Active Android spyware campaign 'eXotic Visit' targeting users in India and Pakistan.

Fake messaging apps like "ChitChat" and "Alpha Chat" actually contain the trojan.

https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html

Bad news: Some of these apps were on Google Play.

🚨 Urgent security warning - If you use FortiClientLinux, update immediately. Critical vulnerability could let attackers run code on your system.

Patch now, get the details here: https://thehackernews.com/2024/04/fortinet-has-released-patches-to.html

🛡️ Apple's updated Spyware Alert System now warns individual users of potential targeting by mercenary spyware attacks.

Details here 👉 https://thehackernews.com/2024/04/apple-expands-spyware-alert-system-to.html

🚨 TA547 hacker group adopts new tactics, possibly harnessing the power of generative AI, to deploy the Rhadamanthys info stealer in attacks on German organizations.

Find details here: https://thehackernews.com/2024/04/ta547-phishing-attack-hits-german-firms.html

The question you need to ask: Are you affected by the XZ Util Backdoor?

Prevent future risks and make sure you have a defense-in-depth strategy using Wiz CDR and runtime sensor.

See Wiz in Action: https://thn.news/wiz-cloud-security

😱 Yikes! Did you know that over 11,000 secrets (passwords, API keys...) were leaked on the Python repository PyPI, and over 12.8 million on GitHub in 2023?

GitGuardian's findings are alarming - read the details: https://thehackernews.com/2024/04/gitguardian-report-pypi-secrets.html

🚨 Urgent - CISA issues emergency directive urging federal agencies to analyze compromised emails and ramp up cybersecurity measures following the recent compromise of Microsoft's systems by a Russian nation-state group.

Details > https://thehackernews.com/2024/04/us-federal-agencies-ordered-to-hunt-for.html

🚨 E-commerce website owners and admins – BEWARE!

Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.

Check your website's security now: https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html

🛑 URGENT - Critical zero-day security vulnerability (CVE-2024-3400) discovered in Palo Alto Networks firewalls.

Hackers are already exploiting it in the wild, enabling them "to execute arbitrary code with root privileges."

Details👇 https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html

MuddyWater's new C2 infrastructure, DarkBeatC2, has been spotted in the wild, targeting Israeli institutions with a fresh attack campaign.

Read: https://thehackernews.com/2024/04/iranian-muddywater-hackers-adopt-new-c2.html

Software systems have a hidden world of 'non-human' identities... think of them like API keys on steroids.

Learn how to protect your systems from attacks targeting these identities: https://thehackernews.com/2024/04/code-keepers-mastering-non-human.html

🚨 Urgent: Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.

Read on for details -> https://thehackernews.com/2024/04/popular-rust-crate-liblzma-sys.html

Hackers exploited a critical flaw (CVE-2024-3400) in Palo Alto Networks' software weeks before it was discovered.

They used a Python backdoor, UPSTYLE, to control and conceal commands within firewall files.

Read: https://thehackernews.com/2024/04/hackers-deploy-python-backdoor-in-palo.html

US Treasury sanctions Hamas official, Hudhayfa Samir Abdallah al-Kahlut, for cyber influence operations and threats against civilians.

Read: https://thehackernews.com/2024/04/us-treasury-hamas-spokesperson-for.html

A former cybersecurity engineer has been sentenced to three years in prison for stealing $12.3 MILLION from two decentralized #cryptocurrency exchanges by manipulating smart contracts and exploiting vulnerabilities.

https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html

Palo Alto Networks released critical hotfixes to patch a severe vulnerability (CVE-2024-3400) in their PAN-OS firewall software.

The vulnerability allows unauthenticated attackers to run malicious code with root privileges.

https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html

A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy, allowing attackers to capture data from a variety of sources.

https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html

Hackers aren't just after your servers. The Muddled Libra threat group weaponizes SaaS & cloud environments for data exfiltration. Learn how they're getting in & how to stop them:

https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html

JIT access is reshaping privileged access management (PAM). Learn how it boosts security and minimizes attack vectors.

Explore the benefits of JIT access here:
https://thehackernews.com/2024/04/timing-is-everything-role-of-just-in.html

GitHub Copilot may boost coding speed, but at what cost? Find out how 40% of code suggestions might expose you to cyber risks.

Get the full scoop here: https://thehackernews.com/2024/04/ai-copilot-launching-innovation-rockets.html

A security vulnerability in the Lighttpd web server, often used in baseboard management controllers (BMCs), has not been addressed by certain vendors, including Intel and Lenovo.

Read details here: https://thehackernews.com/2024/04/intel-and-lenovo-bmcs-contain-unpatched.html