Researchers have discovered a new, multi-functional Go-based malware dubbed "Chaos" that has spread rapidly in recent months, infiltrating Windows, Linux, small office/home office routers (SOHO) and enterprise servers into its botnet.

Read: https://thehackernews.com/2022/09/researchers-warn-of-new-go-based.html

Indian Swachh City platform has suffered a data breach leaking 16 million user records of its users.

Read: https://thehackernews.com/2022/09/swachh-city-platform-suffers-data.html

Several hacktivist groups are using Telegram and other tools to aid anti-government protests in #Iran to bypass regime censorship restrictions amid ongoing unrest in the country.

Read: https://thehackernews.com/2022/09/hackers-aid-protests-against-iranian.html

Multiple military and weapons contractor companies are being targeted by a new covert attack campaign that uses multi-stage malware infection.

Read: https://thehackernews.com/2022/09/researchers-uncover-covert-attack.html

Brazilian hacking group Prilex has resurfaced after a year-long hiatus with a sophisticated and complex point-of-sale malware designed to steal money through fraudulent transactions.

Read: https://thehackernews.com/2022/09/brazilian-prilex-hackers-resurfaced.html

Researchers warn of a new unpatched zero-day vulnerability in Microsoft Exchange servers that is being exploited by attackers to achieve RCE on targeted systems.

Read: https://thehackernews.com/2022/09/warning-new-unpatched-microsoft.html

Microsoft confirms that 2 new zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) affecting Exchange Server 2013, 2016 and 2019 are being exploited in the wild to take over systems.

Read: https://thehackernews.com/2022/09/microsoft-confirms-2-new-exchange-zero.html

A sophisticated North Korean state-sponsored hacker group has been observed weaponizing open-source software against employees of companies in various industries in the U.S., U.K., India, and Russia.

Read: https://thehackernews.com/2022/09/north-korean-hackers-weaponizing-open.html

In an ongoing malware campaign baiting with fake job offers, attackers are exploiting a known vulnerability in #Microsoft Office to install Cobalt Strike beacons on compromised computers.

Read: https://thehackernews.com/2022/09/new-malware-campaign-targeting-job.html

A threat actor targeting Middle Eastern governments has been observed using a steganographic trick to hide an undocumented backdoor in a Windows logo.

Read: https://thehackernews.com/2022/09/cyber-attacks-against-middle-east.html

Hackers are using new, never-before-seen malware families (VirtualPITA, VirtualPIE, and VirtualGATE) targeting VMware ESXi, Linux vCenter servers, and Windows VMs to seize control of infected systems and evade detection.

https://thehackernews.com/2022/09/new-malware-families-found-targeting.html

UPDATE — Microsoft says state-sponsored hackers likely exploited the recently disclosed zero-day vulnerabilities in Exchange servers against fewer than 10 organizations worldwide.

Read: https://thehackernews.com/2022/10/state-sponsored-hackers-likely.html

U.S. cybersecurity agency CISA has added a recently disclosed critical vulnerability affecting Atlassian's Bitbucket Server and Data Center to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Read: https://thehackernews.com/2022/10/cisa-warns-of-hackers-exploiting.html

A former information systems security designer who worked for the U.S. National Security Agency (NSA) has been arrested and charged for allegedly trying to sell classified information to a foreign intelligence agency.

Read: https://thehackernews.com/2022/10/ex-nsa-employee-arrested-for-trying-to.html

North Korean Lazarus hackers have been observed deploying a Windows rootkit on targeted computers by exploiting a vulnerability in a Dell firmware driver.

Read: https://thehackernews.com/2022/10/hackers-exploiting-dell-driver.html

Researchers have attributed a recently discovered Linux-based ransomware known as Cheerscrypt to "Emperor Dragonfly," a Chinese cyber espionage group known for operating short-lived ransomware schemes.

Read: https://thehackernews.com/2022/10/researchers-link-cheerscrypt-linux.html

Chinese hackers are believed to be behind a new supply chain attack that hijacked the Comm100 Live Chat application to spread a JavaScript backdoor.

Read: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html

U.S. cybersecurity agency CISA has issued a new order directing federal agencies to regularly track all assets and #software vulnerabilities on their networks.

Read: https://thehackernews.com/2022/10/cisa-orders-federal-agencies-to.html

Australian telecom giant Optus has confirmed that the personal information of nearly 2.1 million of its current and former customers was exposed in a recent data breach.

Read: https://thehackernews.com/2022/10/optus-hack-exposes-data-of-nearly-21.html

A 46-year-old online fraudster has been sentenced to 25 years in prison for laundering more than $9.5 million through cyber fraud.

Read: https://thehackernews.com/2022/10/bec-scammer-gets-25-year-jail-sentence.html