Two Nigerian nationals were recently sentenced to prison in the US for operating a business email compromise (BEC) scheme.

Multiple threat groups have targeted organizations worldwide through the exploitation of two old vulnerabilities in a DrayTek product.

Security researchers discovered a new distribution mechanism for the "Lumma Stealer" infostealer malware. The mechanism is a "checker" tool used by hackers to validate stolen credentials.

Semiconductor supplier Microchip Technology recently confirmed that personal information and other types of data were stolen from its systems during a recent ransomware attack.  The company disclosed the incident on August 20.

Cisco recently announced patches for multiple vulnerabilities, including two critical-severity flaws in Smart Licensing Utility and a medium-severity Identity Services Engine flaw for which proof-of-concept (PoC) code exists.

A new supply chain attack technique named "Revival Hijack" by the software supply chain security company JFrog has been used in the wild to infiltrate downstream organizations.

Cisco's site for selling company-themed merchandise has temporarily been taken down due to hackers compromising it with JavaScript code that steals sensitive customer details entered at checkout.

The frequency, severity, and costs of ransomware attacks continue to grow. Recent reports show rising attacks on healthcare, manufacturing, and other critical sectors.

Microsoft is experimenting with a new security mitigation to combat the rise in cyberattacks involving the exploitation of vulnerabilities in the Windows Common Log File System (CLFS).

Last month, a North Korean intelligence threat actor exploited two novel vulnerabilities to steal from the cryptocurrency industry and fund the Kim Jong Un regime.

YubiKey security keys can be cloned through a side-channel attack involving the exploitation of a vulnerability in a third-party cryptographic library. The attack called "Eucleak" was demonstrated by NinjaLab.

Threat actors are using MacroPack, a tool designed for red team exercises, to deploy malware. Cisco Talos researchers discovered several related Microsoft documents uploaded to VirusTotal between May and July 2024.