A 37-year-old New York man has been sentenced to four years in prison for buying stolen credit card information and working with a cybercrime cartel known as "The Infraud Organization."

Read details: https://thehackernews.com/2022/05/new-york-man-sentenced-to-4-years-in.html

FBI warns of hackers selling VPN credentials for U.S. colleges and universities in public forums and criminal marketplaces on the Internet.

Read details: https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html

A new ransomware strain called "GoodWill" forces victims to donate money and clothes to the poor and take underprivileged children to Domino's Pizza, Pizza Hut, or KFC to give them a treat.

Read details: https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.html

Researchers have spotted a new zero-day exploit for Microsoft Office in the wild that could be exploited to execute arbitrary code on affected Windows systems, even if macros are disabled.

Details: https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html

Linux-based botnet "Enemybot" has expanded its arsenal to exploit recently disclosed vulnerabilities in IoT devices, web servers, Android devices, and content management systems (CMS).

Read details: https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html

SideWinder APT hackers have been linked to more than 1,000 cyberattacks since April 2020.

Read: https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

As the mobile threat landscape evolves in 2022, new and existing banking trojans are increasingly targeting Android devices to perform on-device frauds.

Read details: https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html

Chinese APT hackers aligned with state interests have been observed weaponizing the new zero-day vulnerability in Microsoft Office to compromise affected systems.

Read details: https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

A new version of the XLoader botnet malware has been discovered that uses a probability-based approach to camouflage its command and control (C&C) infrastructure.

Read details: https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html

Researchers have developed a new open-source framework — called YODA — that helps detect 47,000 malicious WordPress plugins installed on more than 24,000 websites.

Read details: https://thehackernews.com/2022/06/yoda-tool-found-47000-malicious.html

A new unpatched vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve RCE on the email server simply by sending a specially crafted email to a victim.

Read: https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html

U.S. Department of Justice seizes 3 web domains used by cybercriminals to trade stolen information and offer DDoS services.

Read — https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

SideWinder hackers have added a new custom tool and fake VPN apps to their arsenal of malware tools used to attack public and private entities in Pakistan.

Read details: https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html

Researchers have discovered a new security flaw in UNISOC's chipset that can be used to disrupt smartphone radio communications through a malformed packet.

Read details: https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html

ExpressVPN is removing its India-based VPN servers in response to a new cybersecurity directive from India's Computer Emergency Response Team (CERT-In) that requires all VPN providers to store users' data for at least 5 years.

Read: https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html

Researchers demonstrate R4IoT ransomware that exploits IoT devices to gain access and move laterally in an IT network and compromise the OT network.

Read details: https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html

An analysis of leaked chats from the notorious Conti ransomware group has now revealed that the syndicate has been working on a set of firmware-based attack techniques.

Read details: https://thehackernews.com/2022/06/conti-leaks-reveal-ransomware-gangs.html

Microsoft has blocked the hacking activities of previously undocumented Iran-linked Lebanese hackers targeting Israeli companies.

Read details: https://thehackernews.com/2022/06/microsoft-blocks-iran-linked-lebanese.html

Researchers have uncovered a critical unpatched RCE vulnerability (CVE-2022-26134) affecting Atlassian Confluence Server and Data Center products that is being actively exploited by hackers.

Read details: https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html

Researchers have uncovered JavaScript malware and variants behind a network of thousands of hacked websites powering the Parrot Traffic Direction System (TDS) revealed earlier this year.

Details: https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html