China-linked cyber espionage group UNC3886 exploits zero-day vulnerabilities in Fortinet, Ivanti, and VMware devices and evading detection with advanced techniques.

Discover how they operate: https://thehackernews.com/2024/06/chinese-cyber-espionage-group-exploits.html

⚡ Kraken exchange hacked: $3 Million stolen due to zero-day flaw. Researcher exploits bug, extorts company, refuses to return funds.

Read: https://thehackernews.com/2024/06/kraken-crypto-exchange-hit-by-3-million.html

Kraken working with law enforcement, calls actions criminal.

Discover the latest evasive malware loader, SquidLoader, targeting Chinese organizations via phishing emails. Learn about its advanced anti-analysis techniques and the ongoing threat of loader malware.

Details ➡️ https://thehackernews.com/2024/06/experts-uncover-new-evasive-squidloader.html

🔒 Fickle Stealer, a new Rust-based malware, and AZStealer, an open-source Python stealer, target sensitive data from crypto wallets, browsers, and more through multiple attack chains and exfiltration methods.

Learn more: https://thehackernews.com/2024/06/new-rust-based-fickle-malware-uses.html

Chinese-linked cyber espionage groups have been uncovered in a long-term infiltration of telecom operators in Asia since 2021, deploying custom malware and stealing credentials.

Read: https://thehackernews.com/2024/06/chinese-cyber-espionage-targets-telecom.html

Explore the challenges MSPs face with too many cybersecurity tools and discover how Guardz's unified platform simplifies operations and enhances security.

Read: https://thehackernews.com/2024/06/tool-overload-why-msps-are-still.html

Researchers uncover 'UEFIcanhazbufferoverflow' (CVE-2024-0762), a security flaw in Phoenix SecureCore UEFI firmware affecting multiple #Intel processor families.

Learn more: https://thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html

U.S. bans Kaspersky software over national security concerns, citing Russian government ties. The ban extends to Kaspersky's affiliates, subsidiaries, and parent companies.

Learn about the ban's impact and Kaspersky's response: https://thehackernews.com/2024/06/us-bans-kaspersky-software-citing.html

⚠️ Alert: SolarWinds Serv-U vulnerability (CVE-2024-28995) is under active exploitation. Urgent update required to protect sensitive data from unauthorized access.

Learn more: https://thehackernews.com/2024/06/solarwinds-serv-u-vulnerability-under.html

🚨 Searching for Google Chrome or Microsoft Teams? Be cautious!

Cybercriminals are exploiting search engines to redirect users to fake websites & distribute trojanized versions of popular apps to spread the Oyster #malware.

Read: https://thehackernews.com/2024/06/oyster-backdoor-spreading-via.html

📁 Beware of ZIP files!

Discover how a new phishing campaign targets Pakistan using military-themed emails to spread PHANTOM#SPIKE, a custom backdoor granting remote system access.

Learn more: https://thehackernews.com/2024/06/military-themed-emails-used-to-spread.html

🚨 New Threat Alert!

Chinese-speaking SneakyChef hackers are targeting government entities worldwide and AI-focused organizations with sophisticated SugarGh0st and SpiceRAT malware.

Get the latest insights — https://thehackernews.com/2024/06/chinese-hackers-deploy-spicerat-and.html

Discover the power of SOC Automation Capability Matrix for cybersecurity incident response and workflow automation. Perfect for enhancing your security operations.

Read: https://thehackernews.com/2024/02/how-to-use-tiness-soc-automation.html

U.S. Treasury sanctions 12 Kaspersky executives following Commerce Department's ban on Kaspersky software in the U.S. The company and CEO remain unaffected.

Learn more: https://thehackernews.com/2024/06/us-treasury-sanctions-12-kaspersky.html

🚨 Beware: A new adware, AdsExhaust, is targeting Meta Quest app seekers with malicious downloads, manipulating browsers, and generating unauthorized revenue through sophisticated techniques.

Read: https://thehackernews.com/2024/06/warning-new-adware-campaign-targets.html

New cybercrime gang ExCobalt targets Russian organizations with sophisticated GoRed backdoor.

Explore their tactics: https://thehackernews.com/2024/06/excobalt-cyber-gang-targets-russian.html

Cyber espionage groups are using Rafel RAT, an open-source Android tool, disguised as popular apps like Instagram, WhatsApp, and more. This malware conducts data theft and device manipulation.

Read: https://thehackernews.com/2024/06/iranian-hackers-deploy-rafel-rat-in.html

🛑 RedJuliett, a suspected China-linked cyber group, target Taiwan and other countries in extensive cyber espionage campaign, exploiting vulnerabilities in internet-facing devices for intelligence gathering.

Read: https://thehackernews.com/2024/06/redjuliett-cyber-espionage-campaign.html

Join Luke Jennings, VP R&D at Push Security, to explore the impact of the ongoing Snowflake incident and the practical steps that organizations can take to investigate and respond effectively, avoiding some of the common pitfalls relating to how identities are configured in Snowflake

Register for the webinar here: https://go.thn.li/snowflake-webinar-tel

🚨 Critical security flaw (CVE-2024-37032) discovered in Ollama, an open-source AI platform, could lead to remote code execution.

Learn more: https://thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html

Over 1,000 exposed instances found. Patch available in v0.1.34.

Google Project Zero introduces 'Naptime,' an LLM-powered framework for vulnerability research. It boosts LLMs' CyberSecEval 2 performance, using advanced tools to better identify and exploit software flaws.

Read: https://thehackernews.com/2024/06/google-introduces-project-naptime-for.html