Microsoft exposes a surge in 🔒 credential-stealing attacks by Russian hacker group Midnight Blizzard. These hackers employ residential proxy services to conceal their targeting of governments, defense, and critical sectors.

Details: https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

A Japanese cryptocurrency exchange fell victim to a recent cyberattack, deploying the stealthy JokerSpy backdoor on Apple macOS.

Find out how this sophisticated toolkit targets macOS machines: https://thehackernews.com/2023/06/japanese-cryptocurrency-exchange-falls.html

Did you know that generative AI tools can lead to data leaks? Protect your organization from inadvertent data exposure and breaches.

Discover effective strategies for securing your SaaS environment from AI-related risks.

Read: https://thehackernews.com/2023/06/how-generative-ai-can-dupe-saas.html

🔒 Researchers have uncovered an ingenious side-channel attack that can recover secret keys from a device using video footage of its power LED.

Find out how threat actors exploit this: https://thehackernews.com/2023/06/researchers-find-way-to-recover.html

⚡️ Urgent security alert! Fortinet has released urgent updates to fix a critical vulnerability (CVE-2023-33299) in FortiNAC, exposing networks to arbitrary code execution.

Learn more: https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html

🚨 Alert! Anatsa banking trojan apps, distributed via Google Play Store, have infected 30,000+ users in the U.S., U.K., Germany, and Switzerland.

Read: https://thehackernews.com/2023/06/anatsa-banking-trojan-targeting-users.html

Exploiting Android accessibility services API, it bypasses fraud controls to hijack transactions.

⚡The takedown of EncroChat, the infamous encrypted phone network used by organized crime, results in 6,558 global arrests and the recovery of €900 million in illicit funds.

Read details: https://thehackernews.com/2023/06/encrochat-bust-leads-to-6558-criminals.html

🔒 Brace yourself for the new Mockingjay process injection technique! This advanced method enables hackers to execute malicious code undetected, bypassing traditional detection mechanisms.

Read details: https://thehackernews.com/2023/06/new-mockingjay-process-injection.html

Asset discovery alone won't cut it in the battle against cyber threats! Uncover the weaknesses and vulnerabilities lurking in your attack surface. Attack Surface Management (ASM) integrates vulnerability prioritization and remediation.

https://thehackernews.com/2023/06/beyond-asset-discovery-how-attack.html

New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.

Discover details here: https://thehackernews.com/2023/06/new-ongoing-campaign-targets-npm.html

Critical SQL injection vulnerabilities found in Gentoo Soko! Exploiting these flaws could lead to remote code execution (RCE) on affected systems.

Discover the details: https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html

A new ransomware threat called 8Base has emerged from the shadows with a "massive spike in activity."

Find out how this group utilizes encryption and 'name-and-shame' techniques to compel victims to pay ransoms.

Details: https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html

CryptosLabs scam ring exposed, amassing €480 million in illegal profits! French-speaking individuals in France, Belgium, and Luxembourg targeted since 2018.

Learn about their tactics: https://thehackernews.com/2023/06/cryptoslabs-scam-ring-targets-french.html

Your drone may be vulnerable! New research reveals electromagnetic fault injection attacks can gain control of drones during firmware updates.

Read: https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html

🔒 Discover the newly unearthed Windows-based information stealer, ThirdEye! This malware operates stealthily, harvesting sensitive data from infected hosts.

Read more: https://thehackernews.com/2023/06/newly-uncovered-thirdeye-windows-based.html

🚨 A critical flaw in miniOrange's Social Login and Register plugin for WordPress has been exposed, allowing hackers to log in as any user.

Read details: https://thehackernews.com/2023/06/critical-security-flaw-in-social-login.html

Update to version 7.6.5 or later NOW to protect your site!

LetMeSpy, an Android phone monitoring app, suffers a major security breach, compromising sensitive data of thousands. Personal information, messages, and more accessed by unauthorized third-party.

Learn more: https://thehackernews.com/2023/06/android-spy-app-letmespy-suffers-major.html

Andariel, affiliated with North Korea's Lazarus Group, strikes with EarlyRat #malware exploiting Log4j vulnerability.

Learn how they compromise systems: https://thehackernews.com/2023/06/north-korean-hacker-group-andariel.html

⚠️ Attention Android users!

Fluhorse has evolved and become more sophisticated. It conceals its encrypted payload and listens to your SMS messages.

Read details: https://thehackernews.com/2023/06/fluhorse-flutter-based-android-malware.html

Iranian state-sponsored group, MuddyWater, deploys new PhonyC2 framework in targeted cyber attacks. New findings reveal connections to Technion breach and ongoing PaperCut server exploitation.

Details: https://thehackernews.com/2023/06/from-muddyc3-to-phonyc2-irans.html