🚨 HotRat, a dangerous variant of the AsyncRAT malware, is spreading through pirated versions of popular software and games.

Read: https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Chinese nation-state actor Storm-0558's attack on Microsoft's email infrastructure is more extensive than previously believed. Researchers at Wiz reveal the scope, which included forging access tokens for various Azure AD applications!

Read: https://thehackernews.com/2023/07/azure-ad-token-forging-technique-in.html

🔒 Apple takes a strong stand for data security & privacy, warning it might stop offering iMessage and FaceTime in the U.K. rather than compromise on encryption, opposing new digital surveillance proposals.

Details: https://thehackernews.com/2023/07/apple-threatens-to-pull-imessage-and.html

⚠️ Researchers uncover first-ever open-source software supply chain attacks targeting banks!

🏦 Malware authors posed as employees, tricked users with preinstall scripts, and cleverly used Azure's CDN subdomains.

Read details: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

🔒 Heads up, techies! A new vulnerability (CVE-2023-38408) has been uncovered in OpenSSH that can enable attackers to execute arbitrary commands remotely.

Don't wait—update now and keep your system secure.

Read: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

📢 Google announces support for cross-platform end-to-end encryption 🔒 with MLS protocol on its 💬 messages service for Android. Secure communication, regardless of the messaging platform used.

Read details here: https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html

Zero-day vulnerabilities (CVE-2023-26077 and CVE-2023-26078) found in Atera remote monitoring software's Windows Installers can lead to privilege escalation attacks.

Read details: https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html

🔐 Apple has released urgent patches to address multiple vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and Safari.

This includes a critical 0-day bug (CVE-2023-38606) actively exploited in the wild.

https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

Make sure to update your devices ASAP!

⚠️ Attention IT Admins — Ivanti warns of a zero-day vulnerability (CVE-2023-35078) in Endpoint Manager Mobile (EPMM) software.

Read details: https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html

Patch ASAP to protect against unauthorized access and data breaches.

⚠️ Atlassian addresses critical vulnerabilities (CVE-2023-22505, CVE-2023-22508 and CVE-2023-22506) in Confluence Server, Data Center, and Bamboo Data Center.

Read: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html

Update now to protect against remote code execution attacks.

⚡ A serious security flaw has been found in AMD's Zen 2 processors, putting sensitive data at risk!

Discover the details of Zenbleed (CVE-2023-20593) – a speculative execution attack that allows data exfiltration at 30 kb/core/second.

Read: https://thehackernews.com/2023/07/zenbleed-new-flaw-in-amd-zen-2.html

🚨 TETRA:BURST — A series of critical vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard used by government entities and critical infrastructure worldwide, including a potential intentional backdoor!

Details: https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html

🦠 New banking malware alert!

Casbaneiro threat actors are evolving their tactics to avoid detection. A User Account Control (UAC) bypass technique grants them full admin privileges on compromised machines.

Read: https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html

Did you know? 57% of Apple users still believe that malware does not exist on macOS.

Cyber threats are real, even for Mac users! Hackers are targeting Apple devices with dangerous malware like Geacon and MacStealer.

Learn more: https://thehackernews.com/2023/07/macos-under-attack-examining-growing.html

💪 Be informed, use strong passwords, and keep your software updated.

North Korean state actors linked to the RGB have been identified in the JumpCloud hack! An OPSEC mistake exposed their IP address.

Find details here: https://thehackernews.com/2023/07/north-korean-nation-state-actors.html

The new report also uncovers the use of malicious Ruby scripts and payloads like FULLHOUSE.DOORED, STRATOFEAR, and TIEDYE.

🚨 Heads up, network admins!

MikroTik RouterOS vulnerability (CVE-2023-30799) exposes 500,000+ systems to potential exploitation!

Read: https://thehackernews.com/2023/07/critical-mikrotik-routeros.html

Upgrade to RouterOS 6.49.8 or 7.x ASAP!

🚨 Security Alert: A new malware family called Realst is targeting Apple macOS systems, including macOS 14 Sonoma! Written in Rust programming language, it empties cryptocurrency wallets & steals passwords.

Find details here: https://thehackernews.com/2023/07/rust-based-realst-infostealer-targeting.html

FraudGPT, the latest cybercrime AI tool, is being sold on dark web marketplaces and Telegram channels. It is claimed that it can create undetectable malware and craft convincing phishing emails.

Read: https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html

🚨 ALERT: Fenix, a Mexico-based cybercrime group, is targeting taxpayers in Mexico and Chile by cloning official tax portals to steal sensitive data.

Read: https://thehackernews.com/2023/07/fenix-cybercrime-group-poses-as-tax.html

Decoy Dog, a powerful malware, outperforms the Pupy RAT, featuring previously unknown capabilities. It can maintain communication with compromised machines and evade detection for extended periods.

Read details: https://thehackernews.com/2023/07/decoy-dog-new-breed-of-malware-posing.html