Former Ethereum developer Virgil Griffith has been sentenced to 5 years and 3 months in prison and fined $100,000 for helping NorthKorea evade sanctions.

Read details: https://thehackernews.com/2022/04/ethereum-developer-jailed-63-months-for.html

⚡An urgent update for Google Chrome browser has been released to patch a new zero-day security vulnerability (CVE-2022-1364) that is being actively exploited by hackers.

Read details: https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html

A highly-critical vulnerability (CVE-2022-22966) has been discovered in VMWare Cloud Director that can be exploited for RCE attacks, allowing attackers to gain access to sensitive data & take over private clouds within an entire infrastructure.

https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html

Haskers gang has released a new information stealing malware called ZingoStealer for free to other cybercriminals so that they can use the tool for nefarious purposes.

Read details: https://thehackernews.com/2022/04/haskers-gang-gives-away-zingostealer.html

Researchers publish details of 5 new vulnerabilities, dubbed JekyllBot:5, that affect Aethon Tug hospital robots and could allow attackers to intercept medication and lab samples and control the devices.

Read: https://thehackernews.com/2022/04/new-jekyllbot5-flaws-let-attackers-take.html

⚠️GitHub finds that hackers abused stolen OAuth access tokens issued to 2 third-party OAuth integrators, Heroku and Travis-CI, to unauthorizedly download private data from several organizations.

Details: https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html

U.S. authorities report that NorthKorean Lazarus hackers were responsible for the $540 million Axie Infinity crypto hack, while Symantec researchers warn that the group is now targeting chemical companies in an ongoing cyberespionage campaign.

https://thehackernews.com/2022/04/lazarus-hackers-behind-540-million-axie.html

A critical RCE vulnerability has been reported in the WordPress plugin Elementor Website Builder, with over five million active installations, which could allow attackers to take over unpatched websites.

Details: https://thehackernews.com/2022/04/critical-rce-flaw-reported-in-wordpress.html

Ukraine government has warned of a new wave of hacking campaigns that spread IcedID malware and exploit Zimbra exploits to steal sensitive information.

Details: https://thehackernews.com/2022/04/new-hacking-campaign-targeting.html

Cybersecurity researchers have uncovered a new version of the SolarMarker malware that packs in new enhancements to improve its ability to evade defenses and stay under the radar.

Read details: https://thehackernews.com/2022/04/new-solarmarker-malware-variant-using.html

Researchers provide a detailed technical analysis of the PYSA ransomware group primarily striking government, healthcare, and education sectors.

Read details: https://thehackernews.com/2022/04/researchers-share-in-depth-analysis-of.html

Github's security team has notified users/organizations whose private data was downloaded with stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI.

Details: https://thehackernews.com/2022/04/github-notifies-victims-whose-private.html

U.S. government has issued a new warning about North Korean state-sponsored hackers targeting blockchain companies, including cryptocurrency exchanges, DeFi protocols, trading firms, venture capital funds, and individuals holding NFTs.

Read: https://thehackernews.com/2022/04/fbi-us-treasury-and-cisa-warns-of-north.html

A previously unknown zero-click exploit for Apple's iMessage was used to install spyware from NSO Group and Candiru on 65 people as part of a "multi-year clandestine operation."

Read details: https://thehackernews.com/2022/04/experts-uncover-spyware-attacks-against.html

Researchers discover multiple UEFI firmware vulnerabilities in various Lenovo laptop models that allow malicious actors to install and execute firmware implants on the affected devices.

Read details: https://thehackernews.com/2022/04/new-lenovo-uefi-firmware.html

CISA has issued a new warning that hackers are exploiting a recently reported vulnerability in the Windows Print Spooler, as well as two other vulnerabilities in Zimbra and WhatsApp that are being exploited.

Read: https://thehackernews.com/2022/04/hackers-exploiting-recently-reported.html

Okta said it concluded its investigation into the breach of a third-party vendor by the LAPSUS$ extortionist gang in late January 2022 and determined only two customers were affected.

Read details: https://thehackernews.com/2022/04/okta-says-security-breach-by-lapsus.html

Researchers disclose details about a now-patched vulnerability in the Snort Intrusion Detection and Prevention System that could allow attackers to render it powerless against malicious traffic.

Read details: https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year.

Details: https://thehackernews.com/2022/04/google-project-zero-detects-record.html

Five Eyes nations have released a joint cybersecurity advisory warning of an increase in malicious attacks by Russian state-sponsored actors and criminal groups on critical infrastructure amid the ongoing military siege of #Ukraine.

Read: https://thehackernews.com/2022/04/five-eyes-nations-warn-of-russian-cyber.html