Researchers have uncovered a new widespread supply-chain attack campaign distributing malicious NPM packages designed to steal sensitive data from forms embedded in mobile apps and websites.

Details: https://thehackernews.com/2022/07/researchers-uncover-malicious-npm.html

Hive ransomware-as-a-service operators have switched their file-encrypting malware to Rust programming and adopted a more sophisticated encryption method.

Read: https://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.html

State-sponsored hackers have been observed abusing a red-teaming and adversarial attack simulation tool called (Brute Ratel C4) BRc4 for their attacks to stay under the radar and evade detection.

Read: https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html

A security patch has been released for OpenSSL to fix a high-severity bug (CVE-2022-2274) in the cryptographic library that could lead to remote code execution attacks in certain scenarios.

Read: https://thehackernews.com/2022/07/openssl-releases-patch-for-high.html

NIST has announced the first set of four quantum-resistant cryptographic algorithms selected as winners in its six-year cryptographic competition to protect against quantum-based threats.

Read: https://thehackernews.com/2022/07/nist-announces-first-four-quantum.html

Apple introduces a new security feature called "Lockdown Mode" on iPhone, iPad and Mac devices to protect high-risk users from spyware attacks by state-sponsored hackers.

Details: https://thehackernews.com/2022/07/apples-new-lockdown-mode-protects.html

Researchers have taken the wraps off a new and previously undiscovered Linux threat dubbed "OrBit" that uses a unique method of hijacking execution flow to load the malicious library.

Read: https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.html

CuteBoi !!!

Researchers have uncovered a new large-scale cryptocurrency mining campaign involving over 1200 malicious NPM JavaScript packages uploaded by over a thousand different user accounts.

Read: https://thehackernews.com/2022/07/over-1200-npm-packages-found-involved.html

U.S. cybersecurity and intelligence agencies warn of hackers backed by the North Korean government attacking the healthcare sector with the Maui ransomware.

Read: https://thehackernews.com/2022/07/north-korean-maui-ransomware-actively.html

Researchers have uncovered 350 variants of a malicious browser extension used in a widespread adware campaign that targets all major web browsers, including Google Chrome, Opera and Mozilla Firefox.

Read: https://thehackernews.com/2022/07/experts-uncover-350-browser-extension.html

Microsoft appears to have quietly reversed its decision to disable Visual Basic for Applications (VBA) macros in its Office productivity suite by default, just five months after announcing the changes.

Read: https://thehackernews.com/2022/07/microsoft-quietly-rolls-back-plan-to.html

Researchers detail a wide range of constantly evolving techniques used by LockBit ransomware uses to infect targets and disable endpoint security solutions.

Details: https://thehackernews.com/2022/07/researchers-detail-techniques-lockbit.html

Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to Raspberry Robin hackers spreading Windows malware with worm-like capabilities.

Read: https://thehackernews.com/2022/07/researchers-warn-of-raspberry-robins.html

UPDATE — Microsoft confirms to The Hacker News that its decision to reverse course, which does not disable VBA macros by default, is “temporary” and the company is working on some additional changes to improve the user experience.

Read: https://thehackernews.com/2022/07/microsoft-quietly-rolls-back-plan-to.html

PyPI software repository mandates 2-factor authentication for critical Python projects and offering free hardware security keys to developers.

Read: https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html

One of Axie Infinity's former employees was reportedly tricked into accepting a fraudulent job offer on LinkedIn, leading to the $540 million hack in March 2022.

Read details: https://thehackernews.com/2022/07/hackers-used-fake-job-offer-to-hack-and.html

Malicious actors increasingly leveraging GitHub actions and Azure virtual machines (VMs) for cloud-based cryptocurrency mining.

Read: https://thehackernews.com/2022/07/cloud-based-cryptocurrency-miners.html

Microsoft has announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints.

Read: https://thehackernews.com/2022/07/microsoft-windows-autopatch-is-now.html

Following a warning from the Italian regulator over a possible GDPR breach, TikTok has agreed to halt a controversial privacy policy update in Europe that would have allowed the company to track users for targeted advertising without their consent.

https://thehackernews.com/2022/07/tiktok-postpones-privacy-policy-update.html

Microsoft has released its July 2022 Patch Tuesday updates to address 84 new vulnerabilities, including a zero-day vulnerability that is actively being exploited in the wild.

Read: https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html