A researcher named Bartek Nowotarski has disclosed a new Denial-of-Service (DoS) attack method called "HTTP/2 Continuation Flood," which could pose a more serious threat than Rapid Reset, the vulnerability exploited in 2023 to launch the largest Distributed DoS (DDoS) attacks ever. The CERT Coordination Center (CERT/CC) at Carnegie Mellon University (CMU) helped coordinate disclosure with impacted companies and open source projects. HTTP/2 Continuation Flood is a class of vulnerabilities impacting many HTTP/2 protocol implementations.

Google is testing a new Chrome feature called Device Bound Session Credentials (DBSC) to help protect users from session cookie theft by malware. The prototype, which is currently being tested against some Google Account users running Chrome Beta, is planned to become an open web standard, according to the company's Chromium team. By binding authentication sessions to the device, DBSC will disrupt the cookie theft industry, as exfiltrating these cookies will no longer be valuable.

Attackers are using Google Ads to spread information-stealing malware, launching an ad-tracking feature to lure corporate users with fake ads for collaborative groupware such as Slack and Notion. AhnLab Security Intelligence Center (ASEC) researchers found a malicious campaign involving a statistical feature that embeds URLs for delivering malware, including the Rhadamanthys stealer. The feature allows advertisers to insert external analytic website addresses into ads in order to collect and use access-related data from their visitors.

The Heartbleed bug turned ten years old on April 1. In March 2014, Google and Codenomicon discovered the Heartbleed bug in OpenSSL, and it was reported on April 1, 2014. The issue was a small error in the OpenSSL implementation of the TLS/DTLS protocols in versions 1.0.1 to 1.0.1f, but the impact was significant. It enabled the theft of X.509 certificate secret keys, usernames and passwords, communications, and documents by remote attackers. According to Netcraft figures from April 2014, two-thirds of the Internet used servers that applied OpenSSL, and exploitation was undetectable.

Fawn Ngo, an associate professor at the University of South Florida College of Behavioral and Community Sciences, explored the connections among demographic characteristics, cyber hygiene practices, and cyber victimization using a sample of Limited English Proficiency (LEP) Internet users.

Researchers have discovered a misconfiguration in popular enterprise cloud-based email spam filtering services. The study shows that organizations are far more vulnerable to email-based cyber threats than they realize. In a paper titled "Unfiltered: Measuring Cloud-based Email Filtering Bypasses," the authoring academic research team found that services from vendors such as Proofpoint, Barracuda, Mimecast, and others could be evaded in at least 80 percent of the major domains examined.

Information stealers, including "Atomic Stealer," are being delivered to Apple macOS users through malicious ads and fake websites. According to Jamf Threat Labs, the infostealer attacks targeting macOS users involve different methods to compromise victims' Macs, but they all aim to steal sensitive data. One of the attacks targets users searching for Arc Browser on search engines such as Google, serving fake ads that direct them to lookalike websites distributing the malware. The malicious website cannot be accessed directly because it generates an error.

UK police recently arrested hundreds of suspects and seized $15m as part of an ongoing crackdown on rampant fraud in the country.  Now in its third iteration, Operation Henhouse was coordinated again by the National Economic Crime Centre and City of London Police.  According to the National Crime Agency (NCA), activity in February and March led to 438 arrests, 211 voluntary interviews, £13.9m seized in cash and assets, and account freezing orders of £5.1m.

Security researchers have discovered a new version of the Android "Vultur" banking Trojan with more advanced remote control capabilities and a better evasion mechanism. ThreatFabric researchers first documented the malware in March 2021, and by late 2022, they had observed it being distributed via dropper apps on Google Play. At the end of 2023, the mobile security platform Zimperium listed Vultur as one of the year's top ten most active banking Trojans, with nine of its variants targeting 122 banking apps across 15 countries.

WatchGuard reports that evasive, basic, and encrypted malware increased in the fourth quarter of 2023, contributing to a boost in total malware. The average number of malware detections increased by 80 percent, meaning a significant volume of malware threats arrived at the network perimeter. The Americas and Asia-Pacific experienced the greatest growth in malware instances. About 55 percent of malware traveled via encrypted connections, representing a 7 percent increase from the third quarter.