According to researchers at Volexity, the Advanced Persistent Threat (APT) group "StormBamboo" compromised an Internet Service Provider (ISP) to poison Domain Name System (DNS) queries and deliver malware to organizations.

Researchers from the Graz University of Technology have published a paper on "SLUBStick," a new Linux kernel exploitation technique that makes heap vulnerabilities increasingly dangerous.

According to a team of researchers from the University of Tokyo and NTT Security, attackers can conceal their malicious injection activity by inserting commands into the machine code stored in memory by the software interpreters that many programming l

According to Proofpoint, threat actors have been using Cloudflare Tunnels to deliver different Remote Access Trojan (RAT) families.

The SANS Internet Storm Center reported that new Mirai botnet variants are targeting the open source Enterprise Resource Planning (ERP) framework OFBiz. The Apache Foundation supports OFBiz, a Java-based framework for creating ERP applications.

Attackers have been pushing fake ads to lure users into downloading the popular Google Authenticator Multi-Factor Authentication (MFA) app, which actually leads to downloading malware on GitHub.

According to Checkmarx researchers, threat actors uploaded malicious Python packages to the PyPI repository and promoted them on the online question-and-answer platform StackExchange.

According to Akamai, layer 7 Distributed Denial-of-Service (DDoS) attacks on the gaming industry have increased 94 percent over the past year.

According to Picus Security, 40 percent of tested environments enabled attack paths leading to domain admin access.

Over 35,000 registered domains have been hijacked in "Sitting Ducks" attacks. These attacks enable a domain to be claimed without access to the owner's account at the Domain Name System (DNS) provider or registrar.

According to Cleafy, "BingoMod," a recently discovered Remote Access Trojan (RAT), targets Android users to steal information and money via Account Takeover (ATO). BingoMod enables threat actors to initiate money transfers from infected devices.

A new Vipre Security Group study brings further attention to the use of Artificial Intelligence (AI) tools increasing Business Email Compromise (BEC) attacks.