Автор: Elizabeth Montalbano, Contributing Writer

Sophisticated social engineering is expected to accompany threat campaigns that are highly targeted and aimed at stealing crypto and deploying malware.

Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.

Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address.

Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.

The ShinyHunters attackers are skipping selling stolen data on hacker forums in favor of using deadline-driven ransom notes for financial gain.

A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate.

A server-side request forgery (SSRF) bug in Microsoft’s tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.

Feds confirmed Iran’s involvement in email attack against Roger Stone after Microsoft, Google reported Iranian APT action against both presidential campaigns.

The threat group tracked as APT42 remains on the warpath with various phishing and other social engineering campaigns, as tensions with Israel rise.

Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.