Cybercriminals may be using a generative AI tool called WormGPT to create convincing phishing emails to support business email compromise attacks. A new survey shows that 1 in 5 people fall for the fake, AI-generated emails, according to cybersecurity researchers.
Enterprise software firm JumpCloud says a sophisticated nation-state threat actor is behind a security incident that targeted a small and specific set of customers last week. JumpCloud reset all of its API keys, potentially affecting thousands of customers including Cars.com and GoFundMe.
Researchers are warning of an uptick in attacks using a series of malicious Microsoft Office documents designed to drop LokiBot, an information stealer capable of sweeping up credentials. LokiBot has been active since 2015 and specializes in information stealing through malicious email attachments.
Threat actors are using dedicated mobile Android OS device spoofing tools to defraud customers of online banking, payment systems, advertising networks and online marketplaces globally. Resecurity observed cybercriminals using spoofing tools to exploit stolen cookies and access victims' systems.
Microsoft released the largest set of patches of the year - software updates for 132 vulnerabilities, including six zero-days. Microsoft rated nine of the flaws as having critical severity, 121 as being important and eight as being linked to critical remote code execution vulnerabilities.
The growing list of MOVEit cyberattack victims has grown. Sixty-two clients of Big Four accounting firm Ernst & Young now appear on the Clop ransomware group's data leak site. A spokesperson for Ernst & Young confirmed that a "limited" attack on the company's systems had occurred.
A new malware campaign powered with multistage attack methodology is targeting businesses in the LATAM region using specially crafted modules. The newly identified Trojan, dubbed Toitoin, follows a six-stage attack plan in which each stage is custom-designed to carry out malicious activities.
North American cybersecurity agencies are warning about a new variant of the Truebot Trojan that collects and exfiltrates information from victims. The new variant attacks a known critical-severity vulnerability - a remote code execution vulnerability in the Netwrix Auditor.
International law enforcement agencies say they arrested the mastermind of a French-speaking cybercriminal syndicate dubbed Opera1er for carrying out more than 30 successful attacks against financial institutions, banks, mobile banking services and telecommunications companies.
A Chinese nation-state group is hacking foreign affairs ministries and embassies across Europe, employing a sophisticated HTML-smuggling technique to deliver the insidious PlugX remote access Trojan to compromised systems. The technique raises concern about the security of diplomatic institutions.
The BlackCat RaaS group is developing a threat activity cluster using chosen keywords on webpages of legitimate organizations to deploy malicious malware. Trend Micro researchers discovered cybercriminals using malvertising to deploy malware using cloned webpages of WinSCP and SpyBoy.
An Iranian government-backed hacking group known as Charming Kitten has updated its malware arsenal to include an updated version of the Powerstar backdoor, also known as CharmPower, which takes advantage of a distributed file protocol to distribute customized phishing links.
Researchers discovered an undisclosed malware family named EarlyRat being used by a branch of the North Korea-backed Lazarus Group. Kaspersky researchers said they stumbled upon the never-before-seen malware family, which is deployed in Log4j and phishing attacks.
Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.
A U.S. judge sentenced a 24-year-old British man to five years in prison for his part in hacking high-profile Twitter accounts as part of a bitcoin scam in 2020. Prosecutors say Joseph James O'Connor stole $794,000 by hijacking 130 accounts, including those of Barack Obama, Joe Biden and Elon Musk.