Cybercriminals have been found exploiting a new critical zero-day vulnerability (CVE-2022-24086 / CVSS 9.8) in the Adobe Commerce and Magento e-commerce platforms — Patch your online shopping sites now.

Read details: https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html

Multiple critical vulnerabilities have been discovered in Moxa MXview web-based industrial network management #software, some of which could be exploited by an unauthenticated attacker to execute remote code on unpatched servers.

Read: https://thehackernews.com/2022/02/critical-security-flaws-reported-in.html

Google has released an update for its Chrome web browser for Windows, Mac, and Linux users that patches multiple new security vulnerabilities, one of which is being actively exploited in the wild.

Read details: https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html

A new variant of the MyloBot malware spreading malicious payloads used to send sextortion emails demanding $2,732 in digital currency from victims.

Read: https://thehackernews.com/2022/02/new-mylobot-malware-variant-sends.html

Researchers detail the inner workings of ShadowPad, a modular backdoor that has been adopted by a growing number of Chinese hacker groups in recent years, while also linking it to the country's civilian and military intelligence agencies.

Read: https://thehackernews.com/2022/02/researchers-link-shadowpad-malware.html

Facebook has agreed to pay $90 million to settle a decade-old privacy breach lawsuit that accused the company of using web cookies to track users' Internet activity even after they logged off the platform.

Details: https://thehackernews.com/2022/02/facebook-agrees-to-pay-90-million-to.html

A new high-severity vulnerability (CVE-2021-44521) has been reported in the popular distributed NoSQL database software Apache Cassandra, which, if left unfixed, could lead to RCE attacks on affected installations.

Details: https://thehackernews.com/2022/02/high-severity-rce-security-bug-reported.html

European Union's data protection authority called for a ban on the development and use of Pegasus-like commercial spyware in the region.

Read details: https://thehackernews.com/2022/02/eu-data-protection-watchdog-calls-for.html

Trickbot malware has targeted the customers of 60 high-profile companies since 2020, including cryptocurrency platforms.

Details: https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html

U.S. government agencies FBI, NSA, CISA release joint advisory accusing state-sponsored Russian hackers of regularly attacking several U.S. cleared defense contractors to steal proprietary documents and other confidential information.

https://thehackernews.com/2022/02/us-says-russian-hackers-stealing.html

The politically motivated "Moses Staff" hacker group has been observed using a custom multi-component toolset with the goal of carrying out cyberespionage against Israeli organizations.

Read: https://thehackernews.com/2022/02/moses-staff-hackers-targeting-israeli.html

Researchers have unpacked a new Golang-based botnet called "Kraken," which is under active development and features an array of backdoor capabilities.

Read details: https://thehackernews.com/2022/02/researchers-warn-of-new-golang-based.html

Researchers release a new open-source tool called "Underactor" that can uncover pixelated text from redacted documents and reveal sensitive data.

Read details: https://thehackernews.com/2022/02/this-new-tool-can-retrieve-pixelated.html

Google announced plans to bring its "Privacy Sandbox" initiative to Android to expand its privacy-focused but also less disruptive advertising technology beyond the desktop web.

Read details: https://thehackernews.com/2022/02/google-bringing-privacy-sandbox-to.html

Adobe releases patches for another critical vulnerability (CVE-2022-24087) discovered in the Adobe Commerce and Magento eCommerce platforms that could be exploited to execute arbitrary code.

Read details: https://thehackernews.com/2022/02/another-critical-rce-discovered-in.html

Cisco has released security updates to patch 3 vulnerabilities affecting its products, including one high-severity flaw that attackers can exploit by sending an email to crash Cisco Email Security Appliances.

Read details: https://thehackernews.com/2022/02/attackers-can-crash-cisco-email.html

A "potentially destructive actor" aligned with the Iranian government is actively exploiting the known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware.

Read details: https://thehackernews.com/2022/02/iranian-hackers-targeting-vmware.html

A set of new Linux vulnerabilities have been discovered in Canonical's Snap for software packaging and deployment system, the most critical of which can be exploited to gain root privileges on targeted systems.

Read details: https://thehackernews.com/2022/02/new-linux-privilege-escalation-flaw.html

Researchers have found that several computers in SouthKorea are being attacked by a botnet called "PseudoManuscrypt" using the same spreading tactics as another malware called CryptBot.

Read details: https://thehackernews.com/2022/02/pseudomanuscrypt-malware-spreading-same.html

Microsoft warns of emerging 'Ice Phishing' threats targeting Web3, blockchain, DeFi, smart contracts and other decentralized technologies.

Read details: https://thehackernews.com/2022/02/microsoft-warns-of-ice-phishing-threat.html