🚨 Heads up, WordPress admins!

A critical SQL injection flaw in the LayerSlider plugin (CVE-2024-2879) could lead to sensitive data leaks. If you haven't updated, make sure to install version 7.10.1 or latest.

Find details: https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html

⚠️ Banking trojan Mispadu expands to Italy, Poland, and Sweden, stealing thousands of credentials with sophisticated tactics like phishing emails and keystroke capture.

Read details: https://thehackernews.com/2024/04/mispadu-trojan-targets-europe-thousands.html

Google Chrome is testing a new feature called "Device Bound Session Credentials" to fight against session cookie theft by #malware.

DBSC links auth sessions directly to users' devices to stop cookie theft hacks.

Learn more about it: https://thehackernews.com/2024/04/google-chrome-beta-tests-new-dbsc.html

Confused about vulnerability management (VM) vs. attack surface management (ASM)?

They're both important but different. But together, they form a robust defense against cyber threats.

Learn how: https://thehackernews.com/2024/04/attack-surface-management-vs.html

⚠️ U.S. Cyber Safety Review Board slams Microsoft for security failures that enabled a major data breach by China-backed hackers.

Read details: https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html

🔥 Google's Pixel smartphones under attack!

Two new Android security flaws - CVE-2024-29745 & CVE-2024-29748 - uncovered, exploited in the wild by forensic companies.

Learn more: https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html

⚠️ Ivanti releases security patches for 4 new flaws in Connect Secure/Policy Secure Gateways.

Flaws could allow attackers to execute arbitrary code or launch DoS attacks.

Learn more: https://thehackernews.com/2024/04/ivanti-rushes-patches-for-4-new-flaw-in.html

Your data protection strategy can only be as good as the solutions you choose to implement. This makes being prepared and informed a crucial part of the buying process.

Check out the free Zerto Data Protection Buyers Guide for more buying decision info: https://thn.news/6DQjE1Pa

New HTTP/2 #ulnerability discovered.

"CONTINUATION Flood" attacks can lead to denial-of-service (DoS). This could cause crashes and serious website disruptions.

Find details here: https://thehackernews.com/2024/04/new-http2-vulnerability-exposes-web.html

🚨 Beware of new phishing campaigns targeting the oil and gas sector. Rhadamanthys malware makes a comeback, using a clever vehicle incident lure to trick victims into downloading malicious payloads.

Learn more: https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html

⚠️ Vietnamese hacking group, CoralRaider, targets multiple Asian countries with data-stealing malware, stealing credentials & financial data to sell on underground markets.

Read details: https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html

⚡ Critical Supply Chain Compromise: Backdoor in XZ Utils allows RCE.

See how to detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library.

Read: https://thn.news/critical-rce-xz-utils

🛑 Multiple China-based hackers are on a spree exploiting zero-day flaws in Ivanti appliances.

Vulnerabilities CVE-2023-46805, CVE-2024-21887, CVE-2024-21893 are being abused.

Learn more: https://thehackernews.com/2024/04/researchers-identify-multiple-china.html

Even financially motivated groups are in on the action.

⚠️ Financial organizations in APAC & MENA are under attack!

A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems, targeting banks & big companies.

https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html

⚠️ Watch out for FAKE Adobe Acrobat Reader installers. They carry a nasty malware called Byakugan that steals your data and even drops cryptominers.

https://thehackernews.com/2024/04/from-pdfs-to-payload-bogus-adobe.html

🔒 New research reveals critical security risks for AI-as-a-service providers like Hugging Face. Attackers could gain access to hijack models, escalate privileges, and infiltrate CI/CD pipelines.

Details: https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html

Security ≠ Compliance!

Compliance requirements in cybersecurity are evolving rapidly, demanding stronger organizational skills from CISOs. Building partnerships with legal teams, privacy officers, and audit committees is crucial for success.

Learn: https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html

⚠️ ALERT: Exploit alert for Magento users!

A critical flaw, CVE-2024-20720, allows threat actors to sneak a persistent backdoor into e-commerce sites and deploy skimmers to steal financial data.

Learn more: https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html

🔐 Google sues app developers for massive cryptocurrency scam.

Scammers tricked 100,000+ users into downloading fake investment apps, stealing money under the promise of high returns.

Learn more: https://thehackernews.com/2024/04/google-sues-app-developers-over-fake.html

🛑 Latin America targeted in a new phishing attack. Beware of emails with HTML files or ZIP attachments posing as invoices.

Cybercriminals are also using suspended domains and CAPTCHA verification to mask malicious files.

Learn more: https://thehackernews.com/2024/04/cybercriminals-targeting-latin-america.html