Security researchers at SlashNext have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code, and attachment-based threats in the past six months. This data comes from SlashNext's mid-year "The State of Phishing 2024" report. During the study, the researchers also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the launch of ChatGPT in November 2022, there has been a 4151% surge in malicious phishing messages.

Microsoft has revealed its Artificial Intelligence (AI)-optimized "Copilot+ PCs" that is raising concerns among experts regarding security and privacy due to a new feature called "Recall." According to Microsoft, the Recall feature will feel like having a "photographic memory" of everything a user has viewed on their PC. Recall captures "snapshots" of the user's active screen every few seconds and lets them view their activity.

A critical vulnerability in the open source version of Netflix's Genie job orchestration engine enables remote attackers to execute arbitrary code on systems running affected versions of the software. The bug has a near-max critical score of 9.9 out of 10 on the CVSS vulnerability severity scale. It attacks organizations that run their own Genie OSS instance, uploading and storing user-submitted file attachments via the underlying local file system.

Security researchers at Patchstack recently discovered a significant security vulnerability in the UserPro plugin, a popular community and user profile tool for WordPress developed by DeluxeThemes. This plugin, used by over 20,000 sites, enables users to create customizable front-end profiles and community websites. The critical flaw is in the plugin's password reset mechanism, specifically within the userpro_process_form function, which allowed unauthenticated users to change other users' passwords under certain conditions.

A study with important takeaways for cybersecurity found that Artificial Intelligence (AI)-generated images, text, and audio files are so convincing that people can no longer distinguish them from human-generated content. AI-generated content could increase the success of malicious social engineering attacks. The next generation of phishing emails may be highly personalized for potential victims due to the availability of AI tools. The researchers believe that developing defense mechanisms for such attack scenarios is a critical task for the future.

ConductorOne reports that increased technological and organizational complexity is introducing new identity risks for security leaders. A survey of 523 US Information Technology (IT) security leaders at companies with 250 to 10,000 employees delves into the top challenges and opportunities related to identity security, access management, and Zero Standing Privilege (ZSP). The survey found that most organizations have seen how risky identity issues have become.

Rockwell Automation has recently issued a security notice urging customers to ensure that their industrial control systems (ICS) are not connected to the internet and exposed to cyber threats.

Mastercard has recently announced it is deploying generative AI technology to enhance its fraud detection capabilities. The company said that generative AI enables it to double the speed at which it can detect potentially compromised cards, allowing banks to block them far faster. The company noted that the new technology they developed can scan transaction data across billions of cards and millions of merchants "at faster rates than previously imaginable." It better predicts the full card detail of comprised cards on its network, alerting Mastercard to new, complex fraud patterns.

Video communications giant Zoom recently announced that post-quantum end-to-end encryption (E2EE) has been added to Zoom Workplace.

Semiconductor manufacturing giant OmniVision Technologies has recently disclosed a data breach following a ransomware attack it suffered in September 2023. The company said that the incident was discovered on September 30, 2023, after certain systems were encrypted by malware. The investigation was completed on April 3, 2024, and it was determined that, between September 4 and September 30, the attackers stole personal information from certain OmniVision systems.