🚨 Attention iPhone and iPad users! Apple rushes in with iOS 17.0.3 and iPadOS 17.0.3 updates to patch an actively exploited kernel vulnerability.

Learn more about CVE-2023-42824: https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html

🚨 Alert: CISA flags active exploits. Two recent vulnerabilities come under the scanner:

— CVE-2023-42793: TeamCity Auth Bypass
— CVE-2023-28229: Win CNG Flaw

Read details here: https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html

Act fast, secure your networks—patch by Oct 25!

⚠️ Alert: A new Android banking trojan, named GoldDigger, has surfaced, targeting over 50 banking apps in the Asia-Pacific (APAC) and Spanish-speaking regions.

Learn more: https://thehackernews.com/2023/10/golddigger-android-trojan-targets.html

Researchers uncover "Operation Jacana," a targeted cyber espionage campaign using spear-phishing and DinodasRAT that breached a Guyana government entity.

Learn more: https://thehackernews.com/2023/10/guyana-governmental-entity-hit-by.html

💪 It's time to revolutionize your data security strategy for the cloud era

Dive into the groundbreaking realm of DSPM and decode the future of risk management in this exclusive webinar featuring Gartner and BigID. Sign up: https://thn.news/sGbfvuhX

🆘 Urgent: Cisco releases patch for a critical vulnerability in Emergency Responder, allowing remote attackers to sign in using hard-coded credentials and execute commands as root.

Read: https://thehackernews.com/2023/10/cisco-releases-urgent-patch-to-fix.html

🕵️‍♂️ Despite infrastructure disruption, QakBot malware operators are still active in an ongoing phishing campaign, delivering Ransom Knight ransomware & Remcos RAT.

Learn more: https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html

🚨 Multiple security flaws in Supermicro's BMC firmware pose severe risks. Know the risks from CVE-2023-40284 to CVE-2023-40290, allowing unauthenticated attackers to gain root access.

Read: https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html

Is your system one of the 70,000 exposed?

GitHub's secret scanning just got even better! Now supporting AWS, Microsoft, Google, and Slack tokens, ensuring your code's safety.

Learn how to amp up your code security with this powerful feature:https://thehackernews.com/2023/10/githubs-secret-scanning-feature-now.html

🤖 Cyber Intrusion Alert! Semiconductor companies in East Asia are under attack.

Threat actors posing as TSMC deploy Cobalt Strike beacons via HyperBro backdoor.

Read now: https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html

🔒 Strengthen your organization's security posture! Satori's UDPS offers real-time policy updates, non-intrusive encryption, and compatibility with diverse data platforms.

Learn how to safeguard your data effortlessly: https://thehackernews.com/2023/10/new-os-tool-tells-you-who-has-access-to.html

Cryptocurrency laundering hits $7 BILLION 💰

Report reveals Lazarus Group, tied to North Korea, involved in $900 million cross-chain bridge laundering spree. As mixers face scrutiny, crypto criminals shift tactics.

Read details: https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html

⚡️ Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom.

Microsoft's report exposes tactics, including employing LinkedIn fakes & dynamic C2 infra on Google Drive.

Read: https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html

🚨 Heads up, Developers! Curl library, backbone of data transfers, to address TWO security vulnerabilities on October 11, 2023.

Read: https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html

CVE-2023-38545 & CVE-2023-38546 pose risks; details under wraps.

🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data.

Get the details: https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html

🚨 Heads up, senior executives! A new phishing campaign is on the rise, targeting Senior Executives in U.S. firms.

Read: https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html

Cybercriminals using EvilProxy to hijack accounts, specifically hitting banking, finance, insurance & manufacturing.

Ever dreamed in code? Moonlock Lab's #malware research engineer did, seeing 'MyHotKeyHandler,' 'Keylogger,' and 'macOS.'

#ChatGPT recreated the malicious code, revealing the risky world of AI jailbreaks and prompt engineering.

Learn how prompt injections make AI models go rogue: https://thehackernews.com/2023/10/i-had-dream-and-generative-ai-jailbreaks.html

📱 PEACHPIT alert! This ad fraud botnet, linked to China's BADBOX operation, targeted 15M+ Android & iOS users.

Learn how threat actors exploited devices for ad fraud and data theft: https://thehackernews.com/2023/10/peachpit-massive-ad-fraud-botnet.html

🔒 Hackers are exploiting the CVE-2023-3519 vulnerability in Citrix NetScaler devices for credential harvesting attacks.

Patch your systems ASAP! Read more: https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html

🚨 Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.

Read details of CVE-2023-43641 here: https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html

⚠️ Magecart strikes again with a new twist! Hackers are now hiding malicious code on the 404 error pages of compromised shopping sites to steal users' credit cards.

Read details here — https://thehackernews.com/2023/10/new-magecart-campaign-alters-404-error.html