New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

The Hacker News Daily Updates
Newsletter
cover

Developer-First Security Tools Buyers Guide

Cloud computing environments are increasingly de!ned and controlled by infrastructure-as-code (i.e. Terraform), containers and Kubernetes.

Download Now Sponsored
LATEST NEWS Dec 15, 2022

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential ...

Read More
Twitter Facebook LinkedIn

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. ...

Read More
Twitter Facebook LinkedIn

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger "takes advantage of Flutter's framework ...

Read More
Twitter Facebook LinkedIn

Top 5 Web App Vulnerabilities and How to Find Them

Web applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and education.  Most startup CTOs have an excellent understanding of how to build highly ...

Read More
Twitter Facebook LinkedIn

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors. "The packages were part of a new attack vector, with attackers spamming the open-source ecosystem with packages containing links to phishing campaigns," researchers from Checkmarx and Illustria said in a report published Wednesday. Of ...

Read More
Twitter Facebook LinkedIn

FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. It also charged six suspects – Jeremiah Sam Evans Miller (23), Angel Manuel Colon Jr. (37), Shamar Shattock (19), Cory Anthony ...

Read More
Twitter Facebook LinkedIn

Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems

Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags. HTML smuggling is a technique that relies on using legitimate features ...

Read More
Twitter Facebook LinkedIn

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers ...

Read More
Twitter Facebook LinkedIn
cover

Developer-First Security Tools Buyers Guide

Cloud computing environments are increasingly de!ned and controlled by infrastructure-as-code (i.e. Terraform), containers and Kubernetes.

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Older messages

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Tuesday, December 13, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 13, 2022 Serious Attacks Could Have Been Staged Through This Amazon ECR

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

Monday, December 12, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 12, 2022 Top 4 SaaS Security Threats for 2023 With 2022 coming to a close

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Saturday, December 10, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 10, 2022 Hack-for-Hire Group Targets Travel and Financial Entities with

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

Friday, December 9, 2022

The Hacker News Daily Updates Newsletter cover Why Altair Advisers Chose GlobalMeet Webcast for their virtual event needs In this guide, you will learn about why private wealth management company

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Thursday, December 8, 2022

The Hacker News Daily Updates Newsletter cover Natively launch, run and scale apps on AWS with ease Easily extend to the cloud, migrate apps, eliminate management overhead and enjoy NetApp's

You Might Also Like

The Floater Manifesto 🛟

Wednesday, November 20, 2024

Some people use one operating system. I use many. Here's a version for your browser. Hunting for the end of the long tail • November 19, 2024 The Floater Manifesto Our technology should be good

Boost Elastic Skills & Break Limits in 2025!

Wednesday, November 20, 2024

Transforming Elastic Customer Support with GenAI ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ elastic | Search. Observe. Protect Get your annual pass Edu-Email-

📞 6 Foldable Phone Misconceptions Busted — What to Know About Family Cell Plans

Tuesday, November 19, 2024

Also: Use These Apps to Improve Spotify, and More! How-To Geek Logo November 19, 2024 Did You Know Despite the widely held misunderstanding that Franklin D. Roosevelt had polio, his health problems and

Debugging TUIs, Dictionary Comprehensions, Puzzles, and More

Tuesday, November 19, 2024

How to Debug Your Textual Application #656 – NOVEMBER 19, 2024 VIEW IN BROWSER The PyCoder's Weekly Logo How to Debug Your Textual Application TUI applications require a full terminal which most

Daily Coding Problem: Problem #1613 [Hard]

Tuesday, November 19, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by VMware. The skyline of a city is composed of several buildings of various widths and

Ranked | U.S. States vs. G7 Countries by GDP per Capita 📊

Tuesday, November 19, 2024

Why compare American states vs G7 economies? Answer: for a granular look at how America has left its peers in the dust. View Online | Subscribe | Download Our App Presented by: OANDA FEATURED STORY US

Spyglass Dispatch: Selling Chrome • Tech Tariffs • Masa Son's Bets • Alexa's Frustrations • Ex-Meta Lobbying • Apple's Missing Battery Pack

Tuesday, November 19, 2024

Selling Chrome • Tech Tariffs • Masa Son's Bets • Alexa's Frustrations • Ex-Meta Lobbying • Apple's Missing Battery Pack The Spyglass Dispatch is a free newsletter sent out daily on

A Go-powered MIDI sequencer

Tuesday, November 19, 2024

Plus a big GoLand release, developing a terminal app with Bubble Tea, and reflecting on the history of Unix. | #​532 — November 19, 2024 Unsub | Web Version Together with Blacksmith Go Weekly Mailpit:

Is AI Progress Slowing? The Scaling Debate OpenAI Doesn’t Want to Have

Tuesday, November 19, 2024

Top Tech Content sent at Noon! How the world collects web data Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, November 19, 2024? The HackerNoon

Webinar | Data Storytelling: What Organizations Need to Know Going into 2025 📈

Tuesday, November 19, 2024

A free webinar hosted by Visual Capitalist founder Jeff Desjardins. View email in browser In preparation for our new book "The Art of Data" and its speaking tour, we're giving you a sneak