😱 Yikes! Did you know that over 11,000 secrets (passwords, API keys...) were leaked on the Python repository PyPI, and over 12.8 million on GitHub in 2023?

GitGuardian's findings are alarming - read the details: https://thehackernews.com/2024/04/gitguardian-report-pypi-secrets.html

🚨 Urgent - CISA issues emergency directive urging federal agencies to analyze compromised emails and ramp up cybersecurity measures following the recent compromise of Microsoft's systems by a Russian nation-state group.

Details > https://thehackernews.com/2024/04/us-federal-agencies-ordered-to-hunt-for.html

🚨 E-commerce website owners and admins – BEWARE!

Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.

Check your website's security now: https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html

🛑 URGENT - Critical zero-day security vulnerability (CVE-2024-3400) discovered in Palo Alto Networks firewalls.

Hackers are already exploiting it in the wild, enabling them "to execute arbitrary code with root privileges."

Details👇 https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html

MuddyWater's new C2 infrastructure, DarkBeatC2, has been spotted in the wild, targeting Israeli institutions with a fresh attack campaign.

Read: https://thehackernews.com/2024/04/iranian-muddywater-hackers-adopt-new-c2.html

Software systems have a hidden world of 'non-human' identities... think of them like API keys on steroids.

Learn how to protect your systems from attacks targeting these identities: https://thehackernews.com/2024/04/code-keepers-mastering-non-human.html

🚨 Urgent: Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.

Read on for details -> https://thehackernews.com/2024/04/popular-rust-crate-liblzma-sys.html

Hackers exploited a critical flaw (CVE-2024-3400) in Palo Alto Networks' software weeks before it was discovered.

They used a Python backdoor, UPSTYLE, to control and conceal commands within firewall files.

Read: https://thehackernews.com/2024/04/hackers-deploy-python-backdoor-in-palo.html

US Treasury sanctions Hamas official, Hudhayfa Samir Abdallah al-Kahlut, for cyber influence operations and threats against civilians.

Read: https://thehackernews.com/2024/04/us-treasury-hamas-spokesperson-for.html

A former cybersecurity engineer has been sentenced to three years in prison for stealing $12.3 MILLION from two decentralized #cryptocurrency exchanges by manipulating smart contracts and exploiting vulnerabilities.

https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html

Palo Alto Networks released critical hotfixes to patch a severe vulnerability (CVE-2024-3400) in their PAN-OS firewall software.

The vulnerability allows unauthenticated attackers to run malicious code with root privileges.

https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html

A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy, allowing attackers to capture data from a variety of sources.

https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html

Hackers aren't just after your servers. The Muddled Libra threat group weaponizes SaaS & cloud environments for data exfiltration. Learn how they're getting in & how to stop them:

https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html

JIT access is reshaping privileged access management (PAM). Learn how it boosts security and minimizes attack vectors.

Explore the benefits of JIT access here:
https://thehackernews.com/2024/04/timing-is-everything-role-of-just-in.html

GitHub Copilot may boost coding speed, but at what cost? Find out how 40% of code suggestions might expose you to cyber risks.

Get the full scoop here: https://thehackernews.com/2024/04/ai-copilot-launching-innovation-rockets.html

A security vulnerability in the Lighttpd web server, often used in baseboard management controllers (BMCs), has not been addressed by certain vendors, including Intel and Lenovo.

Read details here: https://thehackernews.com/2024/04/intel-and-lenovo-bmcs-contain-unpatched.html

🚨 Two individuals have been arrested for developing and distributing Hive RAT malware, while a Nebraska man has been indicted for a $3.5 million cloud cryptojacking scheme.

https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html

The FTC fined mental telehealth service Cerebral over $7 million for deceptive data sharing practices and failing to honor its cancellation policies.

https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html

🚨 Alert - A critical vulnerability in PuTTY versions 0.68 to 0.80 could lead to private key compromises.

Details: https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html

Don't let hackers take control—update immediately.

Are you concerned about cyber attacks? You're not alone. Shockingly, a recent report reveals that 67% of businesses are leaving themselves vulnerable to hackers through bad password habits.

Don't be a sitting duck! Check out this report on how to level up your security game: https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html

🔐 Popular cloud CLI tools (AWS, Google Cloud, Azure) have a vulnerability ("LeakyCLI") exposing sensitive data in build logs.

Click to learn more: https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html