⚠️ Apache NiFi servers at risk! A financially motivated threat actor is targeting unprotected instances, hijacking them to mine cryptocurrencies and move laterally.

Read details: https://thehackernews.com/2023/05/cybercriminals-targeting-apache-nifi.html

⚠️ If you're using the Jetpack plugin, listen up! A critical flaw has been discovered, leaving your WordPress site vulnerable to attacks.

Good news: WordPress has issued an automatic update to address the issue.

Read details: https://thehackernews.com/2023/06/urgent-wordpress-update-fixes-critical.html

U.S. Cybersecurity Agency raises alarm over critical flaw in Zyxel gear! Active exploitation detected. Learn more about the CVE-2023-28771 vulnerability and its potential risks.

Read: https://thehackernews.com/2023/06/active-mirai-botnet-variant-exploiting.html

⚠️ Unmasking ScarCruft's secret weapon! Discover the covert operations of this North Korean state-sponsored group as they employ the powerful RokRAT trojan to breach systems and maintain control.

Read full story here: https://thehackernews.com/2023/06/n-korean-scarcruft-hackers-exploit.html

😼 Sneakier & faster!

New improved BlackCat ransomware variant Sphynx sharpening claws on evasion techniques & encryption.

Find out more: https://thehackernews.com/2023/06/improved-blackcat-ransomware-strikes.html

Minimize your attack surface with good IT hygiene!

Wazuh - a powerful, free, open-source platform, specifically designed to bolster your IT hygiene and fortify cybersecurity defenses.

Get an insider look here: https://thehackernews.com/2023/06/how-wazuh-improves-it-hygiene-for-cyber.html

🐍💻 Python Package Index hit by a novel cyberattack!

Cybercriminals sidestepping security with compiled Python bytecode (PYC) files - a first in supply chain attacks.

Learn more here: https://thehackernews.com/2023/06/malicious-pypi-packages-using-compiled.html

Unmasking the e-Crime Mastermind: Vietnamese suspect linked to notorious XE Group unveiled!

Learn more about their illicit cyber activities 👉 https://thehackernews.com/2023/06/unmasking-xe-group-experts-reveal.html

🚨 Beware, iOS users! A new sophisticated and long-running mobile spywre campaign dubbed "Operation Triangulation" is targeting iPhones.

Hackers using stealthy, zero-click iMessage exploits to deploy root-level #malware.

More details here: https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html

New study reveals QBot's sophisticated tactics, hiding its ever-changing C&C infrastructure in residential IPs with 25% of servers active for just a day, effectively eluding cyber defenses.

Learn more: https://thehackernews.com/2023/06/evasive-qbot-malware-leverages-short.html

⚠️Alert: A critical flaw in Progress Software's MOVEit Transfer file transfer app is being exploited in the wild! An SQL injection vulnerability allows unauthorized access and escalated privileges.

Learn more: https://thehackernews.com/2023/06/moveit-transfer-under-attack-zero-day.html

Don't wait, patch your systems now!

North Korea's Kimsuky group, a.k.a APT43, wields spear-phishing campaigns and is leveraging social engineering to compromise high-value targets. Your inbox could be the next battlefield.

Stay informed: https://thehackernews.com/2023/06/north-koreas-kimsuky-group-mimics-key.html

🐉 Beware of TinyNote backdoor! Camaro Dragon's latest cyber weapon that bypasses antivirus, uses persistence tactics and multiple server communication methods.

Learn more: https://thehackernews.com/2023/06/camaro-dragon-strikes-with-new-tinynote.html

Heads up, Latin America! A powerful botnet named Horabot is targeting Outlook users with phishing emails, compromising their accounts and spreading phishing emails.

Learn more: https://thehackernews.com/2023/06/new-botnet-malware-horabot-targets.html

Amazon slapped with a $30.8 million fine by the FTC over privacy lapses involving Alexa and Ring. This includes breaching children's privacy laws and granting employees access to private videos.

Read details: https://thehackernews.com/2023/06/ftc-slams-amazon-with-308m-fine-for.html

🔐 Impact of information security cannot be underestimated. The EC-Council Certified CISO Hall of Fame Report highlights the remarkable enhancements and organizational benefits experienced by Certified CISOs.

Check out the full report here: https://thehackernews.com/2023/06/cloud-security-tops-concerns-for.html

🚨 TrueBot, the notorious downloader trojan botnet, is back! Cybersecurity researchers reveal its latest activity surge, exposing its dangerous capabilities.

Learn more: https://thehackernews.com/2023/06/alarming-surge-in-truebot-activity.html

Beware! Brazilian cybercriminals are targeting online banking users in Mexico, Peru, and Portugal. Find out how they're using sneaky tactics to compromise accounts.

Read details: https://thehackernews.com/2023/06/brazilian-cybercriminals-using-lolbas.html

🚨 Attention online shoppers! Beware of the insidious Magecart-style web skimmer campaign sweeping across e-commerce websites! Cybercriminals are exploiting trusted sites to host skimmer code, taking advantage of their good reputation.

Read: https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html

Microsoft tracks threat actor Lace Tempest's ongoing exploitation of a critical flaw in Progress Software MOVEit Transfer. The flaw enables hackers to authenticate as any user, leading to data exfiltration.

Learn more: https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html