According to security researchers at Lumen Technologies, more than 600,000 small office/home office (SOHO) routers belonging to the same ISP were rendered inoperable in a single destructive event.  The researchers noted that the impacted router models, from ActionTec and Sagemcom, were confined to the ISP’s autonomous system number (ASN), and were likely infected with Chalubo, a remote access trojan (RAT) that ensnares devices into a botnet.

The US Department of Justice (DoJ) dismantled what is considered the world's largest botnet ever. It included 19 million infected devices leased to other threat actors for committing various malicious activities. The "911 S5 botnet" served as a residential proxy service, with a global footprint spanning over 190 countries. According to the DoJ, the botnet was used for cyberattacks, financial fraud, identity theft, and more. This article continues to discuss the dismantlement of the 911 S5 botnet. 

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar," which describes the infrastructure, tools, data, and methods of this Zero Trust (ZT) framework pillar. Organizations are encouraged to follow the report's advice to mitigate risks and quickly identify, detect, and respond to cyber threats. Recommended actions include logging all relevant activity, centralizing security information and event management, regularly using security and risk analytics, and more.

A piano-themed email campaign targeting students and faculty at North American colleges and universities commits Advance Fee Fraud (AFF). According to Proofpoint, over 125,000 emails have been observed in this scam cluster this year. Fraudsters offer free pianos in deceptive emails and then direct respondents to a fake shipping company that demands payment before delivering the piano. The scammers accept Zelle, Cash App, PayPal, Apple Pay, and cryptocurrency. They also try to get victims' names, addresses, and phone numbers. This article continues to discuss the AFF email campaign.

Computer hardware manufacturer Cooler Master has recently suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers.  Yesterday, a threat actor by the alias "Ghostr" contacted BleepingComputer and claimed to have stolen 103 GB of data from Cooler Master on May 18th, 2024.

Stephen Schwab, director of strategy for the University of Southern California (USC) Information Sciences Institute's (ISI) Networking and Cybersecurity division, envisions symbiotic teams of humans and Artificial Intelligence (AI) models working together to strengthen security. AI can help analysts thrive in high-stakes environments. Schwab and his team use testbeds and models to study AI-assisted cybersecurity in smaller systems.

A macOS version of the "LightSpy" surveillance framework extends the tool's targeting beyond Android and iOS devices. LightSpy is a modular iOS and Android surveillance framework used to steal files, screenshots, location data and more from victims' mobile devices. Attackers have used the framework against targets in the Asia–Pacific region. ThreatFabric reports that a macOS implant has been active in the wild since January 2024. This article continues to discuss findings regarding the macOS version of the LightSpy spyware tool.

The BBC has recently disclosed a cyberattack that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members.  The company noted that the incident impacted roughly 25,000 people, including current and former employees of Britain's national public service broadcaster.  The compromised data includes full names, national insurance numbers, dates of birth, sex, and home addresses.

Europol has reported that authorities in over a dozen countries have disrupted the TrickBot botnet and several other malware droppers. The law enforcement operation called "Operation Endgame" targeted "Bumblebee," "IcedID," "Pikabot," "Smokeloader," "SystemBC," and "TrickBot" from May 27 to 29 to disrupt criminal operations and arrest the cybercriminals behind them. These droppers have been used in the first stage of malicious attacks to steal data, control compromised machines, and install other malware, including ransomware.