⚠️ Attention Zyxel NAS users! A new critical vulnerability (CVE-2023-27992) could allow attackers to run arbitrary commands on affected systems.

Read details: https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html

Don't wait—apply the security update immediately!

Quick Serve Restaurants depend on shared resources and consistency. As threat actors target food chains, securing #SaaS apps is crucial.

Learn how SSPMs manage data, detect misconfigurations, enhance security, and protect your SaaS stack.

https://thehackernews.com/2023/06/saas-in-real-world-how-global-food.html

Three new security vulnerabilities in Wago and Schneider Electric products have been disclosed, part of the broader OT:ICEFALL issues affecting 13 vendors.

Find out more: https://thehackernews.com/2023/06/researchers-expose-new-severe-flaws-in.html

🚨 Attention network admins! #VMware's Aria Operations for Networks is under attack. The critical vulnerability (CVE-2023-20887) is being actively exploited, putting your network at high risk.

Learn more: https://thehackernews.com/2023/06/alert-hackers-exploiting-critical.html

Upgrade NOW to prevent RCE attacks.

New malware alert! Condi, a powerful botnet, is exploiting a vulnerability in TP-Link Archer AX21 Wi-Fi routers, turning them into DDoS attack machines.

Learn more about Condi here: https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html

🚨 Chinese state-sponsored actor, Flea, targets foreign affairs ministries in the Americas, using a new backdoor named Graphican.

Read details: https://thehackernews.com/2023/06/chinese-hacker-group-flea-targets.html

🔐 A serious flaw in Microsoft Azure AD's OAuth process has been uncovered, that could have enabled complete account takeover!

Learn how a simple misconfiguration allows hackers to exploit the "Log in with Microsoft" feature.

Details: https://thehackernews.com/2023/06/critical-noauth-flaw-in-microsoft-azure.html

Operation Triangulation: Your iOS device might be at risk! Spyware called TriangleDB infiltrates iPhones and iPads via invisible iMessage attachments.

Learn how attackers exploit kernel vulnerabilities to access your personal info: https://thehackernews.com/2023/06/new-report-exposes-operation.html

🔒 ScarCruft, a North Korean threat group, developed an information-stealing malware with wiretapping abilities. Using the Ably messaging service, this malware poses a serious risk to organizations.

Learn more: https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html

🔒 Urgent: Apple releases critical updates to address actively exploited vulnerabilities in iOS, iPadOS, macOS, watchOS, and Safari.

Learn more: https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html

Ensure your devices are up-to-date to fend off cyber threats.

Attention online retailers! A critical security flaw in the "Abandoned Cart Lite for WooCommerce" plugin puts over 30,000 WordPress websites at risk.

Learn more: https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.html

Update to version 5.15.2 immediately to prevent unauthorized access.

⚡️ Don't wait for a data breach to happen! Discover the vital role of data exfiltration detection and how Machine Learning algorithms & NDR technology help identify and prevent cyberattacks.

Learn how to enhance your security posture https://thehackernews.com/2023/06/unveiling-unseen-identifying-data.html

💥 Chinese cyber espionage group, Camaro Dragon, expands its reach with a new self-propagating #malware, dubbed WispRider, spreading through USB drives.

Check out the latest research findings: https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html

A new phishing campaign named MULTI#STORM targets India and the U.S., using JavaScript files to deploy remote access trojans on compromised systems.

Discover the intricate attack chain: https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html

⚠️ Urgent action required!

Internet-facing Linux systems and IoT devices are under attack! Discover how threat actors hijack SSH credentials, deploy backdoors and mining cryptocurrency.

Learn more: https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html

NSA shares crucial guidance to detect and tackle BlackLotus: a powerful UEFI bootkit bypassing Windows Secure Boot, granting attackers full control.

Discover how it evades security mechanisms and executes additional payloads: https://thehackernews.com/2023/06/nsa-releases-guide-to-combat-powerful.html

New #JavaScript Dropper PindOS delivers dangerous payloads like Bumblebee and IcedID, acting as loaders for ransomware and other malware.

Explore the article for more details: https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html

Attackers are increasingly targeting vulnerable developer laptops to infiltrate production systems without directly attacking them, warned cloud security expert Lee Atchison.

Learn more: https://thn.news/HIq4tcGM

Watch out, BPOs! Discover how 'Muddled Libra' cybercrime group is leveraging the 0ktapus phishing kit and social engineering tactics to infiltrate organizations and steal sensitive data.

Learn more: https://thehackernews.com/2023/06/cybercrime-group-muddled-libra-targets.html

U.K. hacker Joseph James O'Connor sentenced to 5 years for massive Twitter breach, targeting 130 high-profile accounts, executing a crypto scam, and netting $120,000 in illegal profits.

Read details: https://thehackernews.com/2023/06/twitter-hacker-sentenced-to-5-years-in.html

🔒 6 known exploited vulnerabilities have been added to CISA's catalog. Apple, VMware, and Zyxel devices are affected, exposing them to code execution, zero-click exploits, & cyberespionage attacks.

Get the details and patch your systems ASAP: https://thehackernews.com/2023/06/us-cybersecurity-agency-adds-6-flaws-to.html