🚨 Security Alert: Over 700 WordPress sites hit by brute-force attacks using malicious JavaScript injections, leveraging innocent visitors' browsers to compromise more sites.

Learn more: https://thehackernews.com/2024/03/hacked-wordpress-sites-abusing-visitors.html

⚠️ CISA adds critical JetBrains TeamCity flaw to exploited vulnerabilities list.

If you use TeamCity On-Premises, update NOW. Active attacks allow complete server takeover.

Learn more: https://thehackernews.com/2024/03/cisa-warns-of-actively-exploited.html

Threat actors used QEMU emulator to create stealthy network tunnels during a recent cyberattack, bypassing traditional security defenses with sophisticated tactics.

Learn more: https://thehackernews.com/2024/03/cybercriminals-utilize-qemu-emulator-as.html

🚨 Cisco issued patches for a high-severity flaw (CVE-2024-20337) in Secure Client software on Windows, Linux, and macOS. Attackers could hijack VPN sessions.

Check and update now: https://thehackernews.com/2024/03/cisco-issues-patch-for-high-severity.html

🔒 Meta announces plans for interoperability between WhatsApp, Messenger, and third-party messaging services, maintaining end-to-end encryption in response to the EU's Digital Markets Act.

Learn more: https://thehackernews.com/2024/03/meta-details-whatsapp-and-messenger.html

Explore the lesser-known pitfalls of secrets storage and management. Avoid the top 5 secrets management mistakes that could compromise your infrastructure.

Learn from the pros how to secure your API keys, certificates, and more.

Read: https://thehackernews.com/2024/03/secrets-sensei-conquering-secrets.html

⚡ Alert ⇢ Microsoft confirms Russian hackers (Midnight Blizzard) stole internal data & some source code after a January email breach. They're using stolen data to target customers.

Learn more ⬎ https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html

⚠️ Hackers are getting faster! Magnet Goblin, a threat group known for fast exploitation of 1-day vulnerabilities, targets edge devices & public servers to deploy malware like Nerbian RAT.

Learn more ⇢ https://thehackernews.com/2024/03/magnet-goblin-hacker-group-leveraging-1.html

⚠️ URGENT patch needed! Progress OpenEdge Authentication Gateway/AdminServer vulnerability (CVE-2024-1403) allows authentication bypass.

Proof-of-concept exploit is available.

Learn more: https://thehackernews.com/2024/03/proof-of-concept-exploit-released-for.html

Update to supported versions ASAP.

🔒Alert: Cybercriminals weaponizing vulnerabilities in JetBrains TeamCity software to deploy BianLian ransomware for extortion attacks.

Learn more: https://thehackernews.com/2024/03/bianlian-threat-actors-exploiting.html

Are you looking for a better way to keep up with the ever-expanding attack surface?

Gartner established the Continuous Threat Exposure Management (CTEM) framework to help security teams prioritize and validate issues into an actionable remediation plan.

Join XMCyber's webinar featuring Gartner VP Analyst Pete Shoard to learn:

✅ Why adopting CTEM is essential to control your threat landscape
✅ What are the 5 steps of the CTEM program
✅ How you can operationalize CTEM in your organization

Register Now: https://thehackernews.uk/ctem-framework-webinar

🔒 Protecting data in the cloud requires a new approach. Discover why browser-based DLP is the key to securing corporate data online.

Get insights from LayerX's comprehensive guide:
https://thehackernews.com/2024/03/data-leakage-prevention-in-age-of-cloud.html

⚠️ Beware of fake DocuSign emails – they're designed to trick you into downloading the New CHAVECLOAK Android banking malware.

What it does:
- Hijacks your screen
- Logs your keystrokes
- Uses fake pop-ups to capture your banking logins

Read: https://thehackernews.com/2024/03/new-banking-trojan-chavecloak-targets.html

⚠️ Heads up, WordPress admins! Over 3,900 websites compromised in weeks.

A high-severity flaw in the Ultimate Member plugin exposes sites to attacks, leading to phishing scams.

Learn more: https://thehackernews.com/2024/03/malware-campaign-exploits-popup-builder.html

Secure your sites NOW.

For the first time, Russia detains a South Korean national, Baek Won-soon, on cyber espionage charges. Transferred from Vladivostok to Moscow for further investigation.

Learn more: https://thehackernews.com/2024/03/south-korean-citizen-detained-in-russia.html

Heads up, developers! Hackers are targeting crypto wallets with sneaky PyPI packages. Thousands of downloads already affected. Check your dependencies!

Learn more: https://thehackernews.com/2024/03/watch-out-these-pypi-python-packages.html

Tired of being overwhelmed by security exposures?

Discover the power of Continuous Threat Exposure Management (CTEM). Identify critical assets, prioritize risks, and get actionable recommendations for improved security posture.

Get started 👇 https://thehackernews.com/2024/03/ctem-101-go-beyond-vulnerability.html

🚨 Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.

Update ASAP. Learn more: https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html

🚨 Alert: A new phishing campaign uses a Java-based downloader to distribute VCURMS & STRRAT RATs, leveraging public services like AWS & GitHub for malware hosting.

Learn more: https://thehackernews.com/2024/03/alert-cybercriminals-deploying-vcurms.html

Beware of adversary-in-the-middle attacks: Hackers create fake login pages to steal credentials and manipulate MFA prompts. Protect yourself by verifying websites and being cautious with links

Read: https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html