Interpol has arrested the leader of the SilverTerrier cybercrime syndicate, which was responsible for mass phishing attacks and Business Email Compromise (BEC) schemes against thousands of companies and individuals.

Read details: https://thehackernews.com/2022/05/interpol-arrest-leader-of-silverterrier.html

Twitter has been fined $150 million for misusing users' private data for advertising without their consent, which the company had collected for the purpose of 2-factor authentication.

Read details: https://thehackernews.com/2022/05/twitter-fined-150-million-for-misusing.htm

Tails OS maintainers advise users not to use Tor browser until two critical Firefox vulnerabilities (CVE-2022-1802 and CVE-2022-1529) are fixed with the release of version 5.1 on May 31.

Read details: https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html

Hackers are increasingly relying on free-to-use browser automation frameworks to operate malicious activities as part of their attack campaigns.

Read details: https://thehackernews.com/2022/05/hackers-increasingly-using-browser.html

WARNING: ChromeLoader malware attacks are on the rise — a persistent and pervasive web browser hijacker that uses PowerShell to inject malicious extensions and redirects traffic to malicious ads.

Read details: https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html

Quanta servers have been found vulnerable to the serious "Pantsdown" BMC vulnerability, which could allow hackers to gain full control of the server, install persistent malware, exfiltrate data, and even brick it.

Read details: https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html

Zyxel has released patches to address four vulnerabilities affecting its firewall, AP controller, and AP products that allow execution of arbitrary operating system commands and theft of selected information.

Read: https://thehackernews.com/2022/05/zyxel-issues-patches-for-4-new-flaws.html

Researchers demonstrate "GhostTouch," a new type of attack that could let attackers use electromagnetic signals to control (tap and swipe) touchscreen devices, including answering an eavesdropping call, swiping up to unlock, or entering a password.

Read: https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html

Researchers at Numen Cyber Labs have released details of a new, recently reported critical UAF RCE vulnerability affecting the Chrome dev channel and related Chromium-based web browsers.

Details: https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html

GitHub reveals that hackers behind the recent OAuth token breach gained access to login credentials of nearly 100,000 NPM users

https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html

In an unrelated issue, plaintext credentials for npm were recorded in GitHub's internal logs for an unspecified no. of users.

Microsoft discloses 4 new high-severity vulnerabilities in a framework used by pre-installed Android system apps with millions of downloads.

Read: https://thehackernews.com/2022/05/microsoft-finds-critical-bugs-in-pre.html

A 37-year-old New York man has been sentenced to four years in prison for buying stolen credit card information and working with a cybercrime cartel known as "The Infraud Organization."

Read details: https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html

FBI warns of hackers selling VPN credentials for U.S. colleges and universities in public forums and criminal marketplaces on the Internet.

Read details: https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html

A new ransomware strain called "GoodWill" forces victims to donate money and clothes to the poor and take underprivileged children to Domino's Pizza, Pizza Hut, or KFC to give them a treat.

Read details: https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.html

Researchers have spotted a new zero-day exploit for Microsoft Office in the wild that could be exploited to execute arbitrary code on affected Windows systems, even if macros are disabled.

Details: https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html

Linux-based botnet "Enemybot" has expanded its arsenal to exploit recently disclosed vulnerabilities in IoT devices, web servers, Android devices, and content management systems (CMS).

Read details: https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html

SideWinder APT hackers have been linked to more than 1,000 cyberattacks since April 2020.

Read: https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

As the mobile threat landscape evolves in 2022, new and existing banking trojans are increasingly targeting Android devices to perform on-device frauds.

Read details: https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html

Chinese APT hackers aligned with state interests have been observed weaponizing the new zero-day vulnerability in Microsoft Office to compromise affected systems.

Read details: https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

A new version of the XLoader botnet malware has been discovered that uses a probability-based approach to camouflage its command and control (C&C) infrastructure.

Read details: https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html