Автор: Elizabeth Montalbano, Contributing Writer

Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.

A continuation of the North Korean nation-state threat’s campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.

Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware.

Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware.

Security experts worry the company’s Chapter 11 status and aim to sell its assets could allow threat actors to exploit and misuse the genetic information it collected.

A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.

A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.

Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments.

A server-side request forgery vulnerability in OpenAI’s chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.

A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year.