According to a recent memo from the Office of Science and Technology Policy (OSTP), certain covered institutions will be required to implement cybersecurity programs for Research and Development (R&D) security. These mandates will also apply to higher education institutions that support R&D. In addition to enhancing the overall security of the US, this action is a direct response to increasing threats presented by the People's Republic of China (PRC), according to Arati Prabhakar, Assistant to the President for Science and Technology and author of the memo.

Michigan Medicine, the academic medical center of the University of Michigan, recently started notifying roughly 57,000 individuals that their personal and health information might have been compromised in a data breach.  The incident resulted from threat actors gaining access to employee email accounts on May 23 and May 29.  The compromised accounts were disabled as soon as the data breach was discovered.

Google recently announced the release of Chrome 127 to the stable channel with patches for 24 vulnerabilities, including 16 reported by external researchers.  Memory safety bugs were the predominant types of security defects addressed in the popular browser, accounting for half of the externally reported issues, including four high-severity ones.

"FLUXROOT," a Latin America (LATAM)-based financially motivated actor, has used Google Cloud serverless projects to conduct credential phishing, bringing further attention to the abuse of cloud computing. In another attack on Brazilian users, an adversary named "PINEAPPLE" has used Google's cloud infrastructure to spread "Astaroth" stealer malware, also known as "Guildma." This article continues to discuss the abuse of Google Cloud by FLUXROOT and PINEAPPLE hacker groups.

ESET researchers have found a sophisticated Chinese browser injector. This signed ad-injecting driver comes from a "mysterious" Chinese company. According to ESET, "HotPage" comes self-contained in an executable file, which installs its main driver and injects libraries into Chromium-based browsers. It poses as a security product capable of blocking ads but actually introduces new ads. In addition, the malware replaces the content of the current page, redirects the user, and more. This article continues to discuss findings regarding the ad-injecting malware.

CrowdStrike warns of a fake recovery manual that installs a new information-stealing malware called "Daolpu." Threat actors have been taking advantage of the chaos surrounding the buggy CrowdStrike Falcon update that caused global Information Technology (IT) outages. A new campaign involves phishing emails appearing to carry instructions for using a new recovery tool that fixes Windows devices affected by the recent CrowdStrike Falcon crashes. This article continues to discuss findings regarding the fake CrowdStrike recovery manual that installs Daolpu.

Karel Dhondt and Victor Le Pochat, researchers at KU Leuven, found that many dating apps may leak users' sensitive data and exact locations. They analyzed 15 location-based dating apps to determine what user data a malicious actor could steal. All 15 apps leaked sensitive user data that attackers could abuse. This article continues to discuss findings regarding the privacy and security of the analyzed dating apps.

Trend Micro reports that the "Play" ransomware group now has a Linux variant targeting VMWare ESXi environments. The Play ransomware, discovered in June 2022, is known for its sophisticated double-extortion tactics, custom tools, and significant impact on organizations, especially in Latin America. As Trend Micro reported last week, this is the first instance of Play ransomware targeting ESXi environments. This article continues to discuss the expansion of the Play ransomware to ESXi environments.

Symantec found that the Chinese espionage group "Daggerfly," also known as "Evasive Panda" and "Bronze Highland," has updated its malware toolkit to target most major operating systems. Recent developments show that the group is using a shared framework to target Windows, Linux, macOS, and Android OS. Researchers saw the group using new malware in recent attacks on organizations in Taiwan and a US NGO based in China. This article continues to discuss findings regarding the Daggerfly group.

ESET warns that Telegram for Android was exploited to distribute malware disguised as videos. The cybersecurity company identified the vulnerability after finding an advertisement for a zero-day exploit targeting Telegram for Android on a cybercrime forum. The exploit is believed to have been developed using the Telegram Application Programming Interface (API), enabling developers to upload crafted multimedia files to Telegram chats or channels programmatically.