PATCH Now — More than 178,000 SonicWall firewalls remain exposed to the potentially devastating CVE-2022-22274 and CVE-2023-0656 security flaws.

These vulnerabilities open the door to DoS and RCE attacks.

Learn more: https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html

🔥 Chrome Zero-Day Alert!

Update your browser NOW to patch a new critical flaw exploited by hackers. This memory leak bug lets attackers steal your secrets.

Learn more about CVE-2024-0519:

https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html

More Zero-Days !!!

✅ Citrix fixes critical RCE flaws (CVE-2023-6548, CVE-2023-6549) exploited in wild.

✅ VMware Aria Automation bug (CVE-2023-34063) allows attacker control.

✅ Atlassian issues fixes for 24+ flaws, including RCE.

Patch, Update ASAP: https://thehackernews.com/2024/01/citrix-vmware-and-atlassian-hit-with.html

🚨 GitHub fixes high-severity bug (CVE-2024-0200) that could've exposed your credentials in production containers.

Your keys have been rotated — Import new ones for commit signing, Actions, Codespaces, or Dependabot.

Details here: https://thehackernews.com/2024/01/github-rotates-keys-after-high-severity.html

🕵️‍♂️ Discover how a simple 'Shutdown.log' file on your iPhone could be the key to identifying the presence of notorious spyware, including Pegasus, QuaDream's Reign, and Intellexa's Predator.

Find out how: https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html

🚨 Alert: CISA & FBI warn of a growing AndroxGh0st botnet targeting AWS, Microsoft Office 365, SendGrid, and Twilio credentials.

Key details inside: https://thehackernews.com/2024/01/feds-warn-of-androxgh0st-botnet.html

Don't be the next victim; patch your Laravel servers NOW.

"Mind Sandstorm," an Iranian cyber espionage group, has targeted experts in Middle Eastern affairs across several countries.

This sophisticated cyber threat uses unique social engineering tactics to infiltrate systems.

Read: https://thehackernews.com/2024/01/iranian-hackers-masquerades-as.html

Popular PAX PoS systems used in countless stores worldwide are vulnerable to crippling attacks.

Hackers could hijack transactions, steal data, and wreak havoc.

Are you patched? Read the full story: https://thehackernews.com/2024/01/pax-pos-terminal-flaw-could-allow.html

99.7% of orgs use AI-powered SaaS. Your favorite productivity apps might be quietly learning from your data & code.

Wing Security's free discovery tool exposes the hidden AI in your SaaS & lets you take back control.

Learn more: https://thehackernews.com/2024/01/combating-ip-leaks-into-ai-applications.html

🔒 Multiple vulnerabilities, called "PixieFail," found in UEFI firmware used by major manufacturers like AMI and Intel. Attackers can exploit these vulnerabilities to gain control, steal data, or cause damage.

Details ➡️ https://thehackernews.com/2024/01/pixiefail-uefi-flaws-expose-millions-of.html

Remember those annoying texts you keep approving? They might be hacker traps!

Learn about MFA spamming and expert tips ➡️ https://thehackernews.com/2024/01/mfa-spamming-and-fatigue-when-security.html

⚠️ Developers, beware! Hackers can poison AI models and software. Vulnerabilities found in TensorFlow CI/CD pipeline allow #malware upload and token theft.

Learn about the AI/ML threat: https://thehackernews.com/2024/01/tensorflow-cicd-flaw-exposed-supply.html

Russian Spy Group Now Deploying Custom "SPICA" Backdoor!

TAG exposes COLDRIVER's evolution from phishing to malware attacks targeting Ukraine, NATO, and beyond.

Learn their sneaky tactics: https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html

A new attack targets Docker servers and uses a combo of cryptocurrency mining and website traffic generation for profit. It could leave a backdoor for attackers to exploit later.

Patch your systems and monitor for suspicious activity: https://thehackernews.com/2024/01/new-docker-malware-steals-cpu-for.html

🆘 Patch your Ivanti ASAP! CISA urges action, especially for government agencies.

A critical flaw (CVE-2023-35082) in Ivanti EPMM is being exploited in the wild, giving attackers access to your data.

Don't wait, read more: https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html

Ransomware, hardware failure, human error - the data loss threats in Exchange Servers are real.

Protect your Exchange Server from financial ruin & reputational nightmares with these 5 backup methods & proactive measures: https://thehackernews.com/2024/01/preventing-data-loss-backup-and.html

RAT Alert! Malicious "oscompatible" package on npm deployed a sophisticated trojan on Windows machines. It steals data, hides your screen, and even disables shutdowns

Read details here: https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html

Thinking of downloading a pirated copy of that software?

⚠️ Think again. A new backdoor malware has been discovered in pirated macOS apps, granting hackers full control of users' devices.

Learn more: https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

🛡️ TA866 is back with thousands of invoice-themed, booby-trapped emails targeting users with WasabiSeed and Screenshotter malware to spy on your screen and steal valuable data.

Learn more: https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html

🔐 Microsoft discloses Russian APT infiltrated its systems through a test account, stealing emails and attachments of senior executives and others in cybersecurity and legal departments.

Find details here ➡️ https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html