🚨 Developers, listen up! Over 30 malicious npm packages discovered in the wild. They're after your sensitive data - SSH keys, Kubernetes configs, and more.

Find details here: https://thehackernews.com/2023/10/over-3-dozen-data-stealing-malicious.html

⚡ShellTorch: Multiple vulnerabilities in TorchServe, used for serving PyTorch models, could lead to remote code execution attacks, potentially exposing sensitive data and compromising system security.

Learn more: https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html

🚨 Urgent! Qualcomm releases security updates to patch 17 vulnerabilities, including 3 zero-days actively exploited.

Find details here: https://thehackernews.com/2023/10/qualcomm-releases-patch-for-3-new-zero.html

⚠️ Watch out, developers! A rogue npm package, "node-hide-console-windows," was hiding a nasty surprise - the r77 rootkit.

This is the first-ever case of a package delivering a rootkit.

Read details: https://thehackernews.com/2023/10/rogue-npm-package-deploys-open-source.html

🛡️ Is your organization struggling with SaaS security on a tight budget? Discover how Wing Security's $1,500/year tier could be the answer for mid-sized companies.

Read: https://thehackernews.com/2023/10/wing-disrupts-market-by-introducing.html

Microsoft warns of attackers attempting to exploit SQL instances to breach a cloud environment. The company shares details on the attack, highlighting the critical need to secure cloud identities

Read: https://thehackernews.com/2023/10/microsoft-warns-of-cyber-attacks.html

New Linux vulnerability (CVE-2023-4911) named Looney Tunables found in the GNU C library's dynamic loader. Exploitation could lead to root privileges.

Learn how it affects major #Linux distributions: https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

From DragonEgg to LightSpy — Discover the hidden links between Android and iOS spyware, exposing a sophisticated network of surveillance.

Learn more in this report: https://thehackernews.com/2023/10/researchers-link-dragonegg-android.html

Atlassian releases patch for a new zero-day vulnerability (CVE-2023-22515) in Confluence, risking admin account breaches on Data Center and Server instances.

Find details here: https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html

Update to the latest versions 8.3.3+, 8.4.3+, or 8.5.2 for a shield against potential exploits.

🚨 Attention iPhone and iPad users! Apple rushes in with iOS 17.0.3 and iPadOS 17.0.3 updates to patch an actively exploited kernel vulnerability.

Learn more about CVE-2023-42824: https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html

🚨 Alert: CISA flags active exploits. Two recent vulnerabilities come under the scanner:

— CVE-2023-42793: TeamCity Auth Bypass
— CVE-2023-28229: Win CNG Flaw

Read details here: https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html

Act fast, secure your networks—patch by Oct 25!

⚠️ Alert: A new Android banking trojan, named GoldDigger, has surfaced, targeting over 50 banking apps in the Asia-Pacific (APAC) and Spanish-speaking regions.

Learn more: https://thehackernews.com/2023/10/golddigger-android-trojan-targets.html

Researchers uncover "Operation Jacana," a targeted cyber espionage campaign using spear-phishing and DinodasRAT that breached a Guyana government entity.

Learn more: https://thehackernews.com/2023/10/guyana-governmental-entity-hit-by.html

💪 It's time to revolutionize your data security strategy for the cloud era

Dive into the groundbreaking realm of DSPM and decode the future of risk management in this exclusive webinar featuring Gartner and BigID. Sign up: https://thn.news/sGbfvuhX

🆘 Urgent: Cisco releases patch for a critical vulnerability in Emergency Responder, allowing remote attackers to sign in using hard-coded credentials and execute commands as root.

Read: https://thehackernews.com/2023/10/cisco-releases-urgent-patch-to-fix.html

🕵️‍♂️ Despite infrastructure disruption, QakBot malware operators are still active in an ongoing phishing campaign, delivering Ransom Knight ransomware & Remcos RAT.

Learn more: https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html

🚨 Multiple security flaws in Supermicro's BMC firmware pose severe risks. Know the risks from CVE-2023-40284 to CVE-2023-40290, allowing unauthenticated attackers to gain root access.

Read: https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html

Is your system one of the 70,000 exposed?

GitHub's secret scanning just got even better! Now supporting AWS, Microsoft, Google, and Slack tokens, ensuring your code's safety.

Learn how to amp up your code security with this powerful feature:https://thehackernews.com/2023/10/githubs-secret-scanning-feature-now.html

🤖 Cyber Intrusion Alert! Semiconductor companies in East Asia are under attack.

Threat actors posing as TSMC deploy Cobalt Strike beacons via HyperBro backdoor.

Read now: https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html

🔒 Strengthen your organization's security posture! Satori's UDPS offers real-time policy updates, non-intrusive encryption, and compatibility with diverse data platforms.

Learn how to safeguard your data effortlessly: https://thehackernews.com/2023/10/new-os-tool-tells-you-who-has-access-to.html

Cryptocurrency laundering hits $7 BILLION 💰

Report reveals Lazarus Group, tied to North Korea, involved in $900 million cross-chain bridge laundering spree. As mixers face scrutiny, crypto criminals shift tactics.

Read details: https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html