GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356).

One of these could allow account takeover without user interaction.

Find details here: https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html

☠️ Medusa ransomware escalates tactics beyond data leaks, now threatening physical violence.

Targeting tech companies, healthcare, and education sectors, it exploits flaws and employs "living off the land" techniques to remain undetected.

Read: https://thehackernews.com/2024/01/medusa-ransomware-on-rise-from-data.html

⚡ Nation-state hackers weaponizing Ivanti Connect Secure VPN zero-days to deploy five malware families in a targeted cyber espionage campaign.

Learn more: https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html

Patch ASAP!

⚠️ Your cloud account could be mining cryptocurrency without you knowing!

29-year-old Ukrainian arrested for a major cryptojacking scheme, netting over $2 MILLION in profits.

Read details: https://thehackernews.com/2024/01/29-year-old-ukrainian-cryptojacking.html

🚨 Critical Update! Juniper Networks addresses a major 9.8-rated RCE vulnerability in SRX Series firewalls & EX Series switches.

CVE-2024-21591 details here: https://thehackernews.com/2024/01/critical-rce-vulnerability-uncovered-in.html

Denmark's energy sector faced cyber threats in 2023 due to an old Zyxel firewall vulnerability. Forescout's report suggests Sandworm group may not be responsible.

Insightful details here ➡️ https://thehackernews.com/2024/01/new-findings-challenge-attribution-in.html

Environmental services hit by a massive 61,839% increase in DDoS attacks.

Gaming, gambling, telecoms... no industry is safe from HTTP DDoS attacks.

Read this latest report to understand the scope of these threats: https://thehackernews.com/2024/01/ddos-attacks-on-environmental-services.html

⚠️ Over 7,100 WordPress sites have been hit by the 'Balada Injector' #malware, which exploits sites using a vulnerable version of the Popup Builder plugin.

Read More ➡️ https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html

Bosch's smart devices have high-severity vulnerabilities, posing a risk to your thermostat and smart nutrunners.

Find out how it could impact your home security: https://thehackernews.com/2024/01/high-severity-flaws-uncovered-in-bosch.html

⚡ Critical security flaw found in Opera Browser!

MyFlow sync feature lets attackers take over your Windows and macOS systems.

Read the full story: https://thehackernews.com/2024/01/opera-myflaw-bug-could-let-hackers-run.html

Check out XM Cyber 2024 State of Security Posture Report and discover what 300 CISOs and other security decision-makers have to say about their security efforts and the trends in exposure management impacting day-to-day work as well as long-term planning.

It's a CAN'T MISS if reducing cyber exposures is on your 2024 to-do list!

Grab your copy now: https://thn.news/security-posture-report-2024

🔒 Exclusive Webinar Alert!

Zero Trust Security: Your ultimate shield against sophisticated cyberattacks. Find out how to lock down your data and stop data breaches.

Reserve your spot in this must-attend webinar now: https://thehacker.news/zero-trust-attack-surface?source=social

🚨 Ransomware roars back! 55.5% surge in victims in 2023, but LockBit isn't the only king anymore.

Meet 3AM, Rhysida, and Akira - rising stars you need to know.

Read the latest Ransomware Report: https://thehackernews.com/2024/01/3-ransomware-group-newcomers-to-watch.html

⚠️ Windows users, beware!

Cybercriminals are weaponizing the CVE-2023-36025 Windows vulnerability to deploy "Phemedrone Stealer," an open-source data stealer, that targets browsers, crypto wallets, and chat apps.

Learn more: https://thehackernews.com/2024/01/hackers-weaponize-windows-flaw-to.html

Over 137,000 people lost cryptocurrency to Inferno Drainer, a malware-as-a-service scam operating for a year.

It siphoned $87 million in crypto by mimicking Web3 brands such as Seaport, Coinbase, and WalletConnect.

Read the full story: https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html

🔒 Did you know a simple cookie misconfiguration can cost millions in fines?

See how a major retailer's overlooked issue nearly led to a privacy disaster. Discover the critical missteps and how to avoid them: https://thehackernews.com/2024/01/case-study-cookie-privacy-monster-in.html

Beware! Remcos RAT, a stealthy remote access trojan, is now spreading in South Korea disguised as adult-themed games via webhards.

Discover how this advanced malware operates ➡️ https://thehackernews.com/2024/01/remcos-rat-spreading-through-adult.html

PATCH Now — More than 178,000 SonicWall firewalls remain exposed to the potentially devastating CVE-2022-22274 and CVE-2023-0656 security flaws.

These vulnerabilities open the door to DoS and RCE attacks.

Learn more: https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html

🔥 Chrome Zero-Day Alert!

Update your browser NOW to patch a new critical flaw exploited by hackers. This memory leak bug lets attackers steal your secrets.

Learn more about CVE-2024-0519:

https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html

More Zero-Days !!!

✅ Citrix fixes critical RCE flaws (CVE-2023-6548, CVE-2023-6549) exploited in wild.

✅ VMware Aria Automation bug (CVE-2023-34063) allows attacker control.

✅ Atlassian issues fixes for 24+ flaws, including RCE.

Patch, Update ASAP: https://thehackernews.com/2024/01/citrix-vmware-and-atlassian-hit-with.html