🚨 ALERT: Ukraine's CERT warns of a new phishing campaign by Russia-linked APT28.

They're deploying stealthy malware like MASEPIE and STEELHOOK to target government entities.

Read details: https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html

Iranian hacker group Homeland Justice claims responsibility for the cyber attacks that targeted the Assembly of the Republic and the telecom company One Albania.

Read details: https://thehackernews.com/2023/12/albanian-parliament-and-one-albania.html

🚨 Warning: Phishing attacks, especially Angel Drainer, offered as a "scam-as-a-service," are targeting 💰 cryptocurrency wallets, draining them of digital assets.

Find details here: https://thehackernews.com/2023/12/beware-scam-as-service-aiding.html

Beware: JinxLoader, a new Go-based malware loader, is proliferating via phishing attacks, providing access to Formbook and XLoader.

Find details here: https://thehackernews.com/2024/01/new-jinxloader-targeting-users-with.html

🔒 Alert: Researchers have discovered a new SSH protocol vulnerability, "Terrapin" (CVE-2023-48795), enabling attackers to downgrade SSH connection security.

Learn more: https://thehackernews.com/2024/01/new-terrapin-flaw-could-let-attackers.html

Update and patch your SSH servers ASAP.

🚨Researchers uncover a novel DLL search order hijacking technique that threatens Windows 10 and 11 systems. Attackers exploit trusted folders to execute malicious code without elevated privileges.

Learn more: https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html

Google settles a $5 billion class-action lawsuit over tracking in 'incognito mode.' Users believed their online activity was private on web browsers, but the settlement reveals hidden data collection.

Learn more: https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html

The browser is the heart of the modern enterprise, but it's also a prime target for cyberattacks.

Learn how to protect your workspace and choose the right solution for your organization's needs.

Read: https://thehackernews.com/2024/01/the-definitive-enterprise-browser.html

XCast, a VoIP provider, faces a $10 million penalty for facilitating illegal robocalls and deceptive telemarketing campaigns since 2018.

Read: https://thehackernews.com/2024/01/doj-slams-xcast-with-10-million-fine.html

⚠️ A new exploitation technique called '📩 SMTP Smuggling' could let attackers send malicious emails with fake sender addresses while bypassing security measures.

Read more 👉 https://thehackernews.com/2024/01/smtp-smuggling-new-threat-enables.html

🔒 ALERT: Information-stealing malware exploits an undocumented Google OAuth endpoint, MultiLogin, to hijack user sessions. This allows for session persistence and cookie generation, maintaining access even after a password reset.

Read: https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html

Mandiant's Twitter account, a Google Cloud subsidiary, was hacked for over six hours. The attacker promoted a cryptocurrency scam.

Find out more in this article: https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html

🔒 Threat Alert: UAC-0050 is using advanced phishing tactics to distribute Remcos RAT, a potent remote surveillance malware.

Learn how they're evading security software: https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html

🚨 Alert: Three new malicious Python PyPI packages found! They secretly mine cryptocurrency on your Linux devices.

Read details: https://thehackernews.com/2024/01/beware-3-malicious-pypi-packages-found.html

🚨 2023's big cyber breaches teach a vital lesson: Keep your 🔑 secrets, secret!

From code to deployment, every element matters in ensuring security. Learn how to keep your digital secrets safe.

Read: https://thehackernews.com/2024/01/three-ways-to-supercharge-your-software.html

💻 Attention Windows Users: Beware of the new Bandook malware variant. It infiltrates systems through a deceptive PDF.

Learn more: https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html

Ukraine's cybersecurity team uncovers Russian Sandworm hacking group's infiltration in Kyivstar since May 2023. A cyber espionage story unfolding.

Read more to see how deep the breach goes: https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html

🚨 Alert: Ivanti releases updates for a critical security vulnerability (CVE-2023-39336 / CVSS 9.6) in Endpoint Manager, which poses a risk of remote code execution on vulnerable servers.

Learn more: https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html

Orange Spain's RIPE account compromised by Raccoon Stealer malware, leading to a BGP traffic hijacking and significant internet outage.

Learn more: https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html

🚨 Discovered a hidden secret in your company's source code?

It's time for swift action to protect against data breaches and reputational damage.

Learn how with this latest article on effective secrets management: https://thehackernews.com/2024/01/exposed-secrets-are-everywhere-heres.html