Tails OS maintainers advise users not to use Tor browser until two critical Firefox vulnerabilities (CVE-2022-1802 and CVE-2022-1529) are fixed with the release of version 5.1 on May 31.

Read details: https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html

Hackers are increasingly relying on free-to-use browser automation frameworks to operate malicious activities as part of their attack campaigns.

Read details: https://thehackernews.com/2022/05/hackers-increasingly-using-browser.html

WARNING: ChromeLoader malware attacks are on the rise — a persistent and pervasive web browser hijacker that uses PowerShell to inject malicious extensions and redirects traffic to malicious ads.

Read details: https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html

Quanta servers have been found vulnerable to the serious "Pantsdown" BMC vulnerability, which could allow hackers to gain full control of the server, install persistent malware, exfiltrate data, and even brick it.

Read details: https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html

Zyxel has released patches to address four vulnerabilities affecting its firewall, AP controller, and AP products that allow execution of arbitrary operating system commands and theft of selected information.

Read: https://thehackernews.com/2022/05/zyxel-issues-patches-for-4-new-flaws.html

Researchers demonstrate "GhostTouch," a new type of attack that could let attackers use electromagnetic signals to control (tap and swipe) touchscreen devices, including answering an eavesdropping call, swiping up to unlock, or entering a password.

Read: https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html

Researchers at Numen Cyber Labs have released details of a new, recently reported critical UAF RCE vulnerability affecting the Chrome dev channel and related Chromium-based web browsers.

Details: https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html

GitHub reveals that hackers behind the recent OAuth token breach gained access to login credentials of nearly 100,000 NPM users

https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html

In an unrelated issue, plaintext credentials for npm were recorded in GitHub's internal logs for an unspecified no. of users.

Microsoft discloses 4 new high-severity vulnerabilities in a framework used by pre-installed Android system apps with millions of downloads.

Read: https://thehackernews.com/2022/05/microsoft-finds-critical-bugs-in-pre.html

A 37-year-old New York man has been sentenced to four years in prison for buying stolen credit card information and working with a cybercrime cartel known as "The Infraud Organization."

Read details: https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html

FBI warns of hackers selling VPN credentials for U.S. colleges and universities in public forums and criminal marketplaces on the Internet.

Read details: https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html

A new ransomware strain called "GoodWill" forces victims to donate money and clothes to the poor and take underprivileged children to Domino's Pizza, Pizza Hut, or KFC to give them a treat.

Read details: https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.html

Researchers have spotted a new zero-day exploit for Microsoft Office in the wild that could be exploited to execute arbitrary code on affected Windows systems, even if macros are disabled.

Details: https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html

Linux-based botnet "Enemybot" has expanded its arsenal to exploit recently disclosed vulnerabilities in IoT devices, web servers, Android devices, and content management systems (CMS).

Read details: https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html

SideWinder APT hackers have been linked to more than 1,000 cyberattacks since April 2020.

Read: https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

As the mobile threat landscape evolves in 2022, new and existing banking trojans are increasingly targeting Android devices to perform on-device frauds.

Read details: https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html

Chinese APT hackers aligned with state interests have been observed weaponizing the new zero-day vulnerability in Microsoft Office to compromise affected systems.

Read details: https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

A new version of the XLoader botnet malware has been discovered that uses a probability-based approach to camouflage its command and control (C&C) infrastructure.

Read details: https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html

Researchers have developed a new open-source framework — called YODA — that helps detect 47,000 malicious WordPress plugins installed on more than 24,000 websites.

Read details: https://thehackernews.com/2022/06/yoda-tool-found-47000-malicious.html

A new unpatched vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve RCE on the email server simply by sending a specially crafted email to a victim.

Read: https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html