BREAKING - BreachForums, a notorious online bazaar for stolen data, has been seized by law enforcement agencies for the second time in a year.

The FBI has taken control of its #Telegram channel as well.

Read on > https://thehackernews.com/2024/05/fbi-seizes-breachforums-again-urges.html

🚨 Google has addressed nine security issues in its Chrome browser, including a new zero-day exploit (CVE-2024-4947) that has been actively exploited in the wild.

Learn more: https://thehackernews.com/2024/05/google-patches-yet-another-actively.html

Don't wait – update your browser now.

⚠️ Cybercriminals are exploiting Microsoft's Quick Assist tool to target users in social engineering attacks and deploy Black Basta ransomware.

Learn more: https://thehackernews.com/2024/05/cybercriminals-exploiting-microsofts.html

🕵️‍♀️ Security and IT teams, listen up!

Reviewing new and existing OAuth grants programmatically is crucial for catching risky activity or overly-permissive scopes.

Learn best practices for investigating grants in this article: https://thehackernews.com/expert-insights/2024/05/how-to-investigate-oauth-grant-for.html

Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family. These vulnerabilities could allow ransomware attacks or data tampering.

Learn more: https://thehackernews.com/2024/05/researchers-uncover-11-security-flaws.html

Every SaaS account created by your employees represents a new “identity” with unique permissions, security settings & risks and many app owners sit outside of IT, meaning security controls could be overlooked.

Learn how Nudge Security can help: https://thn.news/saas-identity-governance

⚠️ North Korea-linked Kimsuky hacking group has launched a new social engineering attack using fake Facebook accounts to target individuals via Messenger.

Learn more: https://thehackernews.com/2024/05/north-korean-hackers-exploit-facebook.html

At Georgetown, gain the tactical skills to plan for and respond to information security threats. Attend this June 7 webinar.

Save your seat: https://thn.news/georgetown-cybersec-webinar-li

🚨 New Wi-Fi #vulnerability discovered!

CVE-2023-52424, dubbed "SSID Confusion attack," affects all operating systems & Wi-Fi clients.

Learn how attackers can trick you into connecting to a less secure network & eavesdrop on your traffic.

https://thehackernews.com/2024/05/new-wi-fi-vulnerability-enabling.html

🚨 Attention D-Link users - CISA warns of actively exploited vulnerabilities, CVE-2014-100005 and CVE-2021-40655, that attackers could exploit to change your router settings or steal your credentials.

Learn more: https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html

⚠️ North Korean APT group Kimsuky deploys Linux version of GoBear backdoor, targeting South Korean organizations.

Learn more about the Gomir backdoor and its capabilities: https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html

🚨 Alert: China-linked BlackTech group using advanced Deuterbear RAT in Asia-Pacific cyber espionage campaign.

Learn more about the improved capabilities and infection pathway of this evolving threat: https://thehackernews.com/2024/05/china-linked-hackers-adopt-two-stage.html#hacking #cybersecurity

🔒 Attention cybersecurity professionals!

A new report reveals that CVE-based vulnerabilities account for less than 1% of the average organization's on-prem exposure landscape.

It's time to shift our focus to the real threats.

Learn how: https://thehackernews.com/2024/05/new-xm-cyber-research-80-of-exposures.html

Kinsing cryptojacking hacker group continuously expanding its exploitation arsenal, which now includes various flaws in Apache ActiveMQ, Log4j, NiFi, Atlassian Confluence, Citrix, Linux, Openfire, WebLogic Server, and SaltStack.

Read: https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html

⚠️ Grandoreiro banking trojan is back, targeting 1,500+ banks in 60+ countries. It now uses infected Outlook to spread phishing emails, with updated domain-generating algorithm and anti-malware evasion capability.

Learn more: https://thehackernews.com/2024/05/grandoreiro-banking-trojan-resurfaces.html

🚨 Two Chinese nationals arrested for laundering $73 million in a massive pig butchering scam. The DoJ charges them with managing an international syndicate that tricked victims into crypto investment scams.

Learn more: https://thehackernews.com/2024/05/chinese-nationals-arrested-for.html

Researchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware loader believed to be the successor to IcedID.

Details here > https://thehackernews.com/2024/05/latrodectus-malware-loader-emerges-as.html

A multi-faceted campaign is targeting Android, macOS, and Windows users with various stealer malware and banking trojans.

Find out how they're using fake profiles and repositories to trick users into downloading malicious files.

Read: https://thehackernews.com/2024/05/cyber-criminals-exploit-github-and.html

🚨 New vulnerabilities emerge daily, forcing developers to refactor code & update dependencies.

With GitGuardian SCA, you can easily scan for CVEs locally & automatically before making a pull request.

Learn how you can create secure code effortlessly: https://thehackernews.com/2024/05/defending-your-commits-from-known-cves.html

Foxit PDF Reader users, beware! A design flaw is being weaponized to deliver malware including Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm.

Learn more: https://thehackernews.com/2024/05/foxit-pdf-reader-flaw-exploited-by.html