Researchers report GhostToken vulnerability in Google Cloud Platform, allowing threat actors to hide malicious apps in victim's Google account.

Read details: https://thehackernews.com/2023/04/ghosttoken-flaw-could-let-attackers.html

Heads up, Kubernetes users! A large-scale attack campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) has been discovered, leading to backdoors and cryptocurrency miners.

Read details: https://thehackernews.com/2023/04/kubernetes-rbac-exploited-in-large.html

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 3 vulnerabilities to its KEV catalog due to active exploitation!

Read details: https://thehackernews.com/2023/04/cisa-adds-3-actively-exploited-flaws-to.html

✅ CVE-2023-28432
✅ CVE-2023-27350
✅ CVE-2023-2136

⚡ Lazarus group's compromise of X_TRADER app not only led to the 3CX supply chain attack but also impacted power and energy sectors & financial trading businesses.

Read details: https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html

PaperCut, a print management software provider, has warned about ongoing exploitation of unpatched servers, potentially by Russian hackers, to gain persistent access and execute malicious code on infected hosts.

Read details: https://thehackernews.com/2023/04/russian-hackers-suspected-in-ongoing.html

A new malware called "EvilExtractor" has been spotted in the wild, stealing data and files from Windows systems. It's being sold on cybercrime forums and marketed as an educational tool.

Read details: https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html

Hackers are exploiting an outdated WordPress plugin, Eval PHP, to secretly backdoor websites in an ongoing campaign.

Read: https://thehackernews.com/2023/04/hackers-exploit-outdated-wordpress.html

⚡ Ransomware attackers are utilizing a new "defense evasion tool" called AuKill to deactivate EDR software using a BYOVD attack.

Learn more: https://thehackernews.com/2023/04/ransomware-hackers-using-aukill-tool-to.html

Russian-speaking threat actor behind Tomiris is focused on gathering intelligence in Central Asia, primarily targeting government and diplomatic entities.

Read details: https://thehackernews.com/2023/04/russian-hackers-tomiris-targeting.html

🔥 Google Cloud launches Security AI Workbench, powered by Sec-PaLM, a large language model fine-tuned for threat detection, incident analysis, and analytics to provide actionable intelligence for countering infections.

Details: https://thehackernews.com/2023/04/google-cloud-introduces-security-ai.html

🔒 Google's Authenticator app just got a major upgrade!

The new sync option lets users back up their time-based one-time passwords (TOTPs) to the cloud, so you never lose access to your accounts.

Read details: https://thehackernews.com/2023/04/google-authenticator-app-gets-cloud.html

BlueNoroff, a suspected subgroup of Lazarus Group, is now targeting Apple's macOS with new malware RustBucket, highlighting hackers' expanding toolsets for cross-platform threats.

Learn more: https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html

ALERT: Iranian hackers have been linked to a new wave of phishing attacks targeting Israel, using an updated version of a backdoor called PowerLess.

Read details: https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html

🔥 New SLP protocol vulnerability (CVE-2023-29552) could be weaponized for massive DoS amplification attacks with an amplification factor of up to 2,200.

Learn more: https://thehackernews.com/2023/04/new-slp-vulnerability-could-let.html

More than 2,000 global organizations and 54,000 SLP instances are said to be affected.

Heads up VMware users!

Make sure to update your Workstation and Fusion software as the company has released updates to fix several security flaws, including a critical buffer-overflow vulnerability (CVE-2023-20869).

Read details: https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html

🚨 A dangerous default configuration in Apache Superset has been discovered, which could allow attackers to gain RCE, harvest credentials, and compromise data.

For more details, read about CVE-2023-27524 at https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html

To fix this issue, upgrade to version 2.1.

Evasive Panda, a Chinese APT group, targets international NGOs in Mainland China with the MgBot modular malware framework to steal files, log keystrokes, harvest clipboard data, and record audio streams.

Read details: https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html

Alert! Charming Kitten, the Iranian nation-state group, strikes again! This time, with a new malware named "BellaCiao," capable of delivering customized malware payloads.

Learn more about this latest threat: https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html

Chinese threat actor Alloy Taurus has been caught using a Linux variant of a backdoor called PingPull to target financial institutions and government entities.

Find out more about their latest cyber activity: https://thehackernews.com/2023/04/chinese-hackers-using-pingpull-linux.html

Microsoft confirms active exploitation of PaperCut servers linked to Cl0p and LockBit ransomware attacks. Threat actor Lace Tempest identified as the main culprit, overlapping with FIN11, TA505, and Evil Corp.

Learn more : https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html