🔒🚨 Heads up: Iranian state-sponsored hackers join financially motivated actors in exploiting a critical flaw (CVE-2023-27350) in PaperCut print management software to achieve initial access to vulnerable servers.

Read details here: https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html

SideWinder is back with a new trick up its sleeve. Using server-based polymorphism, this APT actor potentially sidesteps traditional signature-based antivirus detection and distributes additional payloads.

Learn details: https://thehackernews.com/2023/05/researchers-uncover-sidewinders-latest.html

Operation ChattyGoblin — A China-aligned threat actor is targeting Southeast Asian gambling companies in a campaign that's been ongoing since Oct 2021; and using chat apps as their tactic to drop malware.

https://thehackernews.com/2023/05/operation-chattygoblin-hackers.html

U.S. authorities just took down 13 sites offering DDoS-for-hire services.👊

Plus, a $10 MILLION bounty is being offered for the capture of a Russian national who was involved in creating an illegal credit card-checking platform.

Read: https://thehackernews.com/2023/05/us-authorities-seize-13-domains.html

🔒 Microsoft's May 2023 Patch Tuesday includes fixes for 38 security vulnerabilities, including a zero-day bug under active exploitation.

The bug (CVE-2023-29336) can grant SYSTEM privileges to attackers.

Details: https://thehackernews.com/2023/05/microsofts-may-patch-tuesday-fixes-38.html

U.S. government has disrupted a global network compromised by Snake, an advanced malware strain wielded by Russia's Federal Security Service (FSB), one of the most sophisticated cyber espionage tools ever developed.

Read details: https://thehackernews.com/2023/05/us-government-neutralizes-russias-most.html

The 23-year-old responsible for the 2020 Twitter hack, which compromised 130 high-profile accounts (including those of Bill Gates & Elon Musk) and defrauded users of $120,000, has pleaded guilty and could face up to 70 years in prison.

Read: https://thehackernews.com/2023/05/mastermind-behind-twitter-2020-hack.html

New malware alert! DownEx is targeting Central Asian government organizations in a sophisticated espionage campaign.

Learn more about it: https://thehackernews.com/2023/05/sophisticated-downex-malware-campaign.html

Hackers can steal NTLM credentials with zero clicks! Beware of CVE-2023-29324, the Windows MSHTML Platform vulnerability.

Check out the details now: https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html

Google has just unveiled a range of new privacy, safety, and security features at Google I/O. The updates are aimed at protecting users from phishing attacks, cyber threats, and more.

Check out this article to learn more: https://thehackernews.com/2023/05/google-announces-new-privacy-safety-and.html

✅ Improved data control and transparency
✅ Gmail's Dark Web Scan
✅ Effortless deletion of Maps search history
✅ AI-powered Safe Browsing
✅ Expansion of Content Safety API
✅ About this Image
✅ Passwordless future with Passkey Sign-In
✅ Spam View in Google Drive

GitHub's "Push Protection" feature is now available to all public repositories, helping to prevent accidental key and secret leaks in code.

Learn more: https://thehackernews.com/2023/05/github-extends-push-protection-to.html

🔥 It's official: Twitter is finally taking a step towards privacy by rolling out support for🔒encrypted direct 📨 messages!

Learn more: https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html

But it's only available for verified users and their affiliates for now.

⚡Warning: A nascent botnet called Andoryu is currently exploiting a critical vulnerability (CVE-2023-25717) to hijack Ruckus Wireless AP devices.

Learn more at: https://thehackernews.com/2023/05/andoryu-botnet-exploits-critical-ruckus.html

Alert! 9 new ransomware families emerge from leaked Babuk source code, capable of targeting Linux and ESXi environments

https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html

Spanish Police dismantles cybercrime gang with 40 arrests! Hackers, fraudsters, and money launderers taken down!

Read details: https://thehackernews.com/2023/05/spanish-police-takes-down-massive.html

Researchers uncover new APT group Red Stinger targeting Eastern Europe since 2020. Attackers exfiltrated snapshots, USB drives, keyboard strokes, and microphone recordings.

Read details: https://thehackernews.com/2023/05/new-apt-group-red-stinger-targets.html

🚨 Heads up! A severe security flaw has been discovered in a popular WordPress plugin! Patchstack has revealed an unauthenticated privilege escalation flaw in Essential Addons for Elementor!

Read: https://thehackernews.com/2023/05/severe-security-flaw-exposes-over.html

It is crucial to update to version 5.7.2 ASAP!

🔒 Beware of the Bl00dy Ransomware Gang! U.S. agencies sound the alarm on cyberattacks targeting vulnerable PaperCut servers in the education sector.

Read details: https://thehackernews.com/2023/05/bl00dy-ransomware-gang-strikes.html

BPFDoor, an undetected malware variant, has resurfaced with enhanced evasiveness.

Find out how this Linux backdoor has remained hidden for years, posing a serious threat to compromised environments.

Read details: https://thehackernews.com/2023/05/new-variant-of-linux-backdoor-bpfdoor.html

Attention Netgear RAX30 users! 5 new flaws revealed!

Hackers could hijack your devices, tamper with settings, and control your smart home. Act fast! Update to patch the vulnerabilities.

Read details: https://thehackernews.com/2023/05/netgear-routers-flaws-expose-users-to.html

Greatness is a new phishing-as-a-service platform that enables cybercriminals to more easily target Microsoft 365 users.

Read: https://thehackernews.com/2023/05/new-phishing-as-service-platform-lets.html

Avoid clicking on unfamiliar links or opening suspicious attachments.