⚠️ Attention, organizations! A global wave of email attacks is underway! Hackers are using "adversary-in-the-middle" techniques to bypass Office365 authentication and gain persistent access to compromised accounts.

Learn more: https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html

Hackers are actively exploiting the latest Fortinet's FortiOS and FortiProxy flaw, targeting government, manufacturing, and critical infrastructure sectors.

Learn more: https://thehackernews.com/2023/06/critical-fortios-and-fortiproxy.html

Take immediate action and update to the latest firmware now!

Heads up, everyone! DoubleFinger, a multi-stage loader, delivers the notorious GreetingGhoul stealer, targeting cryptocurrency users worldwide in Europe, the U.S., and Latin America.

Learn more: https://thehackernews.com/2023/06/beware-new-doublefinger-loader-targets.html

Attention! Microsoft just released software updates to fix over 70 security vulnerabilities.

It's a relatively light patch load this month, and the best part? No active exploitation of zero-day vulnerabilities reported.

Read: https://thehackernews.com/2023/06/microsoft-releases-updates-to-patch.html

Researchers uncover Skuld, a potent Golang-based information stealer that targets Discord, web browsers, and sensitive files on Windows systems.

Read: https://thehackernews.com/2023/06/new-golang-based-skuld-malware-stealing.html

Heads up, online store owners! A critical flaw has been discovered in the WooCommerce Stripe Gateway WordPress plugin, potentially exposing sensitive information.

Learn more: https://thehackernews.com/2023/06/critical-security-vulnerability.html

🚨 ALERT: Several fake researcher accounts on GitHub are pushing malicious code, claiming to exploit zero-day flaws in Discord, Google Chrome, and Microsoft Exchange.

Learn more: https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html

🔓 Two severe security vulnerabilities have been disclosed in microsoft Azure Bastion and Container Registry, potentially enabling unauthorized access and data compromise.

Learn more: https://thehackernews.com/2023/06/severe-vulnerabilities-reported-in.html

Chinese state-sponsored group UNC3886 exploits a zero-day VMware authentication bypass flaw (CVE-2023-20867) to backdoor Windows, Linux, and PhotonOS systems.

Learn about the backdoor tactics: https://thehackernews.com/2023/06/chinese-hackers-exploit-vmware-zero-day.html

LockBit ransomware scheme extorts $91 million from U.S. organizations in a series of devastating attacks since 2020.

Learn more: https://thehackernews.com/2023/06/lockbit-ransomware-extorts-91-million.html

Microsoft reveals a new Russian threat actor, Cadet Blizzard, linked to GRU, with a lower success rate but high destructive activity.

Read about it here: https://thehackernews.com/2023/06/microsoft-warns-of-new-russian-state.html

Russian threat actor Shuckworm escalates cyber assaults on Ukrainian entities, targeting security services and government organizations. New report exposes long-running intrusions and theft of sensitive information.

Read: https://thehackernews.com/2023/06/new-report-reveals-shuckworms-long.html

Researchers uncover a concerning software supply chain attack using expired Amazon S3 buckets to distribute malware-infected binaries.

Read about it here: https://thehackernews.com/2023/06/new-supply-chain-attack-exploits.html

Is your vulnerability management program falling short?

Struggling to align security and non-security teams?

Discover how to overcome the challenge & successfully implement a Continuous Threat Exposure Management (CTEM) program.

Read👉 https://thehackernews.com/2023/05/3-challenges-in-building-continuous.html

Attention Android users: Beware of the latest version of GravityRAT! It disguises itself as messaging apps, stealing WhatsApp backups, deleting call logs, and files.

Learn more about it here: https://thehackernews.com/2023/06/warning-gravityrat-android-trojan.html

Vidar malware evolves to conceal its tracks! Threat actors behind Vidar are changing their backend infrastructure, rotating IP addresses and utilizing VPN servers.

Learn more about this info-stealer: https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html

New findings reveal that ransomware actors, cryptocurrency scammers, and nation-state hackers are exploiting cloud mining services to launder cryptocurrencies.

Learn details here: https://thehackernews.com/2023/06/ransomware-hackers-and-scammers.html

🚨 Progress Software discloses 3rd critical flaw in MOVEit Transfer app—SQL injection—allowing unauthorized access & escalated privileges.

https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html

Meanwhile, Cl0p ransomware gang exploits MOVEit flaws, targets 27 hacked companies, incl. U.S. federal agencies.

Mandiant's latest report uncovers UNC4841, an espionage actor linked to the People's Republic of China, exploiting a recently patched zero-day flaw in Barracuda Email Security Gateway.

Find out how this skilled group targeted organizations worldwide: https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html

The U.S. Department of Justice charges a 20-year-old Russian national for deploying LockBit ransomware worldwide. The suspect was arrested in Arizona last month.

Read details: https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html