A 19-year-old Sydney teenager has been arrested for allegedly using leaked Optus telecom data to extort victims in SMS scams.

Read: https://thehackernews.com/2022/10/19-year-old-hacker-arrested-for-using.html

A hacker group called "LofyGang" distributed nearly 200 trojanized packages on the NPM open source repository that steals users' credit card information.

Read: https://thehackernews.com/2022/10/lofygang-distributed-200-malicious-npm.html

A researcher warns of a new stealth phishing attack technique that could allow hackers to use the application mode feature in Chromium-based web browsers to create "realistic desktop phishing applications."

Read: https://thehackernews.com/2022/10/hackers-can-use-app-mode-in-chromium.html

As part of another BYOVD attack, BlackByte ransomware exploits a flaw in a legitimate Windows driver to bypass security software.

Read: https://thehackernews.com/2022/10/blackbyte-ransomware-abuses-vulnerable.html

Meta security team has identified more than 400 malicious Android and $iOS apps that have stolen users' Facebook login credentials.

Read: https://thehackernews.com/2022/10/facebook-detects-400-android-and-ios.html

Fortinet has privately warned its customers about a new authentication bypass vulnerability (CVE-2022-40684) affecting FortiGate firewalls and FortiProxy web proxies.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-new-auth-bypass-flaw.html

Microsoft has released an improved mitigation method to prevent exploitation attempts against recently disclosed unpatched Exchange server vulnerabilities (CVE-2022-41040 and CVE-2022-41082).

Read: https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html

Hackers are exploiting a severe UNPATCHED remote code execution vulnerability (CVE-2022-41352) in Zimbra enterprise collaboration software and email platform.

Read: https://thehackernews.com/2022/10/hackers-exploiting-unpatched-rce-flaw.html

Hackers stole 100 million worth of cryptocurrency from a Binance-linked blockchain.

Read: https://thehackernews.com/2022/10/hackers-steal-100-million.html

Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked after it was posted on 4chan and GitHub by an unknown third-party.

Read: https://thehackernews.com/2022/10/intel-confirms-leak-of-alder-lake-bios.html

A new report reveals Emotet's latest malware delivery and evasion techniques used in recent cyberattacks.

Read: https://thehackernews.com/2022/10/new-report-uncovers-emotets-delivery.html

Researchers have outlined the increasingly sophisticated malware tools employed by a cyber espionage group called "Earth Aughisky."

Read: https://thehackernews.com/2022/10/researchers-detail-malicious-tools-used.html

Fortinet warns that the newly discovered critical vulnerability affecting its firewall and proxy products is being actively exploited in the wild.

Read: https://thehackernews.com/2022/10/fortinet-warns-of-active-exploitation.html

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale their attacks and spread malicious payloads.

Read: https://thehackernews.com/2022/10/researchers-warn-of-new-phishing-as.html

Researchers warn of a recently reported critical RCE vulnerability (CVE-2022-36067 / CVSS 10) in the popular vm2 JavaScript sandbox module that could be exploited by hackers to overcome security barriers and perform arbitrary operations.

Read: https://thehackernews.com/2022/10/researchers-detail-critical-rce-flaw.html

A new report shows how BazaCall callback phishing attack operators keep updating their social engineering tactics to deploy malware on targeted networks.

Read: https://thehackernews.com/2022/10/bazarcall-callback-phishing-attacks.html

A critical vulnerability (CVE-2022-38465 / CVSS 9.3) in Siemens Simatic programmable logic controllers (PLCs) can enable attackers to access hard-coded private cryptographic keys and bypass access controls.

Read: https://thehackernews.com/2022/10/critical-bug-in-siemens-simatic-plcs.html

Microsoft's Patch Tuesday updates this month fix 85 vulnerabilities, including an actively exploited Windows Zero Day vulnerability, but no patches yet for in-the-wild exploited Exchange Server vulnerabilities.

Read: https://thehackernews.com/2022/10/microsoft-patch-tuesday-fixes-new.html

Google is rolling out support for passkeys, the next-generation passwordless authentication standard, to both Android and Chrome.

Read: https://thehackernews.com/2022/10/google-rolling-out-passkey-passwordless.html

Cyber criminals are resorting to voice phishing tactics (vishing) to trick their victims into installing Android banking malware on their devices.

Read: https://thehackernews.com/2022/10/hackers-using-vishing-tactics-to-trick.html