Software systems have a hidden world of 'non-human' identities... think of them like API keys on steroids.

Learn how to protect your systems from attacks targeting these identities: https://thehackernews.com/2024/04/code-keepers-mastering-non-human.html

🚨 Urgent: Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.

Read on for details -> https://thehackernews.com/2024/04/popular-rust-crate-liblzma-sys.html

Hackers exploited a critical flaw (CVE-2024-3400) in Palo Alto Networks' software weeks before it was discovered.

They used a Python backdoor, UPSTYLE, to control and conceal commands within firewall files.

Read: https://thehackernews.com/2024/04/hackers-deploy-python-backdoor-in-palo.html

US Treasury sanctions Hamas official, Hudhayfa Samir Abdallah al-Kahlut, for cyber influence operations and threats against civilians.

Read: https://thehackernews.com/2024/04/us-treasury-hamas-spokesperson-for.html

A former cybersecurity engineer has been sentenced to three years in prison for stealing $12.3 MILLION from two decentralized #cryptocurrency exchanges by manipulating smart contracts and exploiting vulnerabilities.

https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html

Palo Alto Networks released critical hotfixes to patch a severe vulnerability (CVE-2024-3400) in their PAN-OS firewall software.

The vulnerability allows unauthenticated attackers to run malicious code with root privileges.

https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html

A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy, allowing attackers to capture data from a variety of sources.

https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html

Hackers aren't just after your servers. The Muddled Libra threat group weaponizes SaaS & cloud environments for data exfiltration. Learn how they're getting in & how to stop them:

https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html

JIT access is reshaping privileged access management (PAM). Learn how it boosts security and minimizes attack vectors.

Explore the benefits of JIT access here:
https://thehackernews.com/2024/04/timing-is-everything-role-of-just-in.html

GitHub Copilot may boost coding speed, but at what cost? Find out how 40% of code suggestions might expose you to cyber risks.

Get the full scoop here: https://thehackernews.com/2024/04/ai-copilot-launching-innovation-rockets.html

A security vulnerability in the Lighttpd web server, often used in baseboard management controllers (BMCs), has not been addressed by certain vendors, including Intel and Lenovo.

Read details here: https://thehackernews.com/2024/04/intel-and-lenovo-bmcs-contain-unpatched.html

🚨 Two individuals have been arrested for developing and distributing Hive RAT malware, while a Nebraska man has been indicted for a $3.5 million cloud cryptojacking scheme.

https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html

The FTC fined mental telehealth service Cerebral over $7 million for deceptive data sharing practices and failing to honor its cancellation policies.

https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html

🚨 Alert - A critical vulnerability in PuTTY versions 0.68 to 0.80 could lead to private key compromises.

Details: https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html

Don't let hackers take control—update immediately.

Are you concerned about cyber attacks? You're not alone. Shockingly, a recent report reveals that 67% of businesses are leaving themselves vulnerable to hackers through bad password habits.

Don't be a sitting duck! Check out this report on how to level up your security game: https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html

🔐 Popular cloud CLI tools (AWS, Google Cloud, Azure) have a vulnerability ("LeakyCLI") exposing sensitive data in build logs.

Click to learn more: https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html

TA558 hackers are using steganography to hide and distribute #malware like Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm in love-themed documents to target different industries.

Find out how: https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html

#hacking #cybersecurity

Security researchers uncover a "credible" takeover attempt on the OpenJS Foundation, mirroring a recent incident with XZ Utils.

Read: https://thehackernews.com/2024/04/openjs-foundation-targeted-in-potential.html

⚠️ Researchers warn of a global increase in TOR-based brute-force attacks targeting VPNs, web applications, and SSH services.

Details: https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html

🚨 If you use Fortinet FortiClient EMS, patch NOW.

Researchers have uncovered a new malicious campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, deploying ScreenConnect and Metasploit.

https://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html

🚨 Alert: Hackers are exploiting a critical vulnerability (CVE-2023-22518) in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.

More info here: https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html