Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.

Read: https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html

Attention IT admins! Update Nagios XI to version 5.11.2 now. The network monitoring software has patched four critical security flaws (CVE-2023-40931 to CVE-2023-40934), protecting against privilege escalation and information disclosure.

Read: https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html

🚨 Beware of Fake Exploits! A malicious actor tried to trick users with a fake WinRAR PoC exploit on GitHub, aiming to infect them with VenomRAT malware.

Learn more: https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html

⚠️ Attention Linux users who downloaded the "Free Download Manager" software between 2020 and 2022:

Its website was breached in 2020, and a Ukrainian hacker group distributed malware.

Learn about the incident: https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html

Gold Melody, the financially motivated cybercrime group, is selling access to compromised organizations for ransomware attacks.

Researchers have revealed their tactics and targets: https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html

🚨 China's Ministry of State Security accuses the U.S. of cyber espionage against Huawei servers since 2009.

Read: https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html

🚨 P2PInfect Worm Alert : P2PInfect malware activity skyrockets 600x in a week. Researchers shed light on its rapid growth and evolving tactics.

Read: https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html

Sandman, a new cyber threat actor, is targeting telecom providers across continents. Read more about this cyber espionage campaign.

Read: https://thehackernews.com/2023/09/mysterious-sandman-threat-actor-targets.html

🚨 Attention users! Apple issues patches for 3 new critical zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari. Stay safe with the latest updates for your devices.

Read details: https://thehackernews.com/2023/09/apple-rushes-to-patch-3-new-zero-day.html

🚨 Security Alert! Atlassian and ISC uncover critical flaws in their products that could lead to DoS and remote code execution attacks.

Read and patch now: https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html

OilRig, Iran's state-backed actor, aims at Israeli entities with spear-phishing tactics. Learn about the Outer Space and Juicy Mix campaigns.

Read: https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html

Ever wondered how MITRE Engenuity evaluates cybersecurity vendors?

Discover how to interpret MITRE ATT&CK Evaluation results and find the perfect security fit for your organization.

Read: https://thehackernews.com/2023/09/how-to-interpret-2023-mitre-att.html

💰🔐 Beware Latin America! BBTok banking trojan strikes Brazil & Mexico. Crafty phishing emails, unique payloads, and a sneaky approach put users at risk.

Learn how to shield your finances from this stealthy attacker: https://thehackernews.com/2023/09/new-variant-of-banking-trojan-bbtok.html

🚨 ALERT: iPhone spyware attack!

Former Egyptian parliament member Ahmed Eltantawy targeted by Predator spyware using 3 recent zero-day vulnerabilities.

Learn more: https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html

Researchers uncovered a new advanced backdoor, 'Deadglyph,' by Stealth Falcon hackers, which combines two languages for cyber espionage.

Read: https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html

Espionage Alert: Southeast Asian government targeted by China-nexus threat actors. A three-part report by Palo Alto Networks reveals distinct clusters and sophisticated tactics.

Read more ➡️ https://thehackernews.com/2023/09/new-report-uncovers-three-distinct.html

EvilBamboo tactics exposed: Targets sensitive data from Tibetan, Uyghur, and Taiwanese organizations. Utilizes fake websites and social media for deploying exploits.

Read details: https://thehackernews.com/2023/09/from-watering-hole-to-spyware.html

Weak passwords = easy targets.

83% of hacked passwords meet complexity standards, but here's the catch: attackers have BILLIONS of stolen credentials.

Is your organization prepared? Discover the defenses you need➡️ https://thehackernews.com/2023/09/are-you-willing-to-pay-high-cost-of.html

Ukrainian military hit by a phishing campaign using drone manuals as bait to deliver a Go-based open-source post-exploitation toolkit called Merlin.

Read: https://thehackernews.com/2023/09/ukrainian-military-targeted-in-phishing.html

🛡️ Concerned about the risks of generative AI in cybersecurity?

Don't miss our upcoming webinar with Zscaler. Learn practical best practices to secure your workforce and how to manage risk.

Reserve your spot: https://thehackernews.com/2023/09/watch-webinar-ai-vs-ai-harnessing-ai.html