3CX, has confirmed that multiple versions of its desktop app for Windows & macOS have been affected by a supply chain attack.

The attack appears to have compromised 3CX's software build pipeline.

Learn more: https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html

Cyber Police of Ukraine, along with law enforcement officials from Czechia, have arrested several members of a cybercriminal gang that earned over $4.33 million in illicit profits through phishing scams.

Learn more: https://thehackernews.com/2023/03/cyber-police-of-ukraine-busted-phishing.html

Cyber espionage group Winter Vivern (aka TA473) targets officials in Europe and U.S. by exploiting unpatched Zimbra vulnerability in gov't webmail portals.

Learn more: https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html

🔥 WEBINAR | Become an Incident Response Pro!

Unlock the secrets to bulletproof incident Response – Master the 6-Phase process with Asaf Perlman, Cynet's IR Leader!

Don't Miss Out – Save Your Seat: https://thehackernews.com/2023/03/deep-dive-into-6-key-steps-to.html

🚨 Urgent: Hackers are exploiting a high-severity flaw in the Elementor Pro plugin for WordPress, enabling them to take control of WooCommerce enabled sites. Update to version 3.11.7 or 3.12.0 immediately.

Learn more: https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html

🚨 High-risk security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by hackers!

Details: https://thehackernews.com/2023/04/cacti-realtek-and-ibm-aspera-faspex.html

Update your systems ASAP to protect against MooBot and ShellBot attacks.

🚨 Microsoft patches Azure Active Directory misconfiguration issue, which exposed high-impact apps to unauthorized access and could have allowed attackers to modify Bing search results.

Learn more: https://thehackernews.com/2023/04/microsoft-fixes-new-azure-ad.html

Italy's data protection watchdog, Garante, temporarily bans OpenAI's ChatGPT, citing data protection concerns & potential violation of GDPR laws.

Learn more: https://thehackernews.com/2023/04/italian-watchdog-bans-openais-chatgpt.html

Despite the ban, apps using OpenAI's tech, such as Microsoft's Bing, are unaffected.

⚠️ Beware of OpcJacker! This stealthy malware is targeting users through fake websites, promising VPN services and more. Its main functions: keylogging, data theft, and crypto hijacking.

Learn more: https://thehackernews.com/2023/04/crypto-stealing-opcjacker-malware.html

⚠️ Western Digital discloses a network security breach involving unauthorized access to its systems on March 26, 2023.

Learn more: https://thehackernews.com/2023/04/western-digital-hit-by-network-security.html

Investigation underway with the help of cybersecurity experts and law enforcement.

A supply chain attack targeting 3CX has been linked to North Korea's Lazarus Group, with the second-stage implant (Gopuram) specifically singling out a select few cryptocurrency companies.

Learn more: https://thehackernews.com/2023/04/cryptocurrency-companies-targeted-in.html

🔒 Microsoft is taking action against malware abuse in OneNote by automatically blocking embedded files with "dangerous extensions".

Find the full list of 120 extensions here: https://thehackernews.com/2023/04/microsoft-tightens-onenote-security-by.html

🔥 Arid Viper, aka Mantis, linked to Hamas' cyber warfare division, updates its malware toolkit (ViperRat, FrozenCell, Micropsia) targeting Palestinian entities across Windows, Android, & iOS platforms!🛡️💻

Learn more: https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html

Beware of the new Rilide malware targeting Chromium-based browsers! This malicious extension steals sensitive data & siphons cryptocurrency while disguised as a legitimate Google Drive add-on.

Learn more: https://thehackernews.com/2023/04/new-rilide-malware-targeting-chromium.html

🚨 Cybersecurity researchers uncover a new, sophisticated 🔐 ransomware strain called Rorschach. With unprecedented speed & unique features, it's raising the bar for future attacks.

Learn more: https://thehackernews.com/2023/04/rorschach-ransomware-emerges-experts.html

🚨 Alert: Typhon Reborn V2, a new version of the information-stealing malware, has emerged with enhanced capabilities to evade detection and resist analysis.

Learn more: https://thehackernews.com/2023/04/typhon-reborn-stealer-malware.html

North Korean-backed threat actor ARCHIPELAGO targets South Korean & US government, military, and policy experts.

Learn more: https://thehackernews.com/2023/04/google-tag-warns-of-north-korean-linked.html

Researchers uncover a new attack technique involving malicious SFX files! These files can hide hidden functionality, enabling persistent backdoor access to victims' systems.

Learn more: https://thehackernews.com/2023/04/hackers-using-self-extracting-archives.html

SEO poisoning in action 🕷️!

Users searching for "WhatsApp Web" are lured to rogue domains hosting the CryptoClippy malware, which steals cryptocurrency by replacing wallet addresses during transactions.

Learn more: https://thehackernews.com/2023/04/cryptoclippy-new-clipper-malware.html

📱Attention, Android app developers! Google announces a new data deletion policy.

It now requires apps to provide users with easy in-app and online account deletion options. Devs must also disclose data retention practices.

Read: https://thehackernews.com/2023/04/google-mandates-android-apps-to-offer.html

An international law enforcement operation named Operation CookieMonster has taken down the notorious Genesis Market, an illegal online marketplace that sold stolen credentials.

Read: https://thehackernews.com/2023/04/fbi-cracks-down-on-genesis-market-119.html

The crackdown involved 17 countries and resulted in 119 arrests.