🕵️‍♂️ Despite infrastructure disruption, QakBot malware operators are still active in an ongoing phishing campaign, delivering Ransom Knight ransomware & Remcos RAT.

Learn more: https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html

🚨 Multiple security flaws in Supermicro's BMC firmware pose severe risks. Know the risks from CVE-2023-40284 to CVE-2023-40290, allowing unauthenticated attackers to gain root access.

Read: https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html

Is your system one of the 70,000 exposed?

GitHub's secret scanning just got even better! Now supporting AWS, Microsoft, Google, and Slack tokens, ensuring your code's safety.

Learn how to amp up your code security with this powerful feature:https://thehackernews.com/2023/10/githubs-secret-scanning-feature-now.html

🤖 Cyber Intrusion Alert! Semiconductor companies in East Asia are under attack.

Threat actors posing as TSMC deploy Cobalt Strike beacons via HyperBro backdoor.

Read now: https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html

🔒 Strengthen your organization's security posture! Satori's UDPS offers real-time policy updates, non-intrusive encryption, and compatibility with diverse data platforms.

Learn how to safeguard your data effortlessly: https://thehackernews.com/2023/10/new-os-tool-tells-you-who-has-access-to.html

Cryptocurrency laundering hits $7 BILLION 💰

Report reveals Lazarus Group, tied to North Korea, involved in $900 million cross-chain bridge laundering spree. As mixers face scrutiny, crypto criminals shift tactics.

Read details: https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html

⚡️ Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom.

Microsoft's report exposes tactics, including employing LinkedIn fakes & dynamic C2 infra on Google Drive.

Read: https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html

🚨 Heads up, Developers! Curl library, backbone of data transfers, to address TWO security vulnerabilities on October 11, 2023.

Read: https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html

CVE-2023-38545 & CVE-2023-38546 pose risks; details under wraps.

🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data.

Get the details: https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html

🚨 Heads up, senior executives! A new phishing campaign is on the rise, targeting Senior Executives in U.S. firms.

Read: https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html

Cybercriminals using EvilProxy to hijack accounts, specifically hitting banking, finance, insurance & manufacturing.

Ever dreamed in code? Moonlock Lab's #malware research engineer did, seeing 'MyHotKeyHandler,' 'Keylogger,' and 'macOS.'

#ChatGPT recreated the malicious code, revealing the risky world of AI jailbreaks and prompt engineering.

Learn how prompt injections make AI models go rogue: https://thehackernews.com/2023/10/i-had-dream-and-generative-ai-jailbreaks.html

📱 PEACHPIT alert! This ad fraud botnet, linked to China's BADBOX operation, targeted 15M+ Android & iOS users.

Learn how threat actors exploited devices for ad fraud and data theft: https://thehackernews.com/2023/10/peachpit-massive-ad-fraud-botnet.html

🔒 Hackers are exploiting the CVE-2023-3519 vulnerability in Citrix NetScaler devices for credential harvesting attacks.

Patch your systems ASAP! Read more: https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html

🚨 Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.

Read details of CVE-2023-43641 here: https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html

⚠️ Magecart strikes again with a new twist! Hackers are now hiding malicious code on the 404 error pages of compromised shopping sites to steal users' credit cards.

Read details here — https://thehackernews.com/2023/10/new-magecart-campaign-alters-404-error.html

A New APT Emerges: Grayling, an unknown player, targets IT, manufacturing, and biomedical sectors in Taiwan. Researchers reveal their distinctive techniques in the latest report.

Read: https://thehackernews.com/2023/10/researchers-uncover-grayling-apts.html

🔑 Default password-free sign-ins for everyone. Google introduces passkeys for all users, simplifying your online security.

Learn all about it: https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html

🚨 Online risks to children are increasing.

Thorn's report reveals minors are sharing explicit images, sometimes coerced. Learn how tech is using "hashing and matching" to combat this online threat.

Read: https://thehackernews.com/2023/10/new-report-child-sexual-abuse-content.html

⚡ Beware of the HTTP/2 Rapid Reset attack!

A novel zero-day flaw is being exploited to launch record-breaking distributed DDoS attacks.

Find out more here: https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html

Learn how AWS, Cloudflare, and Google are addressing CVE-2023-44487.

🛑 A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.

Read: https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html

Upgrade to the latest versions ASAP to safeguard your data and systems.