A new threat actor called "Hydrochasma" is suspected of carrying out an espionage campaign targeting shipping companies and medical laboratories in Asia.

Learn more: https://thehackernews.com/2023/02/hydrochasma-new-threat-actor-targets.html

Open Source ecosystem under attack again! Over 15,000 spam packages have flooded the NPM repository to distribute phishing links.

Learn more: https://thehackernews.com/2023/02/attackers-flood-npm-repository-with.html

⚠️ Attention! Apple has announced three new vulnerabilities impacting iOS, iPadOS, and macOS devices.

Read: https://thehackernews.com/2023/02/apple-warns-of-3-new-vulnerabilities.html

CVE-2023-23520 could let attackers read arbitrary files as root; and CVE-2023-23530 and CVE-2023-23531 could be used to achieve code execution.

Python developers beware! Cybersecurity researchers have found 41 malicious packages mimicking popular libraries such as HTTP, AIOHTTP, requests, urllib, and urllib3.

Learn more: https://thehackernews.com/2023/02/python-developers-warned-of-trojanized.html

A new implant, WinorDLL64, associated with North Korea-aligned Lazarus Group has been discovered. This fully-featured malware is capable of exfiltration, file overwriting, and executing PowerShell commands.

Learn more: https://thehackernews.com/2023/02/lazarus-group-using-new-winordll64.html

Watch out! A new malware campaign is targeting Facebook and YouTube users, using a new information stealer to hijack accounts and mine cryptocurrency.

Learn more: https://thehackernews.com/2023/02/new-s1deload-malware-hijacking-users.html

A new threat actor named Clasiopa is targeting materials research organizations in Asia using a distinct set of tools. Symantec suspects that the hacking group may have ties to India.

Learn more: https://thehackernews.com/2023/02/new-hacking-cluster-clasiopa-targeting.html

Protect your macOS systems from evasive cryptocurrency mining malware!

Trojanized versions of legitimate applications, including Final Cut Pro, are being used to deploy XMRig coin miner.

Read more about it here: https://thehackernews.com/2023/02/hackers-using-trojanized-macos-apps-to.html

A new study by the Mozilla Foundation reveals that majority of Android apps on the Google Play Store provide misleading or false information about their data safety labels.

Learn more: https://thehackernews.com/2023/02/majority-of-android-apps-on-google-play.html

Are you concerned about the security of your SaaS apps? With cyberattacks on the rise, it's important to be prepared.

Check out this informative article on the top SaaS challenges of 2023: https://thehackernews.com/2023/02/how-to-tackle-top-saas-challenges-of.html

CISA warns Ukrainian organizations of potential cyberattacks on the one-year anniversary of the Russian invasion of Ukraine.

Read: https://thehackernews.com/2023/02/cisa-sounds-alarm-on-cybersecurity.html

Google is collaborating with ecosystem partners to strengthen the security of firmware in microcontrollers beyond the Application Processor.

This is an essential step towards safeguarding Android devices from potential attacks.

Learn more: https://thehackernews.com/2023/02/google-teams-up-with-ecosystem-partners.html

PlugX remote access trojan has been caught disguising itself as a legitimate open source Windows debugger tool called "x64dbg" to gain control of target systems.

Read details: https://thehackernews.com/2023/02/plugx-trojan-disguised-as-legitimate.html

Dutch police arrest three hackers in connection with a large-scale criminal operation involving data theft, extortion, and money laundering operation.

Read: https://thehackernews.com/2023/02/dutch-police-arrest-3-hackers-involved.html

Government entities in Asia-Pacific and North America are being targeted with an off-the-shelf malware downloader known as PureCrypter, which delivers information stealers and #ransomware.

Learn more: https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html

A new ChromeLoader malware campaign is being distributed via virtual hard disk (VHD) files, marked as hacks or cracks for Nintendo and Steam games.

Learn more: https://thehackernews.com/2023/02/chromeloader-malware-targeting-gamers.html

🚨 Researchers have uncovered crucial insights into the inner workings of RIG Exploit Kit and its administrators.

Learn more: https://thehackernews.com/2023/02/researchers-share-new-insights-into-rig.html

PRODAFT team has acquired vital information on infrastructure, malware distribution, and targeting techniques.

🚨 Alert: LastPass has revealed a second attack that compromised encrypted password vaults.

It was a result of a keylogger on a DevOps engineer's home PC, info from a third-party data breach, and a vulnerability in a third-party software package.

https://thehackernews.com/2023/02/lastpass-reveals-second-attack.html

CISA has added a high-severity flaw affecting the open source ZK Java Web Framework to its KEV catalog based on evidence of active exploitation.

Learn more: https://thehackernews.com/2023/02/cisa-issues-warning-on-active.html

Blind Eagle, a notorious hacker group, has launched a new campaign targeting key industries (health, finance, law enforcement, immigration & peace organizations) in Colombia, Ecuador, Chile, and Spain.

Read: https://thehackernews.com/2023/02/apt-c-36-strikes-again-blind-eagle.html