🚨 Critical security flaw (CVE-2024-37032) discovered in Ollama, an open-source AI platform, could lead to remote code execution.

Learn more: https://thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html

Over 1,000 exposed instances found. Patch available in v0.1.34.

Google Project Zero introduces 'Naptime,' an LLM-powered framework for vulnerability research. It boosts LLMs' CyberSecEval 2 performance, using advanced tools to better identify and exploit software flaws.

Read: https://thehackernews.com/2024/06/google-introduces-project-naptime-for.html

Overwhelmed by cybersecurity threats?

Cybersixgill’s IQ Report Generator automates CTI reports in minutes, freeing your team for proactive defense measures.

Don’t miss out—see how it works: https://thehackernews.com/2024/06/ease-burden-with-ai-driven-threat.html

🚨 Alert: Popular WordPress plugins backdoored to create rogue admin accounts. Users advised to inspect sites, remove suspicious admins, and update affected plugins.

Learn more: https://thehackernews.com/2024/06/multiple-wordpress-plugins-compromised.html

🛡️ Four Vietnamese nationals linked to the FIN9 cybercrime group indicted in the U.S., accused of causing over $71 million in losses through computer intrusions.

Learn how they pulled it off and what charges they face: https://thehackernews.com/2024/06/4-fin9-linked-vietnamese-hackers.html

WikiLeaks founder Julian Assange freed after 5 years in U.K. prison. His 14-year legal battle ends with a plea deal.

Read details here: https://thehackernews.com/2024/06/wikileaks-julian-assange-released-from.html

Assange has left the U.K. and is en route to Australia.

Researchers uncover a new attack technique called GrimResource, exploited in the wild, which uses specially crafted Microsoft Management Saved Console (MSC) files to achieve full code execution and evade security defenses.

Details: https://thehackernews.com/2024/06/new-attack-technique-exploits-microsoft.html

New threat actor "Boolka" uses SQL injection to infect websites with BMANAGER trojan, stealing data via malicious scripts.

Learn more about their sophisticated tactics: https://thehackernews.com/2024/06/new-cyberthreat-boolka-deploying.html

🔒 Tight on budget but need to ramp up data security in #Googleworkspace? Don’t miss the exclusive webinar: "Data Loss & Leaks Prevention: Beyond GAM." Peek behind the curtain to see how top IT pros have achieved a stunning 98% increase in compliance and security by maximizing the native capabilities of Googleapps and automating routine Googlework space admin tasks — all without breaking the bank.

💡 Topics covered will include:

• Automation of External Files Sharing Audits

• Monitoring and Taking Action on Out of Domain Email Forwarding

• Management of 'Zombie Drives' and more

Don’t miss out on this zero-fluff, zero-filler, 100% hands-on live event brought to you by Zenphi! Secure a spot today by registering for free here: https://thn.news/dlp-google-workspace

🔒 Discover how browser security platforms help CISOs cut costs, boost efficiency, and enhance cybersecurity.

Read real-life success stories: https://thehackernews.com/2024/06/how-to-cut-costs-with-browser-security.html

WARNING: Google blocks ads for websites using polyfill[.]io library due to a supply chain attack where the domain was acquired by a Chinese company and modified to redirect users to malicious sites.

Details: https://thehackernews.com/2024/06/over-110000-websites-affected-by.html

🚨 Alert: Discover how the updated Medusa Android banking trojan targets users in 7 countries, featuring new stealth capabilities and expanded reach.

Read: https://thehackernews.com/2024/06/new-medusa-android-trojan-targets.html

🕵️‍♀️ 💳 A new credit card web skimmer called "Caesar Cipher Skimmer" is targeting multiple CMS platforms including WordPress, Magento, and OpenCart to steal financial and payment information.

Details: https://thehackernews.com/2024/06/new-credit-card-skimmer-targets.html

Apple releases firmware security update for AirPods and Beats devices, addressing a critical Bluetooth vulnerability that could allow unauthorized access and eavesdropping.

Learn more about CVE-2024-27867: https://thehackernews.com/2024/06/apple-patches-airpods-bluetooth.html

Explore key strategies to secure software supply chains effectively amidst rising cyber threats. Learn about SBOMs, SLSA, and DevSecOps best practices.

Learn more: https://thehackernews.com/2024/06/practical-guidance-for-securing-your.html

🌍 State-sponsored cyber groups from China and North Korea have been linked to ransomware attacks on global governments and critical infrastructure.

Learn more about the tactics used ➡️ https://thehackernews.com/2024/06/chinese-and-n-korean-hackers-target.html

🚨 Critical security flaw discovered in Progress Software's MOVEit Transfer.

CVE-2024-5806 allows authentication bypass and is already being exploited. Update now to protect your systems.

Read details: https://thehackernews.com/2024/06/new-moveit-transfer-vulnerability-under.html

🚨 Critical security flaw found in Fortra FileCatalyst Workflow. CVE-2024-5276 scores 9.8 on CVSS. Patch now to protect your data from SQL injection attacks.

Details here ➡️ https://thehackernews.com/2024/06/critical-sqli-vulnerability-found-in.html

A 22-year-old Russian national has been indicted in the U.S. for cyberattacks against Ukraine and its allies just before Russia's invasion in 2022.

US offers $10M reward. Read more: https://thehackernews.com/2024/06/russian-national-indicted-for-cyber.html

⚠️ Attention developers — A new high-severity prompt injection flaw (CVE-2024-5565) in Vanna AI library exposes databases to remote code execution.

Find out how this flaw could impact your projects: https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html