HP Wolf Security has found fake malware designed to lure would-be cybercriminals into compromising their own devices. The cybersecurity company came across the operation during a routine examination of the web's dark corners for its third quarter report. It exposed the attackers who were hosting fake Remote Access Trojans (RATs) on GitHub in an attempt to trick inexperienced cybercriminals into infecting their own computers.

An Iranian nation-state threat actor, tracked as Scarred Manticore, primarily targets government, military, and telecommunications sectors in Saudi Arabia, the United Arab Emirates, Jordan, Kuwait, Oman, Iraq, and Israel. According to researchers at Check Point, one of the companies investigating the group's ongoing espionage campaign, Scarred Manticore has conducted secret operations in Middle Eastern countries over the past few years, infiltrating telecommunications and government entities to systematically exfiltrate data from their systems.

The threat group KillNet is selling a new Distributed Denial-of-Service (DDoS) tool that could encourage more cybercriminals to conduct DDoS attacks. The launch of the new tool, which can be rented for a day, a week, or a month, coincides with a 65 percent increase in HTTP DDoS attacks in the three months ending in September. SOCRadar analysts observed KillNet advertising its new "DDoS-for-hire" service on Telegram.

F5 has issued a warning to BIG-IP administrators about "skilled" hackers compromising devices by exploiting two recently disclosed vulnerabilities to hide their access and stealthily execute code. F5 BIG-IP is a suite of products and services that offer load balancing, security, and performance management for networked applications. Large companies and government organizations have widely adopted the platform, which makes any product vulnerability a significant concern. This article continues to discuss the F5 BIG-IP flaws being exploited by hackers in stealthy attacks.

State-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been targeting blockchain engineers of an unnamed cryptocurrency exchange platform through Discord with macOS malware named KANDYKORN. According to Elastic Security Labs, the activity dating back to April 2023 overlaps with Lazarus Group, based on an analysis of the network infrastructure and techniques used. Researchers reported that the threat actors used a Python application to lure blockchain engineers in order to gain initial access to the environment.

Attackers are using new wiper malware called BiBi-Linux in attacks against Israeli companies to destroy their data. During a forensics investigation of a breach at an Israeli company, the Security Joes Incident Response team discovered the malware. According to Security Joes researchers, the malware is an x64 ELF executable without obfuscation or protection measures. It enables attackers to specify target folders and, if executed with root permissions, could destroy an entire operating system.

A link-shortening service provides cyberattackers and scammers with .us top-level domains, making their phishing campaigns slightly less detectable. Infoblox researchers have dubbed the threat actor responsible for the operation "Prolific Puma." Prolific Puma has generated as many as 75,000 unique domain names in the past 18 months, evading regulations to provide criminals with .us URLs.

Researchers at the Massachusetts Institute of Technology (MIT) have developed a search engine called SecureLoop, capable of efficiently identifying optimal designs for deep neural network accelerators that preserve data security while improving performance. As computationally intensive Machine Learning (ML) applications, such as chatbots that perform real-time language translation, rise, device manufacturers often incorporate specialized hardware components to quickly move and process the enormous amounts of data demanded by these systems.

According to a new study from Aalto University, online games' privacy policies and practices have dark design patterns that may be deceptive, misleading, or coercive to users. The gaming industry is worth about $193 billion, with around three billion gaming enthusiasts worldwide. Although online gaming can improve well-being and facilitate social relationships, privacy and awareness problems have the potential to offset these benefits and cause actual harm to gamers.

A world-first illustrated children's book aimed at teaching children ages 4 to 7 about cybersecurity and how to protect their information online was released at Abertay cyberQuarter by Education Scotland in collaboration with the Scottish Government. The book titled "The Bongles and The Crafty Crows" guides young children on creating passwords and passcodes using three random words, enabling them to explore, play, and communicate using digital technologies while making their online information more secure.