New vulnerabilities are disclosed hourly, new exploits for old vulnerabilities are publicly released and threat actors are updating their techniques continuously.

Knowing where and how to prioritize your security resources to achieve the greatest impact with the least time invested is critical.

📅 Join Intruder’s webinar on June 12, 2024 to discover the secrets of efficient exposure management: https://thn.news/exposure-management

Can’t make it? Register for the webinar and a copy will be sent.

🚨 Attention WordPress users! Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts and backdoors.

🔗 Learn more: https://thehackernews.com/2024/05/researchers-uncover-active-exploitation.html

🚨 RedTail cryptocurrency mining malware now exploits a critical Palo Alto Networks firewall flaw (CVE-2024-3400) with a CVSS score of 10.0, making it more dangerous than ever.

Learn more: https://thehackernews.com/2024/05/redtail-crypto-mining-malware.html

Ensure your firewalls are patched and secure!

🤖 Struggling with constant alerts and talent shortages?

Learn how AI-driven tools can revolutionize your Security Operations Center by automating alert triage and enhancing efficiency.

Discover the key steps to building an autonomous SOC strategy: https://thehackernews.com/2024/05/how-to-build-your-autonomous-soc.html

Researchers uncover LilacSquid, a previously unknown cyber espionage group targeting IT, energy, and pharmaceutical sectors in the U.S., Europe, and Asia since 2021.

Learn more: https://thehackernews.com/2024/05/cyber-espionage-alert-lilacsquid.html

🚨 Cloudflare disrupts month-long phishing campaign by Russia-aligned FlyingYeti targeting Ukraine. Learn how they exploited housing and utility anxieties to infect targets with COOKBOX malware.

Read: https://thehackernews.com/2024/05/flyingyeti-exploits-winrar.html

🚨 Active Exploitation Alert!

CISA has added two high-severity vulnerabilities to the KEV catalog due to active exploitation:

CVE-2024-1086 (Linux kernel)
CVE-2024-24919 (Check Point)

Read: https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-patch.html

🤖 OpenAI, Meta, and TikTok uncover multiple AI-powered influence operations from China, Iran, Israel, and Russia, aimed at manipulating public opinion through generated content and fake accounts.

Learn more: https://thehackernews.com/2024/05/openai-meta-tiktok-disrupt-multiple-ai.html

🚨 Cyber Alert: APT28, the Russian GRU-backed threat actor, has been linked to sophisticated campaigns targeting European networks with HeadLace malware and credential-harvesting web pages.

🔗 Read: https://thehackernews.com/2024/05/russian-hackers-target-europe-with.html

Microsoft warns of the urgent need to secure internet-exposed OT devices following a wave of cyber attacks, mostly by pro-Russia hacktivists and groups affiliated with Iran.

👉 Learn more: https://thehackernews.com/2024/05/microsoft-warns-of-surge-in-cyber.html

Attackers are evolving faster than defenses. From polymorphic viruses to sandbox evasion, the cybersecurity landscape is ever-changing.

It's time to rethink our strategies.

Discover how Everfox leads in prevention-based security: https://thehackernews.com/2024/05/beyond-threat-detection-race-to-digital.html

⚡ Over 600,000 SOHO routers were bricked and taken offline in a massive, destructive cyberattack targeting a single U.S. internet service provider.

Learn: https://thehackernews.com/2024/05/mysterious-cyber-attack-takes-down.html

This unprecedented event required hardware replacement for all affected devices.

Hugging Face detected unauthorized access to its Spaces platform. A subset of secrets might have been accessed without authorization. Hugging Face is revoking compromised tokens and advising users to switch to fine-grained access tokens.

https://thehackernews.com/2024/06/ai-company-hugging-face-notifies-users.html

🚨 Beware of fake browser updates! Cybercriminals are using this tactic to deliver RATs and info stealers like BitRAT and Lumma Stealer.

Find out how this affordable malware is enabling cybercriminals to steal sensitive data: https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html

#cybersecurity #hacking

🚨 Attention South Korean businesses!

Andariel group targets educational institutes, manufacturing firms, and construction companies with new Golang-based backdoor Dora RAT.

Learn more: https://thehackernews.com/2024/06/andariel-hackers-target-south-korean.html

🔒 Researcher uncovered authorization bypass issues in Cox modems, allowing attackers to run malicious commands and remotely access PII from millions of devices.

Read more: https://thehackernews.com/2024/06/researcher-uncovers-flaws-in-cox-modems.html

🌍 Operation Endgame!

Odd, the elusive cybercriminal behind Emotet, has been identified with multiple aliases. Law enforcement seeks your help to uncover his network.

Learn more: https://thehackernews.com/2024/06/authorities-ramp-up-efforts-to-capture.html

Cato's SASE Threat Report uncovers critical enterprise and network threats through extensive data analysis.

Security professionals: Don't miss these crucial findings and insights!

👉 Click to learn more: https://thehackernews.com/2024/06/sase-threat-report-8-key-findings-for.html

🕵️‍♂️ Attention developers!

A new suspicious package named "glup-debugger-log" has been discovered on the npm registry, designed to drop a RAT on compromised systems.

Learn more: https://thehackernews.com/2024/06/researchers-uncover-rat-dropping-npm.html

Imagine if you could focus on the 20% of vulnerabilities that actually matter and see an 80% improvement in your security posture.

Or, gain 80% more time to focus on activities critical to keeping your business secure…

Join Intruder’s webinar on June 12, 2024 to find out how to achieve this today.

Can’t make it? Register for the webinar and a copy will be sent: https://thn.news/exposure-management-webinar