️ Beijing-sponsored Salt Typhoon, also known as GhostEmperor, has been caught infiltrating U.S. Internet Service Providers, potentially compromising Cisco routers.

Read: https://thehackernews.com/2024/09/chinese-hackers-infiltrate-us-internet.html

The campaign's goal: to establish long-term access for data exfiltration or worse.

🛑 SloppyLemming hacker group is using cloud services to run espionage campaigns in South & East Asia, targeting gov, law enforcement, & energy sectors.

Spear-phishing & credential harvesting are key attack methods.

Learn more: https://thehackernews.com/2024/09/cloudflare-warns-of-india-linked.html

🚨 SilentSelfie: Kurdish websites hit by prolonged watering hole attack, stealing sensitive data from journalists & activists.

Malicious APKs capture locations & files without persistence, making detection tougher.

Learn more: https://thehackernews.com/2024/09/watering-hole-attack-on-kurdish-sites.html

⚠️ North Korea's Kimsuky group deploys new malware—KLogEXE & FPSpy—enhancing their ability to infiltrate systems with advanced keylogging & file exfiltration.

Learn more: https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html

⚠️ Kia vehicles had critical vulnerabilities allowing remote control with just a license plate!

Attackers could seize control in 30 seconds, accessing sensitive data and executing commands like unlocking the car.

Find details here: https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html

CVSS alone isn’t enough! Security teams need a smarter way to prioritize vulnerabilities.

EPSS predicts exploitation risk within 30 days, helping teams focus on real threats.

Learn how this model can sharpen your risk mitigation strategies: https://thehackernews.com/2024/09/epss-vs-cvss-whats-best-approach-to.html

A newly disclosed #vulnerability in NVIDIA Container Toolkit (CVSS 9.0) could allow attackers to escape containers and gain full access to the underlying host.

Find details here: https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html

Ensure you're running v1.16.2 to mitigate the risk.

U.S. and Dutch authorities have sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, for facilitating the laundering of illicit funds linked to cybercrime, ransomware, and fraud shops.

Learn more: https://thehackernews.com/2024/09/us-sanctions-two-crypto-exchanges-for.html

🔧 Legacy SIEM systems are failing to keep up with the modern threat landscape—too many alerts, not enough time.

Learn about a fresh approach to tackling legacy SIEM challenges in our upcoming ⚡ webinar.

Save your spot now: https://thehackernews.com/2024/09/overloaded-with-siem-alerts-discover.html

⚠️ HTML smuggling is delivering DCRat malware, bypassing traditional security controls by embedding malicious payloads in HTML files. This advanced technique poses a global threat to unsuspecting users.

Read: https://thehackernews.com/2024/09/new-html-smuggling-campaign-delivers.html

🔐 Learn how weak credentials and over-privileged accounts are being exploited in the latest Storm-0501 #ransomware attacks targeting hybrid cloud infrastructures.

Read details here > https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html

🚨 New CUPS vulnerabilities in Linux allow attackers to execute remote commands via print jobs! Affected systems include Debian, Fedora, RHEL.

Find details of CVE-2024-47176 here: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html

Disable ‘cups-browsed’ & block UDP port 631 until patches arrive.

🚀 Cybersecurity certifications are becoming essential for professionals to stand out in the competitive job market. With 37% of certified pros seeing salary boosts, they’re a smart career & financial investment.

Stay ahead—explore certifications: https://thehackernews.com/2024/09/cybersecurity-certifications-gateway-to.html

Ransomware attackers are using human-driven intrusions that mimic normal user behavior, making detection harder. Penetration testing, combining human expertise and automation, helps identify vulnerabilities before attackers strike.

Learn more: https://thehackernews.com/2024/09/how-to-plan-and-prepare-for-penetration.html