🔒 Multiple vulnerabilities, called "PixieFail," found in UEFI firmware used by major manufacturers like AMI and Intel. Attackers can exploit these vulnerabilities to gain control, steal data, or cause damage.

Details ➡️ https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html

Remember those annoying texts you keep approving? They might be hacker traps!

Learn about MFA spamming and expert tips ➡️ https://thehackernews.com/2024/01/mfa-spamming-and-fatigue-when-security.html

⚠️ Developers, beware! Hackers can poison AI models and software. Vulnerabilities found in TensorFlow CI/CD pipeline allow #malware upload and token theft.

Learn about the AI/ML threat: https://thehackernews.com/2024/01/tensorflow-cicd-flaw-exposed-supply.html

Russian Spy Group Now Deploying Custom "SPICA" Backdoor!

TAG exposes COLDRIVER's evolution from phishing to malware attacks targeting Ukraine, NATO, and beyond.

Learn their sneaky tactics: https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html

A new attack targets Docker servers and uses a combo of cryptocurrency mining and website traffic generation for profit. It could leave a backdoor for attackers to exploit later.

Patch your systems and monitor for suspicious activity: https://thehackernews.com/2024/01/new-docker-malware-steals-cpu-for.html

🆘 Patch your Ivanti ASAP! CISA urges action, especially for government agencies.

A critical flaw (CVE-2023-35082) in Ivanti EPMM is being exploited in the wild, giving attackers access to your data.

Don't wait, read more: https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html

Ransomware, hardware failure, human error - the data loss threats in Exchange Servers are real.

Protect your Exchange Server from financial ruin & reputational nightmares with these 5 backup methods & proactive measures: https://thehackernews.com/2024/01/preventing-data-loss-backup-and.html

RAT Alert! Malicious "oscompatible" package on npm deployed a sophisticated trojan on Windows machines. It steals data, hides your screen, and even disables shutdowns

Read details here: https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html

Thinking of downloading a pirated copy of that software?

⚠️ Think again. A new backdoor malware has been discovered in pirated macOS apps, granting hackers full control of users' devices.

Learn more: https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

🛡️ TA866 is back with thousands of invoice-themed, booby-trapped emails targeting users with WasabiSeed and Screenshotter malware to spy on your screen and steal valuable data.

Learn more: https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html

🔐 Microsoft discloses Russian APT infiltrated its systems through a test account, stealing emails and attachments of senior executives and others in cybersecurity and legal departments.

Find details here ➡️ https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html

🚨CISA issues emergency directive against two major zero-day actively exploited flaws in Ivanti products.

Learn more: https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html

Patch your Ivanti Connect Secure and Policy Secure ASAP.

Age ain't nothin' but a number... for vulnerabilities, that is. 35% of serious flaws linger for months! Time to prioritize patching.

Learn how in "Security Navigator 24" - https://thehackernews.com/2024/01/52-of-serious-vulnerabilities-we-find.html

Alert! New Java malware "NS-STEALER" uses bots to steal your logins and wallet data from popular browsers and exfiltrates secrets via Discord.

Learn more: https://thehackernews.com/2024/01/ns-stealer-uses-discord-bots-to.html

FTC bans another data broker, InMarket, for selling our movements without consent. Protect yourself: learn how they track you & what you can do

Read: https://thehackernews.com/2024/01/ftc-bans-inmarket-for-selling-precise.html

Hackers Feast on Unpatched ActiveMQ! CVE-2023-46604, a critical remote code execution flaw, is back in the spotlight.

Learn more: https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html

Update your Apache ASAP or risk ransomware, rootkits, and botnets.

Java & Android libraries vulnerable to new supply chain attack — MavenGate!

Hackers can hijack popular abandoned libraries & inject malware into your apps.

Click to read more: https://thehackernews.com/2024/01/hackers-hijack-popular-java-and-android.html

North Korea's ScarCruft targeting media & experts.

A new attack campaign using fake threat reports & infected ZIPs aimed at gathering intel on defense strategies.

Find details here: https://thehackernews.com/2024/01/north-korean-hackers-weaponize-fake.html

Cybercrime Marketplace Mastermind, 21, Walks Free (Mostly) – Fitzpatrick, the Creator of BreachForums, Avoids Prison but Faces 20 Years of Supervision.

Read: https://thehackernews.com/2024/01/breachforums-founder-sentenced-to-20.html

Apple fixes first "in-the-wild" zero-day of 2024. Update iPhones, iPads, and Macs NOW!

Details: https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

Atlassian Confluence RCE flaw under active attack (CVE-2023-22527). Hackers are scanning the web within 3 days of disclosure.

Learn more ➡️ https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html

Patch NOW - Don't wait for a "whoami" knock at your server door.