Code hosting platform GitHub has recently released patches for a critical severity vulnerability in the GitHub Enterprise Server that could lead to unauthorized access to affected instances.  The vulnerability is tracked as CVE-2024-9487 (CVSS score of 9.5), and was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.

Automattic recently announced patches for 101 versions of the popular WordPress security plugin Jetpack to resolve a critical severity vulnerability introduced in 2016.  The bug, which was discovered internally and does not have a CVE identifier yet, was introduced in Jetpack version 3.9.9 and affects all subsequent releases.  The company noted that during an internal security audit, they found a vulnerability with the Contact Form feature in Jetpack ever since version 3.9.9, released in 2016.

Splunk recently announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.  Splunk noted that the most severe of the flaws is CVE-2024-45733 (CVSS score of 8.8), an insecure session storage configuration issue that could allow a user without "admin" or "power" Splunk roles to execute code remotely.  According to Splunk, only instances running on Windows machines are affected by this vulnerability.  Instances that do not run Splunk Web are not impacted either.

According to a new study by Sophos, a shortage of cybersecurity expertise and capacity in global SMBs is fueling talent burnout and creating new opportunities for threat actors.

Between June 2023 and April 2024, security researchers at Zscaler discovered over 200 malicious apps on Google Play, which is nominally a safer platform for Android downloads than third-party app stores.  These apps collectively garnered more than eight million installs.  The researchers noted that Joker was the most prolific malware, accounting for nearly two-fifths (38%) of malicious apps identified by Zscaler. Joker enables Wireless Application Protocol (WAP) fraud, by covertly subscribing victims to premium-rate services without their consent.

Researchers at Checkmarx have discovered that threat actors could abuse entry points across PyPI, npm, Ruby Gems, and other programming ecosystems to stage software supply chain attacks. The researchers warned that attackers could use these entry points to execute malicious code when specific commands are run, putting the open source landscape at significant risk. Entry point attacks enable threat actors to sneakily and persistently compromise systems without triggering traditional security defenses.

Researchers at the Georgia Institute of Technology (Georgia Tech) have developed a new tool named "Detector of Victim-specific Accessibility" (DVa) to check for malware on Android phones. DVa runs on the cloud, checking the phone for malware, then producing a report for the user that outlines which apps are malware and how to remove them. Smartphones are accessible to people with disabilities because of the implementation of screen readers, voice-to-text, and other features. However, these features also make phones more hackable.

Juniper Networks has recently released patches for dozens of vulnerabilities in its Junos OS and Junos OS Evolved network operating systems, including multiple flaws in several third-party software components. Fixes were announced for around a dozen high-severity security defects impacting components such as the packet forwarding engine (PFE), routing protocol daemon (RPD), routing engine (RE), kernel, and HTTP daemon.

Gryphon Healthcare and Tri-City Medical Center recently disclosed separate data breaches in which the personal information of more than 500,000 individuals was stolen.

OpenAI disrupted over 20 malicious cyber operations involving ChatGPT, its Artificial Intelligence (AI)-driven chatbot. Threat actors have used ChatGPT to develop malware, evade detection, and more. OpenAI's report is the first to officially confirm that generative mainstream AI tools are being used for offensive cyber operations. In April, Proofpoint reported that "TA547," also known as "Scully Spider," launched an AI-written PowerShell loader for the "Rhadamanthys" infostealer.