Автор: Elizabeth Montalbano, Contributing Writer

Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.

The ShinyHunters attackers are skipping selling stolen data on hacker forums in favor of using deadline-driven ransom notes for financial gain.

A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate.

A server-side request forgery (SSRF) bug in Microsoft’s tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.

Feds confirmed Iran’s involvement in email attack against Roger Stone after Microsoft, Google reported Iranian APT action against both presidential campaigns.

The threat group tracked as APT42 remains on the warpath with various phishing and other social engineering campaigns, as tensions with Israel rise.

Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.

Computer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.

Computer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.

Earth Baku, yet another subgroup of the highly active and increasingly sophisticated collective, is moving into EMEA with new malware and living-off-the-land (LOL) tactics.