A ransomware gang, dubbed "Muliaka" by the Moscow-based cybersecurity company F.A.C.C.T., has been targeting Russian businesses with malware developed from the Conti hacking group's leaked source code. The gang, also known as Muddy Water in English, has left few traces of its attacks, but it has likely been active since at least December 2023. In a January incident, the group attacked an unnamed Russian company by encrypting its Windows systems and VMware ESXi virtual infrastructure.

A hacking forum leak recently has led Home Depot to confirm that its employee data was compromised via a third-party software vendor.  Home Depot did not identify the breached software-as-a-service (SaaS) vendor but noted that an error exposed the names, corporate IDs, and email addresses of a "small sample" of its employees.  According to researchers, this type of data could be used to fuel targeted phishing cyberattacks.

Many threat actors are using malware to scan software vulnerabilities that they can exploit in future cyberattacks. According to security researchers at Palo Alto Networks' Unit 42, there was a large number of malware-initiated scans among the scanning attacks they detected in 2023. Vulnerability scanning is a common reconnaissance step for malicious actors planning to launch cyberattacks. Similar to port scanning and Operating System (OS) fingerprinting, vulnerability scanning initiates network requests to exploit the target hosts' potential vulnerabilities.

A new Vietnam-connected cybercrime group called "CoralRaider" has targeted individuals and organizations in Asia, stealing social media account information and user data. CoralRaider, which first emerged in late 2023, mainly uses social engineering techniques and legitimate services to exfiltrate data. The group creates custom tools for loading malware onto victim systems. However, according to a new analysis by researchers with Cisco's Talos threat intelligence group, the group has made some mistakes, such as inadvertently infecting their own systems and exposing their activities.

Network attached storage (NAS) vendor D-Link has recently urged users of end-of-life (EOL) products to retire and replace them, after news emerged of mass exploitation of legacy kit via a newly discovered vulnerability.  A security researcher who calls himself "netsecfish" published details of the vulnerability, which affects various D-Link NAS devices, on March 26.

Bitdefender has discovered four vulnerabilities affecting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable unauthorized access and control over the impacted models. They allow authorization bypasses, privilege escalation, and command injection. Possible attacks are based on the ability to create arbitrary accounts on the device using a service that runs on ports 3000/3001.

"RUBYCARP," a threat group with suspected Romanian origins, has been observed operating a long-running botnet for cryptocurrency mining, Distributed Denial-of-Service (DDoS), and phishing attacks. According to Sysdig, the group has been active for at least ten years and uses the botnet for financial gain. Its main mode of operation is a botnet launched through various public exploits and brute-force attacks.

It has recently been revealed that one month after paying cybercriminals to prevent the public release of data stolen in a February 2024 ransomware attack, Change Healthcare is being extorted again by a different cybercrime group.  Change Healthcare, a subsidiary of health insurance and services company UnitedHealth Group processes billions of healthcare transactions each year, and the ransomware attack crippled the healthcare system throughout the US.

Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) recently started notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach.  The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals.  The company noted that both personal and Medicare information was compromised in the data breach.