Two trojanized Python and PHP packages, "ctx" and "phpass," have been uncovered in another instance of a software supply chain attack aimed at stealing AWS credentials.

Read details: https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html

A Google security researcher has discovered a new set of vulnerabilities in Zoom video conferencing #software that could allow attackers to hack into victims' systems simply by sending them malicious messages over the XMPP protocol.

Read: https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html

Researchers have discovered a new cyberattack campaign targeting Russian government entities with at least four separate spear-phishing campaigns in an attempt to implant remote access Trojans.

Read: https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html

Find out how hackers can use "account pre-hijacking attacks" to gain unauthorized access to your online accounts even before you create them.

Read: https://thehackernews.com/2022/05/learn-how-hackers-can-hijack-your.html

Researchers have developed a new system called "Lumos" that allows users to detect hidden cameras and other IoT devices in a room and view their presence using augmented reality.

Read: https://thehackernews.com/2022/05/lumos-system-can-find-hidden-cameras.html

Interpol has arrested the leader of the SilverTerrier cybercrime syndicate, which was responsible for mass phishing attacks and Business Email Compromise (BEC) schemes against thousands of companies and individuals.

Read details: https://thehackernews.com/2022/05/interpol-arrest-leader-of-silverterrier.html

Twitter has been fined $150 million for misusing users' private data for advertising without their consent, which the company had collected for the purpose of 2-factor authentication.

Read details: https://thehackernews.com/2022/05/twitter-fined-150-million-for-misusing.htm

Tails OS maintainers advise users not to use Tor browser until two critical Firefox vulnerabilities (CVE-2022-1802 and CVE-2022-1529) are fixed with the release of version 5.1 on May 31.

Read details: https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html

Hackers are increasingly relying on free-to-use browser automation frameworks to operate malicious activities as part of their attack campaigns.

Read details: https://thehackernews.com/2022/05/hackers-increasingly-using-browser.html

WARNING: ChromeLoader malware attacks are on the rise — a persistent and pervasive web browser hijacker that uses PowerShell to inject malicious extensions and redirects traffic to malicious ads.

Read details: https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html

Quanta servers have been found vulnerable to the serious "Pantsdown" BMC vulnerability, which could allow hackers to gain full control of the server, install persistent malware, exfiltrate data, and even brick it.

Read details: https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html

Zyxel has released patches to address four vulnerabilities affecting its firewall, AP controller, and AP products that allow execution of arbitrary operating system commands and theft of selected information.

Read: https://thehackernews.com/2022/05/zyxel-issues-patches-for-4-new-flaws.html

Researchers demonstrate "GhostTouch," a new type of attack that could let attackers use electromagnetic signals to control (tap and swipe) touchscreen devices, including answering an eavesdropping call, swiping up to unlock, or entering a password.

Read: https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html

Researchers at Numen Cyber Labs have released details of a new, recently reported critical UAF RCE vulnerability affecting the Chrome dev channel and related Chromium-based web browsers.

Details: https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html

GitHub reveals that hackers behind the recent OAuth token breach gained access to login credentials of nearly 100,000 NPM users

https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html

In an unrelated issue, plaintext credentials for npm were recorded in GitHub's internal logs for an unspecified no. of users.

Microsoft discloses 4 new high-severity vulnerabilities in a framework used by pre-installed Android system apps with millions of downloads.

Read: https://thehackernews.com/2022/05/microsoft-finds-critical-bugs-in-pre.html

A 37-year-old New York man has been sentenced to four years in prison for buying stolen credit card information and working with a cybercrime cartel known as "The Infraud Organization."

Read details: https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html

FBI warns of hackers selling VPN credentials for U.S. colleges and universities in public forums and criminal marketplaces on the Internet.

Read details: https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html

A new ransomware strain called "GoodWill" forces victims to donate money and clothes to the poor and take underprivileged children to Domino's Pizza, Pizza Hut, or KFC to give them a treat.

Read details: https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.html

Researchers have spotted a new zero-day exploit for Microsoft Office in the wild that could be exploited to execute arbitrary code on affected Windows systems, even if macros are disabled.

Details: https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html