Microsoft has announced new security measures to strengthen Windows11, including deprecating NTLM in favor of Kerberos for authentication and AI-powered Smart App Control to block malware.

Details here > https://thehackernews.com/2024/05/windows-11-to-deprecate-ntlm-add-ai.html

Researchers found security flaws in popular software packages: llama_cpp_python for AI models and PDF.js for the Firefox browser, allowing attackers to execute arbitrary code if exploited.

Details here > https://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html

🔒 SolarMarker malware evolves with a multi-tiered infrastructure, making it harder for law enforcement to take down and evade detection.

Learn about the latest tactics: https://thehackernews.com/2024/05/solarmarker-malware-evolves-to-resist.html

Non-compliance with IT security rules can cause data loss, financial harm, and reputational damage.

Discover how Wazuh's open-source solution monitors files in real-time and detects unauthorized changes.

https://thehackernews.com/2024/05/streamlining-it-security-compliance.html

🚨 Alert - New CLOUD#REVERSER attack campaign uses Google Drive and Dropbox to stage malware, disguising executables as Excel files with the right-to-left override Unicode trick.

Learn more: https://thehackernews.com/2024/05/malware-delivery-via-cloud-services.html

🔒 Secure modern applications without compromising DevOps velocity or developer experience.

Discover the five guiding principles essential for building a highly effective DevSecOps practice in this latest article.

Read on > https://thehackernews.com/2024/05/five-core-tenets-of-highly-effective.html

⚡ Alert for GitHub Enterprise Server users.

A critical flaw (CVE-2024-4985) has been found, allowing attackers to gain admin privileges by forging SAML responses.

More details in the article > https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html

Check if your instance is affected & update immediately.

⚠️ Attention: Veeam has disclosed 4 new vulnerabilities in its Backup Enterprise Manager, including a critical security flaw (CVE-2024-29849) that could allow attackers to bypass authentication.

🔗 Learn more here: https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html

Don't wait - update your software now.

Zoom has announced the rollout of NIST-approved post-quantum Kyber-768 End-to-End Encryption (E2EE) for Zoom Meetings to protect users against sophisticated attacks.

Learn more: https://thehackernews.com/2024/05/zoom-adopts-nist-approved-post-quantum.html

Attention QNAP users! Make sure to update your QTS and QuTS hero to the latest versions to address recently discovered vulnerabilities.

Read the article to learn more about the researchers' findings and QNAP's response: https://thehackernews.com/2024/05/qnap-patches-new-flaws-in-qts-and-quts.html

⚠️ An unknown threat actor is exploiting Microsoft Exchange Server flaws to deploy stealthy keylogger malware in targeted attacks aimed at government agencies, banks, and educational institutions.

Details here - https://thehackernews.com/2024/05/ms-exchange-server-flaws-exploited-to.html

🚨 New cryptojacking malware campaign HIDDEN SHOVEL uses GHOSTENGINE payload to exploit vulnerable drivers, disable EDRs, and install XMRig miner in a BYOVD attack.

Find details here: https://thehackernews.com/2024/05/ghostengine-exploits-vulnerable-drivers.html

🚨 CISA Urgent Advisory:

Rockwell Automation urges disconnecting all industrial control systems (ICS) not meant for the public internet to prevent cyber threats amid heightened geopolitical tensions.

Learn more: https://thehackernews.com/2024/05/rockwell-advises-disconnecting-internet.html

🌐 Researchers uncover a stealthy threat group, dubbed "Unfading Sea Haze," targeting high-level organizations in the South China Sea. Poor credential hygiene and outdated patches enable these attacks to succeed.

Read: https://thehackernews.com/2024/05/researchers-warn-of-chinese-aligned.html

The number of SaaS apps in enterprises is skyrocketing, creating complex security challenges.

Discover how SaaS Security Posture Management (SSPM) can help protect your organization against evolving threats.

Get 2025 Ultimate SaaS Security Checklist: https://thehackernews.com/2024/05/the-ultimate-saas-security-posture.html

Microsoft to deprecate VBScript in favor of JavaScript and PowerShell. The tech giant plans to phase out the scripting language starting in the second half of 2024.

Learn more: https://thehackernews.com/2024/05/the-end-of-era-microsoft-phases-out.html

🔥 Ivanti released patches for multiple critical security flaws (CVE-2024-29822 through CVE-2024-29827) in Endpoint Manager (EPM) — 6 of these are SQL injection vulnerabilities that allow RCE without authentication.

Learn more: https://thehackernews.com/2024/05/ivanti-patches-critical-remote-code.html

What are the 5️⃣ core components of any robust SaaS Security Posture Management (SSPM) solution?

Learn how to choose the right SSPM vendor for your organization and get a list of 25 questions to ask in your security assessment.

Download the guide: https://thn.news/sspm-guide-ln

🚨 Chinese APT group targets government entities in the Middle East, Africa, and Asia in a large-scale cyber espionage campaign dubbed Operation "Diplomatic Specter."

Learn more about the tactics and techniques used by the attackers: https://thehackernews.com/2024/05/inside-operation-diplomatic-specter.html

🌐 Sharp Dragon, a China-linked threat actor, extends its cyber espionage reach to Africa and the Caribbean, targeting governmental organizations.

Learn more about their tactics: https://thehackernews.com/2024/05/new-frontiers-old-tactics-chinese-cyber.html