Who’s using AI tools in your organization? Find out in minutes with Nudge Security. Start a free trial and discover every SaaS account ever created by anyone in your org, including generative AI tools.

The best part? You’ll have a full inventory in minutes and you don’t even have to know what apps you’re looking for. No agents, browser plug-ins or network proxies required.

https://thn.news/mitigate-ai-risks

🛑 TA558 threat actor launches massive phishing campaign targeting Latin American sectors, deploying Venom RAT. Hotels, finance, government among primary targets in Spain, Mexico, U.S., Colombia, Brazil, and more.

Learn more: https://thehackernews.com/2024/04/massive-phishing-campaign-strikes-latin.html

Google agrees to delete BILLION of browsing records to settle class action lawsuit, alleging tracking without consent in Chrome's Incognito Mode.

Find details here: https://thehackernews.com/2024/04/google-to-delete-billions-of-browsing.html

China-linked hacker group Earth Freybug is now using a new malware named "UNAPIMON" to fly under the radar.

Learn more: https://thehackernews.com/2024/04/china-linked-hackers-deploy-new.html

Researchers shed light on their espionage and financially motivated activities.

🛑 Malicious code discovered in widely used Linux tool XZ Utils could lead to remote code execution. The incident underscores the dangers of open-source software reliance.

Read now: https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html

If you use Linux, take action NOW.

What makes Cloud Security tough? Lack of visibility, inconsistent permissions, blurred ownership...

Hybrid attack path analysis is crucial for complete security. Continuous Threat Exposure Management (CTEM) helps block critical attack vectors.

Learn: https://thehackernews.com/2024/04/harnessing-power-of-ctem-for-cloud.html

🚨 Heads up, WordPress admins!

A critical SQL injection flaw in the LayerSlider plugin (CVE-2024-2879) could lead to sensitive data leaks. If you haven't updated, make sure to install version 7.10.1 or latest.

Find details: https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html

⚠️ Banking trojan Mispadu expands to Italy, Poland, and Sweden, stealing thousands of credentials with sophisticated tactics like phishing emails and keystroke capture.

Read details: https://thehackernews.com/2024/04/mispadu-trojan-targets-europe-thousands.html

Google Chrome is testing a new feature called "Device Bound Session Credentials" to fight against session cookie theft by #malware.

DBSC links auth sessions directly to users' devices to stop cookie theft hacks.

Learn more about it: https://thehackernews.com/2024/04/google-chrome-beta-tests-new-dbsc.html

Confused about vulnerability management (VM) vs. attack surface management (ASM)?

They're both important but different. But together, they form a robust defense against cyber threats.

Learn how: https://thehackernews.com/2024/04/attack-surface-management-vs.html

⚠️ U.S. Cyber Safety Review Board slams Microsoft for security failures that enabled a major data breach by China-backed hackers.

Read details: https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html

🔥 Google's Pixel smartphones under attack!

Two new Android security flaws - CVE-2024-29745 & CVE-2024-29748 - uncovered, exploited in the wild by forensic companies.

Learn more: https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html

⚠️ Ivanti releases security patches for 4 new flaws in Connect Secure/Policy Secure Gateways.

Flaws could allow attackers to execute arbitrary code or launch DoS attacks.

Learn more: https://thehackernews.com/2024/04/ivanti-rushes-patches-for-4-new-flaw-in.html

Your data protection strategy can only be as good as the solutions you choose to implement. This makes being prepared and informed a crucial part of the buying process.

Check out the free Zerto Data Protection Buyers Guide for more buying decision info: https://thn.news/6DQjE1Pa

New HTTP/2 #ulnerability discovered.

"CONTINUATION Flood" attacks can lead to denial-of-service (DoS). This could cause crashes and serious website disruptions.

Find details here: https://thehackernews.com/2024/04/new-http2-vulnerability-exposes-web.html

🚨 Beware of new phishing campaigns targeting the oil and gas sector. Rhadamanthys malware makes a comeback, using a clever vehicle incident lure to trick victims into downloading malicious payloads.

Learn more: https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html

⚠️ Vietnamese hacking group, CoralRaider, targets multiple Asian countries with data-stealing malware, stealing credentials & financial data to sell on underground markets.

Read details: https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html

⚡ Critical Supply Chain Compromise: Backdoor in XZ Utils allows RCE.

See how to detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library.

Read: https://thn.news/critical-rce-xz-utils

🛑 Multiple China-based hackers are on a spree exploiting zero-day flaws in Ivanti appliances.

Vulnerabilities CVE-2023-46805, CVE-2024-21887, CVE-2024-21893 are being abused.

Learn more: https://thehackernews.com/2024/04/researchers-identify-multiple-china.html

Even financially motivated groups are in on the action.

⚠️ Financial organizations in APAC & MENA are under attack!

A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems, targeting banks & big companies.

https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html

⚠️ Watch out for FAKE Adobe Acrobat Reader installers. They carry a nasty malware called Byakugan that steals your data and even drops cryptominers.

https://thehackernews.com/2024/04/from-pdfs-to-payload-bogus-adobe.html