🤖 Security researchers have uncovered a new vulnerability in Hugging Face's Safetensors conversion service that could lead to supply chain attacks, compromising user-submitted models.

Read details: https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html

🔒 Alert: Five Eyes agencies unveil latest tactics of Russian state-sponsored hacker group APT29, revealing advanced techniques in cybersecurity warfare.

Learn more: https://thehackernews.com/2024/02/five-eyes-agencies-expose-apt29s.html

🚨 ALERT - Open-source Xeno RAT available on GitHub with features like remote access, audio recording, & hidden VNC. Experts warn of rising RAT attacks.

Learn more: https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html

Patch your LiteSpeed Cache plugin for WordPress against CVE-2023-40000. This flaw could lead to unauthorized site takeover.

Click for details: https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html

Ever wondered how SOC teams can sift through millions of alerts without missing a beat?

Discover how Threat Intelligence Platforms are revolutionizing SOC investigations and turning chaos into clarity.

Explore how to refine threat hunting: https://thehackernews.com/2024/02/from-alert-to-action-how-to-speed-up.html

🛡️ Is your Ubiquiti EdgeRouter safe? A joint advisory from cybersecurity and intelligence agencies reveals APT28's use of MooBot to exploit your devices.

Read the full advisory: https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html

Mexican users are under siege by a sophisticated cyberattack campaign using tax-themed phishing emails to plant "TimbreStealer," a data-snatching #malware.

Learn more: https://thehackernews.com/2024/02/timbrestealer-malware-spreading-via-tax.html

BlackCat ransomware is back - healthcare on high alert!

FBI, CISA, and HHS warn healthcare to guard against BlackCat. Ransomware groups escalate attacks using remote access vulnerabilities and custom tools.

Learn more: https://thehackernews.com/2024/02/fbi-warns-us-healthcare-sector-of.html

Is your cybersecurity strategy evolving? Traditional perimeter defenses are no longer enough. Discover how focusing on privileged users can transform your security posture.

Dive deeper into the shift ➜ https://thehackernews.com/2024/02/superusers-need-super-protection-how-to.html

Iranian hackers are using fake job offers to target Middle East industries, particularly in aerospace, aviation, and defense. The cyberattacks have been linked to threat group UNC1549, backed by Iran.

Learn more: https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html

🛑 Attention APT hunters! Chinese hacker groups UNC5325 & UNC3886 are exploiting Ivanti flaws (CVE-2024-21893 & CVE-2024-21887) to deploy persistent malware (LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, PITHOOK).

Learn more: https://thehackernews.com/2024/02/chinese-hackers-exploiting-ivanti-vpn.html

🍷 Fancy a glass of malware? New 'SPIKEDWINE' campaign lures European diplomats with fake wine-tasting invites, deploying the sophisticated WINELOADER backdoor.

Learn more: https://thehackernews.com/2024/02/new-backdoor-targeting-european.html

⚠️ Alert, developers! North Korean hackers uploaded malware to PyPI. Packages like pycryptoenv and pycryptoconf targeted typos in popular #encryption library.

Learn more: https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html

U.S. President Biden signs Executive Order to prevent mass data transfers—from biometric to financial data—to 'countries of concern' due to #privacy and national security risks.

Read details here: https://thehackernews.com/2024/02/president-biden-blocks-mass-transfer-of.html

🔐 Data privacy is no longer a maybe, it's a must!

Discover how a CDP can help you ethically personalize customer experiences while complying with regulations.

Join our webinar to discover the secrets of first-party data: https://thehackernews.com/2024/02/building-your-privacy-compliant.html

⚠️ Lazarus Group hackers found exploiting a Windows kernel zero-day vulnerability (CVE-2024-21338) weeks after a patch was released, allowing them to gain system-level control and disable security software on targeted systems.

Details here: https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html

Beware! A new 🐧 Linux malware called "GTPDOOR" has been discovered that targets 📡 telecom networks and leverages the 🛜 GPRS Tunneling Protocol (GTP) for command-and-control (C2) communications.

Read details here: https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html

Data breaches are on the rise at an alarming rate. Is your organization's #cybersecurity strategy ready to adapt?

Don't be the next headline – take a proactive approach to cybersecurity.

Learn the key strategies to protect your business: https://thehackernews.com/2024/02/why-risk-based-approach-to.html

New attack technique "Silver SAML" bypasses protections against Golden SAML attacks in apps using Cloud Identity Providers like Microsoft Entra ID.

Read details here: https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html

Good news for devs – GitHub turned on auto secret scanning push protection by default for all pushes to public repositories.

Find out how it works: https://thehackernews.com/2024/03/github-rolls-out-default-secret.html

Five Eyes intelligence alliance warns of cyber threat actors targeting vulnerabilities in Ivanti Connect Secure and Policy Secure gateways. Four vulnerabilities under active attack.

Learn more here: https://thehackernews.com/2024/03/five-eyes-agencies-warn-of-active.html