Researchers found a vulnerability in AI-as-a-service provider "Replicate" that could allow unauthorized access to proprietary AI models and sensitive data.

Read: https://thehackernews.com/2024/05/experts-find-flaw-in-replicate-ai.html

The issue stemmed from the arbitrary code execution potential in AI model packaging.

Indian government, defense, and aerospace sectors targeted by Pakistan-nexus actor Transparent Tribe using cross-platform malware written in Python, Golang, and Rust.

Learn about the new set of attacks: https://thehackernews.com/2024/05/pakistan-linked-hackers-deploy-python.html

🚨 Experts have uncovered phishing campaigns using HTML smuggling, DNS tunneling, generative AI, PhaaS toolkits, malvertising, and Cloudflare Workers to serve malicious sites targeting Microsoft and Gmail credentials.

Find out more: https://thehackernews.com/2024/05/new-tricks-in-phishing-playbook.html

🚨 Cyber Alert: #Microsoft highlights Morocco-based Storm-0539, stealing up to $100,000/day in gift card fraud.

🔗 Discover the full story: https://thehackernews.com/2024/05/moroccan-cybercrime-group-steals-up-to.html

🚨 83% of organizations have fallen victim to phishing. It’s time to rethink our security strategies. Discover innovative solutions that inspect web sessions and neutralize threats in real-time.

Read the full report: https://thehackernews.com/2024/05/report-dark-side-of-phishing-protection.html

🚨 Critical Alert: TP-Link Archer C5400X 🎮 Gaming Router Vulnerability.

🚦 Severity: Maximum (CVSS 10.0)

🛡️ Impact: Remote code execution Patch available: Firmware version 1_1.1.7 Protect your network, update now!

Read more: https://thehackernews.com/2024/05/tp-link-gaming-router-vulnerability.html

Unknown threat actors are targeting WordPress sites with a new attack vector, using the Dessky Snippets plugin to insert malicious PHP code and harvest credit card data.

Read More 👉 https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html

Dual Threat: CatDDoS & DNSBomb!

🐱 CatDDoS botnet exploits 80+ vulnerabilities, targeting 300+ devices daily for DDoS attacks.

💣 DNSBomb, a new attack technique, achieves a 20,000x amplification in PDoS attacks.

Read the full story: https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html

Special deals from the ANYRUN interactive malware sandbox 🎁

New and existing clients can receive:
✅ 6 months of free service
✅ Additional licenses for team members

Get it until May 31 ➡️ https://thn.news/anyrun-sandbox

🔒 With endless cyber threats, the 'spray 'n pray' approach is costing you big time. Discover the secret to prioritizing your resources and efforts on what truly matters.

Don’t miss out – read the full article now: https://thehackernews.com/2024/05/4-step-approach-to-mapping-and-securing.html

💸 Indian national pleads guilty to stealing over $37M through fake Coinbase website.

In separate cases, a Ukrainian arrested for aiding North Korean IT workers; Vietnamese charged for helping Chinese remote IT workers commit wire fraud.

Read: https://thehackernews.com/2024/05/indian-national-pleads-guilty-to-37.html

🚨 BreachForums domain is back online just 2 weeks after a law enforcement takedown!

Trap or blunder?

Learn more: https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html

It's now selling: 1.3 TB database with 560M Ticketmaster customers' data for $500K!

Microsoft uncovers Moonstone Sleet, a new North Korean hacker group targeting various sectors with ransomware and custom malware, using fake companies and tools to infiltrate targets.

Details here: https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html

💻 Malachi Mullings, a 31-year-old from Georgia, has been sentenced to 10 years for laundering $4.5 million through BEC and 💔 romance scams.

Learn how they pulled off the scam: https://thehackernews.com/2024/05/us-sentences-31-year-old-to-10-years.html

🎉 Introducing GRC Mastery — Cyber Security GRC Training for beginners.

📽️ Video modules, assessments, quizzes.
🏆 Master risk management, audit, compliance, asset management.
🔭 Capstone Project: NIST assessment.
🎓 Earn a certificate.

Check it out: https://grcmastery.com

🇧🇷💰 New campaign targets Brazilian banks with AllaSenha, a custom AllaKore RAT variant. The malware steals banking credentials and uses Azure cloud for C2.

Learn more: https://thehackernews.com/2024/05/brazilian-banks-targeted-by-new.html

🚨 Attention: Check Point discovers zero-day vulnerability CVE-2024-24919 in Network Security VPN gateway products, exploited in the wild.

Read more here: https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html

🔧 Ensure your systems are patched with the latest hotfixes.

Employee offboarding is crucial for security. 63% of businesses may have ex-employees with data access. Automate SaaS security to reduce risks.

Learn more at: https://thehackernews.com/2024/05/new-research-warns-about-weak.html

A malicious Python package, pytoileur, has been found in PyPI, aiming at cryptocurrency theft. Downloaded 316 times and re-uploaded after removal, this highlights significant risks in open-source ecosystems.

Learn more: https://thehackernews.com/2024/05/cybercriminals-abuse-stackoverflow-to.html

🚨 Warning: Okta warns of a vulnerability in the cross-origin authentication feature of their Customer Identity Cloud (CIC) that attackers are increasingly exploiting for credential stuffing attacks.

Learn more: https://thehackernews.com/2024/05/okta-warns-of-credential-stuffing.html