Researchers have developed a new open-source framework — called YODA — that helps detect 47,000 malicious WordPress plugins installed on more than 24,000 websites.

Read details: https://thehackernews.com/2022/06/yoda-tool-found-47000-malicious.html

A new unpatched vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve RCE on the email server simply by sending a specially crafted email to a victim.

Read: https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html

U.S. Department of Justice seizes 3 web domains used by cybercriminals to trade stolen information and offer DDoS services.

Read — https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

SideWinder hackers have added a new custom tool and fake VPN apps to their arsenal of malware tools used to attack public and private entities in Pakistan.

Read details: https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html

Researchers have discovered a new security flaw in UNISOC's chipset that can be used to disrupt smartphone radio communications through a malformed packet.

Read details: https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html

ExpressVPN is removing its India-based VPN servers in response to a new cybersecurity directive from India's Computer Emergency Response Team (CERT-In) that requires all VPN providers to store users' data for at least 5 years.

Read: https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html

Researchers demonstrate R4IoT ransomware that exploits IoT devices to gain access and move laterally in an IT network and compromise the OT network.

Read details: https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html

An analysis of leaked chats from the notorious Conti ransomware group has now revealed that the syndicate has been working on a set of firmware-based attack techniques.

Read details: https://thehackernews.com/2022/06/conti-leaks-reveal-ransomware-gangs.html

Microsoft has blocked the hacking activities of previously undocumented Iran-linked Lebanese hackers targeting Israeli companies.

Read details: https://thehackernews.com/2022/06/microsoft-blocks-iran-linked-lebanese.html

Researchers have uncovered a critical unpatched RCE vulnerability (CVE-2022-26134) affecting Atlassian Confluence Server and Data Center products that is being actively exploited by hackers.

Read details: https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html

Researchers have uncovered JavaScript malware and variants behind a network of thousands of hacked websites powering the Parrot Traffic Direction System (TDS) revealed earlier this year.

Details: https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

GitLab releases patch for a critical account takeover vulnerability (CVE-2022-1680) affecting all versions of Enterprise Edition from 11.10 before 14.9.5, all versions from 14.10 before 14.10.4, and all versions from 15.0 before 15.0.1.

Read: https://thehackernews.com/2022/06/gitlab-issues-security-patch-for.html

Atlassian has released a security patch that addresses a critical vulnerability (CVE-2022-26134) in Confluence Server and Data Center products that is being actively exploited by attackers.

Read details: https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html

Researchers discover a new state-sponsored attack that exploits the "Follina" vulnerability in Microsoft Office to target government entities in Europe and the United States.

Read details: https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html

CISA has issued a warning about critical vulnerabilities in Illumina DNA Sequencing devices that could allow unauthenticated attackers to remotely take control of the affected product.

Read details: https://thehackernews.com/2022/06/cisa-warned-about-critical.html

Microsoft said it has taken legal action to stop spear-phishing campaigns associated with Iranian Bohrium hackers by taking over 41 domains used as command-and-control infrastructure.

Read details: https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html

Two unpatched security vulnerabilities have been disclosed in the open-source U-Boot bootloader used by Linux-based embedded systems, such as ChromeOS, and ebook readers like the Amazon Kindle and Kobo eReader.

Read details: https://thehackernews.com/2022/06/unpatched-critical-flaws-disclosed-in-u.html

10 of the most prolific banking Trojans targeting a wide range of applications available on the Google Play Store and used by over a billion people in total.

Read details: https://thehackernews.com/2022/06/10-most-prolific-banking-trojans.html

Apple has introduced a "Rapid Security Response" feature in iOS16 and macOS Ventura that automatically installs security updates without requiring you to download & install a full OS update and reboot your system.

Details: https://thehackernews.com/2022/06/apples-new-feature-will-install.html

Researchers warn of a new spam campaign distributing SVCReady malware to target its victims.

Read details: https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html