🚨 New Threat Alert! BunnyLoader, the latest malware-as-a-service, is up for sale in the dark web. It can steal your data, replace your cryptocurrency addresses, and more.

Learn more: https://thehackernews.com/2023/10/bunnyloader-new-malware-as-service.html

A severe "Zip Slip" vulnerability in OpenRefine data cleanup and transformation tool could lead to code execution attacks.

Find out how attackers exploit this flaw: https://thehackernews.com/2023/10/openrefines-zip-slip-vulnerability.html

🛡️ APIs are the backbone of modern applications, but they come with risks. Learn how to protect your data from API breaches and cyberattacks.

Read details: https://thehackernews.com/2023/10/apis-unveiling-silent-killer-of-cyber.html

💳 Protect Your Payments!

Silent Skimmer - A year-long web skimming campaign targets businesses in Asia, North America, and Latin America, stealing sensitive payment data.

Learn more: https://thehackernews.com/2023/10/silent-skimmer-year-long-web-skimming.html

🚨Beware of LUCR-3 (aka Scattered Spider) – a threat actor targeting Fortune 2000 companies for extortion. Learn how they use victims' tools and applications for data theft.

Read details: https://thehackernews.com/2023/10/lucr-3-scattered-spider-getting-saas-y.html

🔒 Exploiting Cloudflare's Gaps: Threat actors can bypass DDoS protection mechanisms by abusing trust relationships.

Details inside: https://thehackernews.com/2023/10/researcher-reveal-new-technique-to.html

New survey reveals alarming stats: 78% of cybersecurity teams faced API-related security incidents in the past year.

Find out how your peers are responding and why API security is a top priority.

Get insights: https://thehackernews.com/2023/10/api-security-trends-2023-have.html

🔒 Reduce your attack surface and enhance your organization's cybersecurity strategy with Security Configuration Assessment (SCA).

Explore its benefits, including vulnerability identification, compliance, and IT hygiene enhancement:

Read: https://thehackernews.com/2023/10/protecting-your-it-infrastructure-with.html

New survey reveals alarming stats: 78% of cybersecurity teams faced API-related security incidents in the past year.

Find out how your peers are responding and why API security is a top priority.

Get insights: https://thehackernews.com/2023/10/api-security-trends-2023-have.html

🔒Worried about AI-related threats? Join our panel discussion with cybersecurity experts:

- David Primor, Founder & CEO of Cynomi
- Elad Schulman, Founder & CEO of Lasso Security

... and learn practical security policies and practices to shield your clients.

https://thehacker.news/ai-llm-threats?source=social

🚨 Developers, listen up! Over 30 malicious npm packages discovered in the wild. They're after your sensitive data - SSH keys, Kubernetes configs, and more.

Find details here: https://thehackernews.com/2023/10/over-3-dozen-data-stealing-malicious.html

⚡ShellTorch: Multiple vulnerabilities in TorchServe, used for serving PyTorch models, could lead to remote code execution attacks, potentially exposing sensitive data and compromising system security.

Learn more: https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html

🚨 Urgent! Qualcomm releases security updates to patch 17 vulnerabilities, including 3 zero-days actively exploited.

Find details here: https://thehackernews.com/2023/10/qualcomm-releases-patch-for-3-new-zero.html

⚠️ Watch out, developers! A rogue npm package, "node-hide-console-windows," was hiding a nasty surprise - the r77 rootkit.

This is the first-ever case of a package delivering a rootkit.

Read details: https://thehackernews.com/2023/10/rogue-npm-package-deploys-open-source.html

🛡️ Is your organization struggling with SaaS security on a tight budget? Discover how Wing Security's $1,500/year tier could be the answer for mid-sized companies.

Read: https://thehackernews.com/2023/10/wing-disrupts-market-by-introducing.html

Microsoft warns of attackers attempting to exploit SQL instances to breach a cloud environment. The company shares details on the attack, highlighting the critical need to secure cloud identities

Read: https://thehackernews.com/2023/10/microsoft-warns-of-cyber-attacks.html

New Linux vulnerability (CVE-2023-4911) named Looney Tunables found in the GNU C library's dynamic loader. Exploitation could lead to root privileges.

Learn how it affects major #Linux distributions: https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

From DragonEgg to LightSpy — Discover the hidden links between Android and iOS spyware, exposing a sophisticated network of surveillance.

Learn more in this report: https://thehackernews.com/2023/10/researchers-link-dragonegg-android.html

Atlassian releases patch for a new zero-day vulnerability (CVE-2023-22515) in Confluence, risking admin account breaches on Data Center and Server instances.

Find details here: https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html

Update to the latest versions 8.3.3+, 8.4.3+, or 8.5.2 for a shield against potential exploits.

🚨 Attention iPhone and iPad users! Apple rushes in with iOS 17.0.3 and iPadOS 17.0.3 updates to patch an actively exploited kernel vulnerability.

Learn more about CVE-2023-42824: https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html

🚨 Alert: CISA flags active exploits. Two recent vulnerabilities come under the scanner:

— CVE-2023-42793: TeamCity Auth Bypass
— CVE-2023-28229: Win CNG Flaw

Read details here: https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html

Act fast, secure your networks—patch by Oct 25!