FTC fined Avast $16.5 million for collecting and selling users' browsing data despite privacy promises.

Full story: https://thehackernews.com/2024/02/ftc-slams-avast-with-165-million-fine.html

Researchers uncovered details of a major vulnerability (CVE-2024-23204) in the Apple Shortcuts app that could have exposed sensitive user data without consent on older iOS, iPadOS, macOS, and watchOS devices.

Learn more: https://thehackernews.com/2024/02/researchers-detail-apples-recent-zero.html

Hacktivism is reshaping the battlefield in digital age wars. Witness how cyber-activism is playing a pivotal role in geopolitical conflicts. Dive deeper into the transformation of hacktivism into a mainstream political tool.

Read: https://thehackernews.com/2024/02/a-new-age-of-hacktivism.html

Microsoft releases PyRIT, an automation tool designed to proactively identify risks and ethical concerns in Generative AI systems, including security and #privacy threats.

Learn more: https://thehackernews.com/2024/02/microsoft-releases-pyrit-red-teaming.html

Ever wondered how top security teams stay ahead?

It's all about automation! Learn from the SOC Automation Capability Matrix and transform your response to threats.

Explore now ➡️ https://thehackernews.com/2024/02/how-to-use-tiness-soc-automation.html

🚨 Heads Up - The "django-log-tracker" PyPI package, inactive for over 2 years, has been hijacked to distribute the Nova Sentinel malware.

Learn more: https://thehackernews.com/2024/02/dormant-pypi-package-compromised-to.html

Game over? In a dramatic turn of events, LockBitSupp, a key figure in the notorious LockBit ransomware operation, is "reportedly" cooperating with law enforcement.

Find details here: https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html

Cybercriminals are using Google's Cloud Run service to launch large-scale email phishing attacks, distributing banking trojans like Astaroth, Mekotio, and Ousaban.

Read: https://thehackernews.com/2024/02/banking-trojans-target-latin-america.html

🚨 LockBit ransomware operators are back online after a law enforcement takedown, blaming outdated software for the breach.

They are now calling for increased attacks on the government sector.

Find out more: https://thehackernews.com/2024/02/lockbit-ransomware-group-resurfaces.html

Fake npm packages traced back to North Korean hackers, aiming at developers with sophisticated credential-stealing scripts.

Learn more: https://thehackernews.com/2024/02/north-korean-hackers-targeting.html

Protect your projects—verify your dependencies now.

🤖 Think LLMs are foolproof? Think again! Hackers are exploiting them to steal sensitive data. Protect yourself – learn the latest LLM security risks and how to defend against them.

🔗 Learn more: https://thehackernews.com/2024/02/three-tips-to-protect-your-secrets-from.html

Over 8,000 subdomains belonging to recognized brands and organizations are being exploited for malicious email distribution.

Learn more: https://thehackernews.com/2024/02/8000-subdomains-of-trusted-brands.html

SPF, DKIM, DMARC – they're not enough. "ResurrecAds" is bypassing email security measures with alarming ease.

🚨 Malicious cyber campaign targets Ukrainian entities in Finland with Remcos RAT via IDAT Loader, utilizing rare steganography technique.

Learn more: https://thehackernews.com/2024/02/new-idat-loader-attacks-using.html

⚠️ Alert — Critical security flaw (CVE-2024-1071) found in Ultimate Member WordPress plugin used by 200k sites.

Read more: https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html

Update to version 2.8.3 to fix SQL injection vulnerability and prevent data breaches.

🤖 Security researchers have uncovered a new vulnerability in Hugging Face's Safetensors conversion service that could lead to supply chain attacks, compromising user-submitted models.

Read details: https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html

🔒 Alert: Five Eyes agencies unveil latest tactics of Russian state-sponsored hacker group APT29, revealing advanced techniques in cybersecurity warfare.

Learn more: https://thehackernews.com/2024/02/five-eyes-agencies-expose-apt29s.html

🚨 ALERT - Open-source Xeno RAT available on GitHub with features like remote access, audio recording, & hidden VNC. Experts warn of rising RAT attacks.

Learn more: https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html

Patch your LiteSpeed Cache plugin for WordPress against CVE-2023-40000. This flaw could lead to unauthorized site takeover.

Click for details: https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html

Ever wondered how SOC teams can sift through millions of alerts without missing a beat?

Discover how Threat Intelligence Platforms are revolutionizing SOC investigations and turning chaos into clarity.

Explore how to refine threat hunting: https://thehackernews.com/2024/02/from-alert-to-action-how-to-speed-up.html

🛡️ Is your Ubiquiti EdgeRouter safe? A joint advisory from cybersecurity and intelligence agencies reveals APT28's use of MooBot to exploit your devices.

Read the full advisory: https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html

Mexican users are under siege by a sophisticated cyberattack campaign using tax-themed phishing emails to plant "TimbreStealer," a data-snatching #malware.

Learn more: https://thehackernews.com/2024/02/timbrestealer-malware-spreading-via-tax.html