Researchers warn that a recently discovered critical vulnerability in Atlassian Confluence (CVE-2022-26138) is currently being exploited in the wild.

Read: https://thehackernews.com/2022/07/latest-critical-atlassian-confluence.html

Spanish law enforcement authorities have arrested 2 former employees of a Nuclear Power Plant in connection with a cyberattack on the country's radioactivity alert system.

Read details: https://thehackernews.com/2022/07/spanish-police-arrest-2-nuclear-power.html

Researchers have discovered a new vulnerability (CVE-2022-30563) in Dahua IP cameras that can be exploited by remote attackers to compromise the cameras.

Read details: https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html

Researchers warn of an increase in phishing attacks leveraging the IPFS decentralized peer-to-peer file storage network.

Read details: https://thehackernews.com/2022/07/researchers-warns-of-increase-in.html

Over a dozen Android apps distributed via Google Play Store & masquerading as productivity & utility apps—such as document scanners, VPN services & call recorders—have been caught infecting users' devices with banking #malware.

Read: https://thehackernews.com/2022/07/over-dozen-android-apps-on-google-play.html

Atlassian Confluence hard-coded credential vulnerability is now listed in the CISA Known Exploited Vulnerabilities Catalog following reports of active exploitation.

Read details: https://thehackernews.com/2022/07/cisa-warns-of-atlassian-confluence-hard.html

North Korean hackers have been spotted using malicious extensions for Chromium-based web browsers (Google Chrome, Microsoft Edge, and Naver's Whale) to steal email content from Gmail and AOL accounts.

Read: https://thehackernews.com/2022/07/north-korean-hackers-using-malicious.html

Microsoft finds a potential connection between the USB-based Raspberry Robin worm and a notorious Russian cybercrime group known as Evil Corp.

Read details: https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html

Operators of Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims.

Read details: https://thehackernews.com/2022/07/gootkit-loader-resurfaces-with-updated.html

A 24-year-old Australian hacker has been charged with developing and selling the "Imminent Monitor" spyware to more than 14,500 people in 128 countries, including perpetrators of domestic violence and child sex offenders.

Read: https://thehackernews.com/2022/07/australian-hacker-charged-with-creating.html

Researchers from CloudSEK found that nearly 3,200 mobile apps expose their Twitter API keys, some of which can be used to gain unauthorized access to Twitter accounts.

Read details: https://thehackernews.com/2022/08/researchers-discover-nearly-3200-mobile.html

LockBit ransomware has been observed abusing Microsoft Windows Defender tool to decrypt and load Cobalt Strike payloads on targeted computers.

Read details: https://thehackernews.com/2022/08/lockbit-ransomware-abuses-windows.html

Researchers have discovered a new "New ParseThru" parameter smuggling vulnerability affecting GoLang-based apps that can be exploited to bypass validations under certain conditions and could also be used to gain unauthorized access.

Read: https://thehackernews.com/2022/08/new-parsethru-parameter-smuggling.html

Researchers have discovered a new offensive hacking framework called Manjusaka, which they call the "Chinese sibling of Sliver and Cobalt Strike."

Read: https://thehackernews.com/2022/08/chinese-hackers-using-new-manjusaka.html

VMware releases security patches to address 10 new vulnerabilities affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions.

Read: https://thehackernews.com/2022/08/vmware-releases-patches-for-several-new.html

Researchers warn of a new, large-scale phishing campaign in which hackers have been observed using AitM techniques to get around security protections and compromise enterprise email accounts.

Read details: https://thehackernews.com/2022/08/researchers-warns-of-large-scale-aitm.html

VirusTotal reveals the list of the most commonly impersonated software in malware attacks.

Read details: https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html

It took researchers about 62 minutes to crack a late-stage Post-Quantum encryption candidate algorithm using a single-core CPU.

Read details: https://thehackernews.com/2022/08/single-core-cpu-cracked-post-quantum.html

Cisco rolls out security patches to address new vulnerabilities affecting small business routers, the most critical of which could allow attackers to execute malicious code.

Read details: https://thehackernews.com/2022/08/cisco-business-routers-found-vulnerable.html

Hackers "likely" exploited a vulnerability in Atlassian Confluence server to deploy a never-before-seen backdoor for espionage purposes against a research and technical services organization.

Read details: https://thehackernews.com/2022/08/hackers-exploited-atlassian-confluence.html