Europol dismantled an organized cybercrime group engaged in phishing, fraud, scams, and money laundering activities.

Details: https://thehackernews.com/2022/06/europol-busts-phishing-gang-responsible.html

A newly discovered Magecart attack has been linked to the infrastructure of an ongoing skimming campaign.

Read: https://thehackernews.com/2022/06/newly-discovered-magecart.html

Ukrainian CERT has warned of a new series of Russian cyberattacks exploiting the "Follina" vulnerability in the Windows operating system to deploy password-stealing malware.

Read details: https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html

Researchers demonstrate 5 cryptographic attacks to break the encryption of the cloud storage service "MEGA," allowing compromise of user confidentiality.

https://thehackernews.com/2022/06/researchers-uncover-ways-to-break.html

—RSA Key Recovery
—Plaintext Recovery
—Framing Attack
—Integrity Attack
—GaP-Bleichenbacher Attack

A critical PHP vulnerability leaves QNAP's network attached storage (NAS) devices vulnerable to remote attackers, allowing them to execute malicious code on the affected systems.

Read details: https://thehackernews.com/2022/06/critical-php-vulnerability-exposes-qnap.html

Tropic Trooper Chinese hacker group has been spotted using a new malware coded in the Nim programming language, and distributed hidden inside an "SMS bomber" tool.

Read details: https://thehackernews.com/2022/06/chinese-hackers-distributing-sms-bomber.html

Israeli surveillanceware vendor NSO Group admitted to the European Union lawmakers that its Pegasus spyware tool was used by at least 5 countries in the region.

Read: https://thehackernews.com/2022/06/nso-confirms-pegasus-spyware-used-by-at.html

CISA and the Coast Guard have issued a joint advisory warning of ongoing attempts by hackers to exploit the Log4Shell vulnerability in VMware Horizon servers to steal sensitive data from targeted networks.

Read: https://thehackernews.com/2022/06/log4shell-still-being-exploited-to-hack.html

Chinese state-sponsored hackers are using ransomware as a ruse to carry out cyberespionage attacks and hide their true intentions.

Read details: https://thehackernews.com/2022/06/state-backed-hackers-using-ransomware.html

Researchers are warning of a new malware tool available on cybercrime forums that allows cybercriminals to easily create malicious Windows shortcut (.LNK) files.

Read details: https://thehackernews.com/2022/06/new-quantum-builder-lets-attackers.html

Researchers have identified multiple malicious Python packages designed to steal AWS credentials and environment variables.

https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html

What is more worrying is that they upload sensitive, stolen data to a publicly accessible server.

Google believes that ISPs may have helped attackers infect the Android and iPhone smartphones of high-profile victims with "Hermit" spyware.

Read details: https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html

Researchers reveal that ransomware hackers used a zero-day vulnerability in Mitel VoIP appliances as an entry point to infiltrate an undisclosed company.

Read details: https://thehackernews.com/2022/06/hackers-exploit-mitel-voip-zero-day-bug.html

Researchers warn of a new malware campaign driven by "Matanbuchus," a malware-as-a-service (Maas) that spreads via phishing campaigns and drops the Cobalt Strike post-exploitation framework on targeted machines.

Read: https://thehackernews.com/2022/06/researchers-warn-of-matanbuchus-malware.html

If you're using Google Analytics, you're likely breaking EU data protection laws.

Following in the footsteps of Austria and France, the Italian watchdog has also found that the use of Google Analytics to be non-compliant with EU regulations.

https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html

CODESYS has released security patches to address 11 newly identified vulnerabilities that could lead to information disclosure and a denial of service (DoS) condition, among others.

Read details: https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html

Cybersecurity experts warn of "Black Basta" ransomware that attacked dozens of companies in the U.S., Canada, U.K., Australia, and New Zealand within 2 months of its emergence, making it a prominent threat in a short period of time.

Read: https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html

Researchers have discovered a new Android banking trojan — dubbed "Revive" — targeting customers of the Spanish financial services company BBVA.

Read details: https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html

A remote memory-corruption vulnerability has been discovered in the latest version of OpenSSL library that can be exploited very easily by an attacker.

Read: https://thehackernews.com/2022/06/openssh-to-release-security-patch-for.html

"If RCE exploitation is possible, this makes it worse than Heartbleed..."

APT hackers are exploiting unpatched Microsoft Exchange servers as an initial access vector to deploy ShadowPad malware on building automation systems.

Read details: https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html

Researchers warn of a new malware, dubbed ZuoRAT, targeting small office/home office routers (SOHO) as part of a sophisticated campaign to spy on North American and European networks.

Read details: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html