Stanford University recently notified 27,000 individuals that their personal information was stolen in a ransomware attack on its Department of Public Safety (DPS). The university says that the incident was discovered on September 27, 2023, but the attackers had access to the Stanford DPS network beginning May 12. The university noted that the hackers were evicted from the environment, and the network was secured shortly after the attack was discovered.

Salt Labs researchers discovered three security vulnerabilities in ChatGPT extension functions that could enable unauthorized, zero-click access to users' accounts and services. ChatGPT plug-ins and custom versions of the Artificial Intelligence (AI) system published by developers expand the AI model's capabilities. They enable interactions with external services by granting OpenAI's popular generative AI chatbot access and permission to perform tasks on different third-party websites, including GitHub and Google Drive.

According to cybersecurity researchers at GitGuardian, GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in more than 3 million public repositories in 2023, with most still valid after five days. GitGuardian sent out 1.8 million complimentary email alerts to those who exposed secrets, with only 1.8 percent of those contacted taking prompt action to address the issue.

US law enforcement recently seized $1.4 million worth of Tether (USDT) tokens believed to have been fraudulently obtained through tech support scams.  As part of the alleged scheme, which mainly targeted the elderly across the US, victims were targeted with popups on their computers, claiming that the system had been compromised.  The FBI noted that the victims were directed to contact Microsoft or Apple, depending on the operating system on their machine, by calling a certain phone number that connected them with the perpetrators, who posed as tech support employees.

According to Alfred Chen, an assistant professor at UC Irvine's Donald Bren School of Information and Computer Sciences (ICS), the cyber-physical nature of Indoor Delivery Robot (IDR) systems can result in significant security and safety damages if they are attacked. Computer science Ph.D. student Fayzah Alshammari is researching IDR vulnerabilities to prevent such attacks. Chen says Fayzah's work aims to conduct the first security analysis of IDR systems in real-world commercial environments.

In a new phishing campaign, malicious actors store malware on public cloud services such as Amazon Web Services (AWS) and GitHub. Then they use email to launch an attack and gain control of newly infected systems. According to FortiGuard Labs, the phishing email tricks victims into running a malicious, high-severity Java downloader to spread a new VCURMS Remote Access Trojan (RAT) and a STRRAT RAT. This article continues to discuss findings regarding the phishing campaign involving the use of AWS and GitHub to launch RATs.

According to IRONSCALES and Osterman Research, 70 percent of organizations believe their current security stacks are effective against image-based and QR code phishing attacks. However, 76 percent were still compromised in the last 12 months. Organizations are aware of the growing threat posed by image-based and QR code phishing attacks, with 90 percent of respondents revealing that such attacks target their organizations. Despite this high level of awareness, 94 percent of these organizations have seen these new attacks evade their email security stack.

Researchers have discovered seven packages on the Python Package Index (PyPI) repository designed to steal BIP39 mnemonic phrases used to recover private keys of cryptocurrency wallets. ReversingLabs has codenamed the software supply chain attack campaign "BIPClip." The packages were downloaded 7,451 times before being removed from PyPI. BIPClip, aimed at developers on projects related to generating and securing cryptocurrency wallets, is said to have been in operation since at least December 4, 2022.

The ALPHV/BlackCat ransomware gang has committed a scam on its way out. BlackCat affiliates complained on dark web forums that they had successfully breached victims, but the ransomware gang had not paid their share, becoming unresponsive. This was quickly followed by the closure of affiliate accounts and a law enforcement seizure notice posted on its dark web site, which does not appear to be legitimate. The ransomware gang's unusual behavior is likely due to international law enforcement taking down its data leak site in December.