💻🔒 Beware of the latest phishing attack! Attackers are using Microsoft Word docs to spread malware like Agent Tesla, OriginBotnet, and RedLine Clipper.

Learn more about this threat: https://thehackernews.com/2023/09/sophisticated-phishing-campaign.html

🚨 New GitHub Security Alert!

A race condition vulnerability in GitHub could have over 4,000 code packages to repojacking attacks! Learn how this threat could have impacted the open-source community.

Read: https://thehackernews.com/2023/09/critical-github-vulnerability-exposes.html

Your SaaS apps could be a breeding ground for cyber threats.

Find out how CISOs and IT teams are prioritizing SaaS security in this comprehensive article.

Read: https://thehackernews.com/2023/09/7-steps-to-kickstart-your-saas-security.html

⚠️ Critical Security Update: Mozilla is urgently fixing a zero-day vulnerability (CVE-2023-4863), actively exploited in browsers. It can be triggered by tricking victims into opening a malicious WebP image.

Read: https://thehackernews.com/2023/09/mozilla-rushes-to-patch-webp-critical.html

⚠️ Urgent: Adobe's September 2023 update addresses a new zero-day vulnerability (CVE-2023-26369) in Acrobat and Reader that attackers are exploiting in the wild.

Read: https://thehackernews.com/2023/09/update-adobe-acrobat-and-reader-to.html

⚡️September 2023 Patch Tuesday — Microsoft addresses 59 bugs, including actively exploited zero-day flaws.

Read: https://thehackernews.com/2023/09/microsoft-releases-patch-for-two-new.html

Microsoft sounds the alarm on Storm-0324's tactics, luring its prey through Teams messages to breach corporate networks.

Read: https://thehackernews.com/2023/09/microsoft-warns-of-new-phishing.html

The New Battlefield: Cyberattacks have transformed warfare, with nations like Russia, China, and North Korea wielding digital weapons. Explore the tactics, threats, and global implications of this evolving digital force.

Read: https://thehackernews.com/2023/09/how-cyberattacks-are-transforming.html

A new ransomware, 3AM, has emerged! It's written in Rust and aims to encrypt files while deleting Volume Shadow copies.

Read: https://thehackernews.com/2023/09/rust-written-3am-ransomware-sneak-peek.html

Microsoft Azure HDInsight service had 8 XSS vulnerabilities. Learn how they could lead to data breaches, session hijacking attacks, and impact your organization.

Read: https://thehackernews.com/2023/09/researchers-detail-8-vulnerabilities-in.html

Identity is the New Endpoint: Mastering SaaS Security in the Modern Age

Dive deep into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Discover why identity is the new endpoint.

Secure your spot now: https://thehackernews.com/2023/09/webinar-identity-threat-detection.html

Russian journalist Galina Timchenko's iPhone was hacked with NSO Group's Pegasus spyware, using a zero-click exploit known as PWNYOURHOME.

Read: https://thehackernews.com/2023/09/russian-journalists-iphone-compromised.html

A high-severity Time-of-Check to Time-of-Use (TOCTOU) (CVE-2023-27470) in N-Able's Take Control Agent could give hackers SYSTEM privileges.

Find out how it works: https://thehackernews.com/2023/09/n-ables-take-control-agent.html

🚨 Attention Linux and macOS users!

Critical vulnerabilities in the ncurses library have been discovered. Find out how threat actors could elevate privileges and run malicious code.

Details: https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html

Linux Users Beware: A stealthy supply chain attack went undetected for 3+ years, stealing passwords and more.

Learn how a trusted "Free Download Manager" site turned malicious and distributed malware.

Read: https://thehackernews.com/2023/09/free-download-manager-site-compromised.html

🔒 Secure offboarding is essential in today's IT landscape. Learn about common pitfalls and how to avoid them in this must-read article.

Read: https://thehackernews.com/2023/09/avoid-these-5-it-offboarding-pitfalls.html

🚨 Critical security flaws discovered in Kubernetes could lead to remote code execution with elevated privileges on Windows endpoints within a cluster.

Learn more about CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955: https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html

Microsoft reveals Iranian nation-state actors' password spray attacks targeting the satellite, defense, and pharmaceutical sectors globally.

Learn more about this: https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html

Cybercriminals behind RedLine and Vidar info-stealers have shifted their focus towards ransomware, employing phishing campaigns and leveraging Extended Validation (EV) code signing certificates.

Read details: https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html

⚠️ Attention Facebook Business Users: Python-based NodeStealer #malware has returned. It now targets multiple web browsers to maliciously take over accounts.

Read: https://thehackernews.com/2023/09/nodestealer-malware-now-targets.html