Researcher claims to have discovered an unpatched vulnerability in PayPal that could allow attackers to trick victims into unknowingly complete attacker-directed transactions with a single click.

Details and Demo: https://thehackernews.com/2022/05/paypal-pays-hacker-200000-for.html

***Story has been rectified.

Researchers reveal more details about the Fronton IoT botnet, finding that it is much more powerful than previously thought and capable of launching mass disinformation campaigns on social media platforms.

Read: https://thehackernews.com/2022/05/fronton-russian-iot-botnet-designed-to.html

Hackers behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection.

Read: https://thehackernews.com/2022/05/microsoft-warns-of-web-skimmers.html

Conti ransomware gang has shut down its infrastructure in favor of migrating its criminal activities to smaller cybercrime groups.

Read: https://thehackernews.com/2022/05/conti-ransomware-gang-shut-down-after.html

Researchers have uncovered the latest version of Chaos ransomware builder, dubbed "Yashma," discovered in the wild.

Read details: https://thehackernews.com/2022/05/new-chaos-ransomware-builder-variant.html

Two trojanized Python and PHP packages, "ctx" and "phpass," have been uncovered in another instance of a software supply chain attack aimed at stealing AWS credentials.

Read details: https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html

A Google security researcher has discovered a new set of vulnerabilities in Zoom video conferencing #software that could allow attackers to hack into victims' systems simply by sending them malicious messages over the XMPP protocol.

Read: https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html

Researchers have discovered a new cyberattack campaign targeting Russian government entities with at least four separate spear-phishing campaigns in an attempt to implant remote access Trojans.

Read: https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html

Find out how hackers can use "account pre-hijacking attacks" to gain unauthorized access to your online accounts even before you create them.

Read: https://thehackernews.com/2022/05/learn-how-hackers-can-hijack-your.html

Researchers have developed a new system called "Lumos" that allows users to detect hidden cameras and other IoT devices in a room and view their presence using augmented reality.

Read: https://thehackernews.com/2022/05/lumos-system-can-find-hidden-cameras.html

Interpol has arrested the leader of the SilverTerrier cybercrime syndicate, which was responsible for mass phishing attacks and Business Email Compromise (BEC) schemes against thousands of companies and individuals.

Read details: https://thehackernews.com/2022/05/interpol-arrest-leader-of-silverterrier.html

Twitter has been fined $150 million for misusing users' private data for advertising without their consent, which the company had collected for the purpose of 2-factor authentication.

Read details: https://thehackernews.com/2022/05/twitter-fined-150-million-for-misusing.htm

Tails OS maintainers advise users not to use Tor browser until two critical Firefox vulnerabilities (CVE-2022-1802 and CVE-2022-1529) are fixed with the release of version 5.1 on May 31.

Read details: https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html

Hackers are increasingly relying on free-to-use browser automation frameworks to operate malicious activities as part of their attack campaigns.

Read details: https://thehackernews.com/2022/05/hackers-increasingly-using-browser.html

WARNING: ChromeLoader malware attacks are on the rise — a persistent and pervasive web browser hijacker that uses PowerShell to inject malicious extensions and redirects traffic to malicious ads.

Read details: https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html

Quanta servers have been found vulnerable to the serious "Pantsdown" BMC vulnerability, which could allow hackers to gain full control of the server, install persistent malware, exfiltrate data, and even brick it.

Read details: https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html

Zyxel has released patches to address four vulnerabilities affecting its firewall, AP controller, and AP products that allow execution of arbitrary operating system commands and theft of selected information.

Read: https://thehackernews.com/2022/05/zyxel-issues-patches-for-4-new-flaws.html

Researchers demonstrate "GhostTouch," a new type of attack that could let attackers use electromagnetic signals to control (tap and swipe) touchscreen devices, including answering an eavesdropping call, swiping up to unlock, or entering a password.

Read: https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html

Researchers at Numen Cyber Labs have released details of a new, recently reported critical UAF RCE vulnerability affecting the Chrome dev channel and related Chromium-based web browsers.

Details: https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html

GitHub reveals that hackers behind the recent OAuth token breach gained access to login credentials of nearly 100,000 NPM users

https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html

In an unrelated issue, plaintext credentials for npm were recorded in GitHub's internal logs for an unspecified no. of users.