🛡️ Google rolls out an enhanced Safe Browsing feature for Chrome on desktop & iOS.

Now with real-time URL checks against known malicious sites, aiming to block 25% more phishing attempts.

Learn more: https://thehackernews.com/2024/03/google-introduces-enhanced-real-time.html

Researchers have uncovered new threat in third-party plugins for OpenAI's ChatGPT that could allow attackers to install malicious plugins without users' consent and hijack accounts on third-party websites such as GitHub.

Read: https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html

Researchers have uncovered "GhostRace" (CVE-2024-2193), a new variation of the Spectre v1 vulnerability affecting CPUs with speculative execution. This attack exploits race conditions to allow attackers to leak sensitive data.

Read: https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html

Watch Out! Hackers are using fake cracked software on GitHub to spread the RisePro information-stealing malware.

Read: https://thehackernews.com/2024/03/hackers-using-cracked-software-on.html

⚠️ ALERT: Russian hackers, APT28, have launched significant phishing attacks targeting governments and NGOs across Europe, the Americas, and Asia. These attacks deploy counterfeit documents that appear official.

Read: https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html

🚨 Critical flaw discovered in miniOrange WordPress plugins.

If you're using miniOrange's Malware Scanner (≤ 4.7.2) or Web Application Firewall (≤ 2.1.1), DELETE THEM IMMEDIATELY.

The vulnerability allows attackers to take over your site.

https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html

Researchers uncover a sophisticated malware campaign using fake Google Sites pages and HTML smuggling to distribute AZORult, a notorious info stealer.

Learn more: https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html

Fortra has patched a critical flaw (CVE-2024-25153) in FileCatalyst file transfer, preventing unauthorized remote code execution and blocking attackers from taking full control of vulnerable servers.

Read details: https://thehackernews.com/2024/03/fortra-patches-critical-rce.html

Patch immediately.

🚨 New cyberattack campaign, DEEP#GOSU, uses PowerShell & VBScript to target Windows systems.

Likely linked to North Korean group Kimsuky, it's a sophisticated threat aiming to steal sensitive data.

Read more on this multi-stage malware attack: https://thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html

🚨 A 31-year-old Moldovan national, Sandu Boris Diaconu, has been sentenced to 42 months in prison by a U.S. court for operating E-Root Marketplace, an illicit platform selling hundreds of thousands of compromised credentials.

Learn more: https://thehackernews.com/2024/03/e-root-marketplace-admin-sentenced-to.html

Operation PhantomBlu utilizes a clever trick to deliver the NetSupport RAT by exploiting Microsoft Office's OLE template manipulation, evading traditional detection methods.

Read details: https://thehackernews.com/2024/03/new-phishing-attack-uses-clever.html

🚨 A new variant of the data-wiping malware, AcidRain, has been detected in the wild, specifically designed to target Linux x86 devices. Its origins can be traced back to the early days of the Russo-Ukrainian conflict.

Learn more: https://thehackernews.com/2024/03/suspected-russian-data-wiping-acidpour.html

Cybercriminals are now using digital document publishing sites like FlipSnack, Issuu, and Marq for phishing and credential theft. These sites look legitimate, making them harder to detect.

Learn more: https://thehackernews.com/2024/03/hackers-exploiting-popular-document.html

🚨 New report reveals Artificial Intelligence tools like large language models could be exploited to create self-augmenting malware, evading detection methods like YARA rules.

Learn more: https://thehackernews.com/2024/03/from-deepfakes-to-malware-ais-expanding.html

APIs are the backbone of our digital world.

🚨 But with a staggering 71% of internet traffic being API calls, they're also a prime target for cyberattacks. Many are unmonitored or mismanaged, opening the door to sensitive data leaks.

Read: https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html

Cybersecurity gap in the boardroom is real.

Boards often overlook risks like financial impacts, regulatory compliance, IP protection, APT resilience, cloud security, and AI utilization.

Learn transformative insights for a secure digital future: https://thehackernews.com/2024/03/crafting-and-communicating-your.html

🛡️ U.S. EPA creates 💧 Water Sector Cybersecurity Task Force to protect critical infrastructure against increasing cyberattacks.

Learn more: https://thehackernews.com/2024/03/us-epa-forms-task-force-to-protect.html

Ukraine Cyber Police have arrested three individuals linked to the hijacking of over 100 MILLION email and Instagram accounts worldwide and selling them on darkweb forums.

Read details here: https://thehackernews.com/2024/03/ukraine-arrests-trio-for-hijacking-over.html

🚨 New threat: BunnyLoader 3.0 malware variant emerges with advanced modules for data theft, keylogging, and evasion tactics.

Read details: https://thehackernews.com/2024/03/new-bunnyloader-malware-variant.html

⚠️ Alert: Multiple threat actors exploit security flaws in JetBrains TeamCity to deploy ransomware, crypto miners, Cobalt Strike beacons, and Spark RAT.

Read: https://thehackernews.com/2024/03/teamcity-flaw-leads-to-surge-in.html

Don't be the next victim – update your software!