The North Korea-linked "DEV#POPPER" malware campaign targeting software developers has expanded its focus on Windows, Linux, and macOS systems with new malware and tactics. The campaign targeted victims in South Korea, North America, Europe, and the Middle East. Securonix researchers called this attack an advanced form of social engineering that manipulates people into disclosing confidential information or performing actions they would not usually take. This article continues to discuss findings regarding the ongoing DEV#POPPER malware campaign.

"SMS Stealer" is a novel malware with more than 107,000 samples that has been targeting Android devices for over two years. It steals SMS messages to obtain One-Time Passwords (OTPs) and other sensitive user data. According to researchers at Zimperium zLabs, SMS Stealer spreads through dynamically changing mobile apps distributed via Telegram messages or ads for legitimate apps. This article continues to discuss findings regarding the SMS Stealer malware.  

Metomic reports that healthcare organizations continue to expose their most sensitive data, putting their business and patients at risk. Twenty-five percent of healthcare organizations' publicly shared files contain Personally Identifiable Information (PII). PII was found in 68 percent of externally shared private files and 77 percent of private files shared internally. Publicly shared files with sensitive data pose the biggest risk for healthcare organizations and highlight the need for data security.

According to researchers at the University of the Republic of Uruguay, hackers can apply Artificial Intelligence (AI) to spy on a user's display by capturing leaked electromagnetic radiation from a PC's HDMI cable. Hackers can carry out the attacks using various methods, such as placing an antenna outside a building to intercept signals from the HDMI cable. Once they have successfully intercepted the data, hackers can take additional steps to gain access to users' sensitive data.

The nation-state threat actor "SideWinder" is behind a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. According to the BlackBerry Research and Intelligence Team, the spear-phishing campaign has targeted Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and more. SideWinder, also known as "APT-C-17," "Baby Elephant," "Hardcore Nationalist," "Rattlesnake," and "Razor Tiger," is believed to be linked to India. This article continues to discuss findings regarding the SideWinder spear-phishing campaign.

The new red team post-exploitation framework "Specula," released by the cybersecurity company TrustedSec, uses Microsoft Outlook as a Command-and-Control (C2) beacon for Remote Code Execution (RCE). The C2 framework creates a custom Outlook Home Page using WebView by exploiting an Outlook security feature bypass vulnerability patched in October 2017. This article continues to discuss the new Specula tool.

According to Microsoft's threat intelligence team, ransomware groups are exploiting a critical vulnerability in ESXi hypervisors to gain full administrative access on domain-joined systems less than a week after VMware shipped patches for the flaw. Multiple ransomware groups have exploited the vulnerability, tracked as CVE-2024-37085 with a CVSS severity score of 6.8, to deploy data-extortion malware on enterprise networks. This article continues to discuss the exploitation of a recently patched VMware ESXi flaw by ransomware groups.

IBM released its annual "Cost of a Data Breach Report," which revealed that the global average cost of a data breach hit $4.88 million in 2024, as breaches become more disruptive and place additional demands on cyber teams. Breach costs increased 10 percent over the previous year, the largest annual increase since the pandemic, with 70 percent of breached organizations reporting significant or very significant disruption. This article continues to discuss key findings from IBM's report regarding data breach costs.

Cybercriminals are selling stolen Generative Artificial Intelligence (GenAI) platform account credentials on underground markets. According to eSentire's Threat Response Unit (TRU), about 400 GenAI account credentials are sold on dark web platforms, including GPT, Quillbot, Notion, HuggingFace and Replit credentials. These credentials often come from corporate users' computers infected with infostealer malware. This article continues to discuss cybercriminals capitalizing on the growing use of GenAI platforms by selling stolen account credentials on underground markets.

In a massive scam campaign dubbed "EchoSpoofing" by Guardio Labs, an unknown threat actor has sent millions of messages spoofing Best Buy, IBM, Nike, Walt Disney, and other popular companies by exploiting an email routing misconfiguration in email security vendor Proofpoint's defenses. According to Guardio Labs researcher Nati Tal, the emails were echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, dodging security protections. This article continues to discuss findings regarding the EchoSpoofing campaign.