Researchers found the "first native Spectre v2 exploit" targeting Linux kernel on Intel systems, bypassing existing memory leak protections and privilege escalation defenses.

Read details here: https://thehackernews.com/2024/04/researchers-uncover-first-native.html

Misconfigured systems? Forgotten accounts? These are like secret tunnels for hackers into your systems.

Want to find these hidden security weaknesses? Join our FREE webinar: "Top 4 Identity Security Threat Exposures: Are You Vulnerable?"

Save your spot: https://thehackernews.com/2024/04/webinar-learn-how-to-stop-hackers-from.html

⚠️ BEWARE: Hackers are exploiting GitHub's search feature—using popular names and boosting rankings with fake stars—to lure developers into downloading #malware-infected repositories.

https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html

⚠️ Researchers uncover a fresh wave of the Raspberry Robin campaign spreading malware through malicious Windows Script Files (WSFs) since March 2024.

Read more about this evolving threat: https://thehackernews.com/2024/04/raspberry-robin-returns-new-malware.html

Active Android spyware campaign 'eXotic Visit' targeting users in India and Pakistan.

Fake messaging apps like "ChitChat" and "Alpha Chat" actually contain the trojan.

https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html

Bad news: Some of these apps were on Google Play.

🚨 Urgent security warning - If you use FortiClientLinux, update immediately. Critical vulnerability could let attackers run code on your system.

Patch now, get the details here: https://thehackernews.com/2024/04/fortinet-has-released-patches-to.html

🛡️ Apple's updated Spyware Alert System now warns individual users of potential targeting by mercenary spyware attacks.

Details here 👉 https://thehackernews.com/2024/04/apple-expands-spyware-alert-system-to.html

🚨 TA547 hacker group adopts new tactics, possibly harnessing the power of generative AI, to deploy the Rhadamanthys info stealer in attacks on German organizations.

Find details here: https://thehackernews.com/2024/04/ta547-phishing-attack-hits-german-firms.html

The question you need to ask: Are you affected by the XZ Util Backdoor?

Prevent future risks and make sure you have a defense-in-depth strategy using Wiz CDR and runtime sensor.

See Wiz in Action: https://thn.news/wiz-cloud-security

😱 Yikes! Did you know that over 11,000 secrets (passwords, API keys...) were leaked on the Python repository PyPI, and over 12.8 million on GitHub in 2023?

GitGuardian's findings are alarming - read the details: https://thehackernews.com/2024/04/gitguardian-report-pypi-secrets.html

🚨 Urgent - CISA issues emergency directive urging federal agencies to analyze compromised emails and ramp up cybersecurity measures following the recent compromise of Microsoft's systems by a Russian nation-state group.

Details > https://thehackernews.com/2024/04/us-federal-agencies-ordered-to-hunt-for.html

🚨 E-commerce website owners and admins – BEWARE!

Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.

Check your website's security now: https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html

🛑 URGENT - Critical zero-day security vulnerability (CVE-2024-3400) discovered in Palo Alto Networks firewalls.

Hackers are already exploiting it in the wild, enabling them "to execute arbitrary code with root privileges."

Details👇 https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html

MuddyWater's new C2 infrastructure, DarkBeatC2, has been spotted in the wild, targeting Israeli institutions with a fresh attack campaign.

Read: https://thehackernews.com/2024/04/iranian-muddywater-hackers-adopt-new-c2.html

Software systems have a hidden world of 'non-human' identities... think of them like API keys on steroids.

Learn how to protect your systems from attacks targeting these identities: https://thehackernews.com/2024/04/code-keepers-mastering-non-human.html

🚨 Urgent: Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.

Read on for details -> https://thehackernews.com/2024/04/popular-rust-crate-liblzma-sys.html

Hackers exploited a critical flaw (CVE-2024-3400) in Palo Alto Networks' software weeks before it was discovered.

They used a Python backdoor, UPSTYLE, to control and conceal commands within firewall files.

Read: https://thehackernews.com/2024/04/hackers-deploy-python-backdoor-in-palo.html

US Treasury sanctions Hamas official, Hudhayfa Samir Abdallah al-Kahlut, for cyber influence operations and threats against civilians.

Read: https://thehackernews.com/2024/04/us-treasury-hamas-spokesperson-for.html

A former cybersecurity engineer has been sentenced to three years in prison for stealing $12.3 MILLION from two decentralized #cryptocurrency exchanges by manipulating smart contracts and exploiting vulnerabilities.

https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html

Palo Alto Networks released critical hotfixes to patch a severe vulnerability (CVE-2024-3400) in their PAN-OS firewall software.

The vulnerability allows unauthenticated attackers to run malicious code with root privileges.

https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html

A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy, allowing attackers to capture data from a variety of sources.

https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html