🚨 Act now! Apple releases emergency security patches for iOS, iPadOS, #macOS, tvOS, watchOS, & Safari web browser to counter 3 new actively exploited zero-day vulnerabilities.

🔒 CVE-2023-32409
🔒 CVE-2023-28204
🔒 CVE-2023-32373

Read: https://thehackernews.com/2023/05/webkit-under-attack-apple-issues.html

💻⚡️ AI + Malware = Trouble!

Hackers are using Google Search ads to trick AI tool seekers into downloading malware.

Learn more: https://thehackernews.com/2023/05/searching-for-ai-tools-watch-out-for.html

Two npm packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were found to harbor the TurkoRat malware, capable of stealing sensitive info like login credentials and cryptocurrency data.

Read details: https://thehackernews.com/2023/05/developer-alert-npm-packages-for-nodejs.html

🕒 Countdown to the end of third-party cookies has begun!

Google is finally flipping the switch on its Privacy Sandbox initiatives, bidding farewell to third-party cookies & cross-app identifiers in Chrome.

Learn more about this here: https://thehackernews.com/2023/05/privacy-sandbox-initiative-google-to.html

🚨 Heads up, Samsung devices under attack! CISA warns of an active exploitation targeting a medium-severity flaw.

Read: https://thehackernews.com/2023/05/samsung-devices-under-active.html

💥 Infamous cybercrime syndicate FIN7 is back in business, launching their first ransomware campaign in years and utilizing powerful tools such as POWERTRASH, Lizar, OpenSSH, and Impacket for exploitation.

Find details here: https://thehackernews.com/2023/05/notorious-cyber-gang-fin7-returns-cl0p.html

From teenage hacker to cybercriminal mastermind: Meet 'Jack,' the mind behind Golden Chickens malware. eSentire reveals his digital trail and involvement in developing malicious tools.

Read details here: https://thehackernews.com/2023/05/meet-jack-from-romania-mastermind.html

⚠️ Important notice for the Python community!

The administrators of the PyPI software repository have disabled new user sign-ups and package uploads until further notice due to an overwhelming surge of malicious users and projects.

Read details here: https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

🚨 Attention KeePass users! A newly discovered security flaw (CVE-2023-32784) could expose your master password in cleartext!

Read details here: https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html

Upgrade to KeePass 2.54 once it's released.

UK national sentenced to 13+ years in prison for operating iSpoof, an online phone number spoofing service. The platform enabled fraudsters to impersonate banks and deceive victims.

Read details: https://thehackernews.com/2023/05/uk-fraudster-behind-ispoof-scam.html

New revelations about the Bad Magic hacker group uncover a longer history than expected. Kaspersky's latest report connects them to CloudWizard, a modular framework with alarming capabilities.

Read details: https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html

#cybersecurity #hacking #malware

GUI-vil, the financially driven Indonesian group, leverages AWS EC2 instances for crypto mining, leaving victim organizations to bear the cost.

Read details: https://thehackernews.com/2023/05/indonesian-cybercriminals-exploit-aws.html

Facebook's parent company Meta hit with a record $1.3 billion fine by EU regulators for unlawfully transferring personal data of European users.

Read details here: https://thehackernews.com/2023/05/eu-regulators-hit-meta-with-record-13.html

China bans U.S. chip maker Micron from supplying crucial infrastructure projects, citing national security risks. Investigation finds "serious cybersecurity problems," endangering critical information infrastructure.

Read details: https://thehackernews.com/2023/05/china-bans-us-chip-giant-micron-citing.html

A new cyber threat, "GoldenJackal," is targeting government and diplomatic entities in the Middle East and South Asia. This stealthy and capable adversary employs tailored #malware to steal data and conduct surveillance.

Read details: https://thehackernews.com/2023/05/goldenjackal-new-threat-group-targeting.html

🚨 Alert: Kimsuky, the North Korean APT group, is back in action! They're using a new custom malware called "RandomQuery" to conduct reconnaissance and steal sensitive information.

Read details: https://thehackernews.com/2023/05/north-korean-kimsuky-hackers-strike.html

WINTAPIX: A newly discovered malware, acting as a loader, has been identified in attacks targeting Saudi Arabia, Qatar, and UAE. By exploiting a vulnerable kernel driver, the attacker gains privileged access & executes a multi-stage attack.

https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html

Ukraine's state bodies under cyber attack! CERT-UA warns of an espionage campaign targeting ministries. Hackers, known as UAC-0063, are leveraging phishing emails and malicious tools to infiltrate systems.

Read: https://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html

North Korean Lazarus Group remains relentless in targeting vulnerable Microsoft IIS servers, utilizing DLL side-loading techniques to deploy malicious software in latest espionage operations.

Read details: https://thehackernews.com/2023/05/n-korean-lazarus-group-targets.html

Legion, the Python-based hack tool, evolves with expanded capabilities. Latest version exploits SSH servers and gains access to DynamoDB and CloudWatch credentials associated with AWS.

Read details: https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html

🚨 Popular app gone rogue! "iRecorder - Screen Recorder" app sneaks in information stealing capabilities after a year on Play Store.

Read details: https://thehackernews.com/2023/05/data-stealing-malware-discovered-in.html

Google has finally removed it from the Play Store, but the damage may already be done.