OpenSSL has released security patches for 2 new high-severity vulnerabilities that could be exploited to perform DoS attacks (CVE-2021-3449) and bypass certificate verification (CVE-2021-3450).

Read details — https://thehackernews.com/2021/03/openssl-releases-patches-for-2-high.html

🔥 Apple yesterday released an URGENT PATCH UPDATE for all of its devices running iOS, iPadOS, macOS, and watchOS to fix another WebKit zero-day vulnerability (CVE-2021-1879) that is being exploited in the wild.

Details: https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html

⚠️Attention — This Android system update notification can install powerful spyware on your device, capable of stealing a massive amount of information--from browser searches to audio and phone call recording.

Read: https://thehackernews.com/2021/03/watch-out-that-android-system-update.html

🔥 ATTENTION — Someone hacked PHP's git server and pushed two new updates to insert a secret RCE backdoor into its source code.

Read more about this latest supply-chain cyberattack on the widely used #programming language: https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html

A set of new vulnerabilities in Linux-based operating systems could allow attackers to bypass mitigations for speculative attacks like Spectre and obtain sensitive information from kernel memory.

Read details: https://thehackernews.com/2021/03/new-bugs-could-let-hackers-bypass.html

🔥 MobiKwik, India's popular mobile payment service, suffered a major security breach in which the identity and payment details of over 3.5 million users—including KYC documents (8.2 TB)—were stolen by an unknown hacker.

Details: https://thehackernews.com/2021/03/mobikwik-suffers-major-breach-kyc-data.html

Multiple Japanese industries are being targeted by APT10 hackers using a multi-stage backdoor called 'Ecipekac.'

Read: https://thehackernews.com/2021/03/hackers-are-implanting-multiple.html

Hackers backed by the North Korean government set up a "fake" cybersecurity firm to attack "real" security experts, Google revealed.

Read details: https://thehackernews.com/2021/03/hackers-set-up-fake-cybersecurity-firm.html

Researchers find hackers are exploiting a feature built into the Microsoft Windows Operating system to avoid Firewalls and launch persistent malware attacks against their targets.

Read details here: https://thehackernews.com/2021/04/hackers-using-windows-os-feature-to.html

DeepDotWeb administrator—who received over $8 million in kickbacks for promoting links to illegal Darknet marketplaces—pleads guilty to money laundering charges.

https://thehackernews.com/2021/04/deepdotweb-admin-pleads-guilty-to-money.html

Google is limiting which apps can access the list of other installed apps on your Android device

https://thehackernews.com/2021/04/google-limits-which-apps-can-access.html

533 million Facebook users' personal and contact information posted publicly on a hacking forum, free for public download.

Read: https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
The leaked data was harvested by hackers in 2019 using a Facebook vulnerability.

In a new malware campaign, hackers are targeting professionals on #LinkedIn with weaponized job offers in an attempt to infect targets' devices with a sophisticated backdoor trojan called "more_eggs."

https://thehackernews.com/2021/04/hackers-targeting-professionals-with.html

Chinese hackers have been spotted spying on the Vietnamese government and military organizations in an advanced cyberespionage operation.

Details: https://thehackernews.com/2021/04/hackers-from-china-target-vietnamese.html

Alert: Mission-critical SAP applications—including but not limited to ERP, SCM, HCM, PLM, CRM and others—are currently under active attack.

https://thehackernews.com/2021/04/watch-out-mission-critical-sap.html
Businesses are advised to perform a compromise assessment, apply security patches, and fix misconfigurations to prevent unauthorized access.

Researchers revealed details of a new banking trojan targeting corporate users in Brazil across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government.

Read: https://thehackernews.com/2021/04/experts-uncover-new-banking-trojan.html

Researchers have found a critical authentication bypass vulnerability (CVE-2021-21982) in VMWare Carbon Black Cloud Workload software. Patch it!

Read: https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html
VMware has also addressed 2 separate bugs in vRealize Operations Manager solution.

A new wormable Android malware has been discovered that's capable of propagating via WhatsApp messages automatically.

Details — https://thehackernews.com/2021/04/whatsapp-based-wormable-android-malware.html
Disguised as a rogue Netflix app, malware app was downloadable directly from the official Google Play Store.

In a bid to reduce memory-based vulnerabilities, Google is adding Rust programming language support to Android OS low-level development.

Read details: https://thehackernews.com/2021/04/android-to-support-rust-programming.html

🔥 UPDATE — PHP Supply Chain Attack

Hackers compromised the user database at PHP's official site—including passwords—which was then used to implant a backdoor in the source code.
https://thehackernews.com/2021/04/php-sites-user-database-was-hacked-in.html
PHP maintainers have reset all existing passwords.