Think that job offer is too good to be true? You might be right!

Hackers use fake job descriptions to exploit an MSHTML flaw and deploy MerkSpy spyware, targeting Canada, India, Poland, and the US.

Read: https://thehackernews.com/2024/07/microsoft-mshtml-flaw-exploited-to.html

Open-Source Intelligence + AI = Game Changer!

AI-powered tools are now handling massive data volumes, real-time analysis, and multilingual content.

Ready to level up your OSINT game?

Learn more: https://thehackernews.com/2024/07/the-emerging-role-of-ai-in-open-source.html

Twilio reports a data breach exposing 33 million Authy phone numbers, urges users to update apps and stay vigilant against phishing.

Details here > https://thehackernews.com/2024/07/twilios-authy-app-breach-exposes.html

Global police operation disrupts cybercrime networks, shuts down 600 servers linked to Cobalt Strike cyberattacks, and arrests 54 for elderly fraud schemes.

Learn more: https://thehackernews.com/2024/07/global-police-operation-shuts-down-600.html

⚠️ Attention IT Pros!

#Microsoft reveals critical vulnerabilities in Rockwell Automation PanelView Plus. Unauthenticated attackers could exploit these to execute code remotely or trigger DoS attacks.

Read: https://thehackernews.com/2024/07/microsoft-uncovers-critical-flaws-in.html

Discover the advanced Zergeca botnet capable of powerful DDoS attacks, proxying, scanning, and more, targeting major countries and using stealthy communication methods.

Read: https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.html

Did you know? Polyfill supply chain attack impacts 380,000+ hosts, affecting major brands like WarnerBros, Hulu, and Mercedes-Benz. The Hetzner network is hit hardest, redirecting users to adult and gambling sites.

Learn more: https://thehackernews.com/2024/07/polyfillio-attack-impacts-over-380000.html

🚨 GootLoader malware evolves with new versions, using SEO poisoning and disguised payloads to compromise systems.

Learn about its latest threats and tactics: https://thehackernews.com/2024/07/gootloader-malware-delivers-new.html

🛡️ Webinar Alert: Critical ITDR Capabilities Every Professional Must Know.

Join us to learn about the key features that ensure robust identity protection. Get real-life scenarios and actionable tips.

Register now: https://thehacker.news/securing-digital-identity

Don't miss this exclusive webinar.

Learn about Continuous Threat Exposure Management (CTEM) and how it enhances cybersecurity by improving visibility, vulnerability management, and validation.

Learn more: https://thehackernews.com/2024/07/blueprint-for-success-implementing-ctem.html

⚠️ A recent DDoS attack reached a staggering 840 million packets per second, according to OVHcloud.

MikroTik routers played a significant role, with many compromised devices amplifying the attack.

Read: https://thehackernews.com/2024/07/ovhcloud-hit-with-record-840-million.html

Apple removes 25 VPN apps, incl. ProtonVPN, Red Shield, NordVPN, & Le VPN, from Russian App Store following government request, sparking concerns over digital freedom and escalating censorship.

Read details: https://thehackernews.com/2024/07/apple-removes-vpn-apps-from-russian-app.html

Four unpatched Gogs Git flaws (CVE-2024-39930 to 39933) let attackers breach instances, steal/modify code, or plant backdoors.

Read more: https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html

~7,300 exposed instances; 60% in China. Users urged to disable SSH and registration.

Experts report a surge in Mekotio trojan attacks in Latin America. It installs via MSI files and AHK scripts, stealing banking information through fake pop-ups, keystroke logging, and screenshots.

Learn more: https://thehackernews.com/2024/07/experts-warn-of-mekotio-banking-trojan.html

Cybersecurity Disconnect — Only 5% of CISOs report to CEOs; 2/3 are 2 levels down.

Learn key strategies for CISOs to bridge the communication gap with boards, justify cybersecurity budgets, and report risks effectively.

Read: https://thehackernews.com/2024/07/5-key-questions-cisos-must-ask.html

Eldorado, a new ransomware-as-a-service (RaaS), targets Windows and Linux systems using Golang, Chacha20, and RSA-OAEP for encryption.

Learn about its capabilities, victims, and the growing ransomware landscape: https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html

🚨 Analysis of malware logs on the dark web uncovered 3,300+ users child abuse material consumers. Notably, 4.2% had multiple credentials, indicating persistent offenders.

Read: https://thehackernews.com/2024/07/dark-web-malware-logs-expose-3300-users.html

New APT group CloudSorcerer targets Russian govt entities using #Microsoft Graph, Yandex Cloud, & Dropbox for C2, with GitHub as an initial C2 server, adapting its behavior dynamically based on host processes like mspaint.exe.

Learn more: https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html

Unknown threat actors are spreading trojanized jQuery via npm, GitHub, and jsDelivr in a complex supply chain attack.

Malware hides in the seldom-used 'end' function of jQuery, used by 'fadeTo'.

Learn more: https://thehackernews.com/2024/07/trojanized-jquery-packages-found-on-npm.html

🌏 Global cybersecurity agencies warn about China-linked APT40's rapid exploit adaptation, targeting vulnerabilities in widely-used software across multiple countries.

Learn more: https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html