Researchers have identified multiple malicious Python packages designed to steal AWS credentials and environment variables.

https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html

What is more worrying is that they upload sensitive, stolen data to a publicly accessible server.

Google believes that ISPs may have helped attackers infect the Android and iPhone smartphones of high-profile victims with "Hermit" spyware.

Read details: https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html

Researchers reveal that ransomware hackers used a zero-day vulnerability in Mitel VoIP appliances as an entry point to infiltrate an undisclosed company.

Read details: https://thehackernews.com/2022/06/hackers-exploit-mitel-voip-zero-day-bug.html

Researchers warn of a new malware campaign driven by "Matanbuchus," a malware-as-a-service (Maas) that spreads via phishing campaigns and drops the Cobalt Strike post-exploitation framework on targeted machines.

Read: https://thehackernews.com/2022/06/researchers-warn-of-matanbuchus-malware.html

If you're using Google Analytics, you're likely breaking EU data protection laws.

Following in the footsteps of Austria and France, the Italian watchdog has also found that the use of Google Analytics to be non-compliant with EU regulations.

https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html

CODESYS has released security patches to address 11 newly identified vulnerabilities that could lead to information disclosure and a denial of service (DoS) condition, among others.

Read details: https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html

Cybersecurity experts warn of "Black Basta" ransomware that attacked dozens of companies in the U.S., Canada, U.K., Australia, and New Zealand within 2 months of its emergence, making it a prominent threat in a short period of time.

Read: https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html

Researchers have discovered a new Android banking trojan — dubbed "Revive" — targeting customers of the Spanish financial services company BBVA.

Read details: https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html

A remote memory-corruption vulnerability has been discovered in the latest version of OpenSSL library that can be exploited very easily by an attacker.

Read: https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html

"If RCE exploitation is possible, this makes it worse than Heartbleed..."

APT hackers are exploiting unpatched Microsoft Exchange servers as an initial access vector to deploy ShadowPad malware on building automation systems.

Read details: https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html

Researchers warn of a new malware, dubbed ZuoRAT, targeting small office/home office routers (SOHO) as part of a sophisticated campaign to spy on North American and European networks.

Read details: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html

U.S. cybersecurity agency CISA has added the "PwnKit" Linux vulnerability to its catalog of known exploited vulnerabilities, citing evidence of active exploitation.

Details: https://thehackernews.com/2022/06/cisa-warns-of-active-exploitation-of.html

Researchers reveal details about a new vulnerability in Microsoft's Azure Service Fabric that could be exploited to gain elevated privileges on Linux workloads and take control of all nodes in a cluster.

Details: https://thehackernews.com/2022/06/new-fabricscape-bug-in-microsoft-azure.html

A new vulnerability (CVE-2022-30333) has been discovered in RARlab's UnRAR utility that also affects several other applications using it, including Zimbra Mail.

https://thehackernews.com/2022/06/new-unrar-vulnerability-could-let.html

The flaw allows remote attackers to execute arbitrary code on vulnerable Zimbra instances.

Researchers are warning about a new malware, dubbed YTStealer, believed to be sold as a service on the dark web, that allows cybercriminals to hijack YouTube content creator accounts by stealing their authentication cookies.

Details: https://thehackernews.com/2022/06/new-ytstealer-malware-aims-to-hijack.html

North Korean-backed hacker collective Lazarus Group is suspected of being behind the recent $100 million altcoin theft from Harmony Horizon Bridge.

Read: https://thehackernews.com/2022/06/north-korean-hackers-suspected-to-be.html

A former Canadian government employee has pleaded guilty in the U.S. to hacking charges related to his involvement in the NetWalker ransomware syndicate.

Details: https://thehackernews.com/2022/06/ex-canadian-government-employee-pleads.html

FCC Commissioner Brendan Carr has asked Apple and Google to remove the popular video-sharing platform TikTok from their app stores, citing a threat to national security because it has "a pattern of surreptitious data practices"

Read: https://thehackernews.com/2022/06/us-fcc-commissioner-asks-apple-and.html

Microsoft warns of a Chinese hacking group that recently updated its malware tools to compromise Linux servers with the goal of installing cryptocurrency mining software as part of a long-running campaign.

Details: https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html

Amazon has quietly patched a serious security vulnerability affecting its Photos app for Android that could have been exploited to steal a users' access tokens.

Details: https://thehackernews.com/2022/07/amazon-quietly-patches-high-severity.html