In a new phishing campaign, HTML attachments abusing the Windows Search protocol are used to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that lets applications open Windows Explorer to perform searches with specific parameters. Most Windows searches will use the local device's index. However, Windows Search can be forced to query file shares on remote hosts and apply a custom title for the search window. Prof. Dr.

A new Protect AI report delves into a dozen critical vulnerabilities in open source Artificial Intelligence (AI) and Machine Learning (ML) tools discovered in recent months. The company warns of security defects reported as part of its AI bug bounty program, including critical issues that could lead to information disclosure, resource access, privilege escalation, and server takeover. The worst bug is an improper input validation in Intel Neural Compressor software that could enable remote attackers to escalate privileges.

A Federal Information Security Modernization Act (FISMA) report recently issued to Congress found that federal agencies saw a nearly 10 percent increase in cyberattacks in 2023, but they also improved their detection and categorization. According to the fiscal year 2023 readout from the Office of Management and Budget (OMB), which oversees the FISMA, federal agencies reported 32,211 cyber incidents to the US Cybersecurity and Infrastructure Security Agency (CISA), compared to 29,319 incidents in the prior year period.

Researchers warn of a cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. According to the cloud security company Wiz, the activity is an updated version of a financially motivated operation first reported by CrowdStrike in March 2023. The threat actor used anonymous access to an Internet-facing cluster to launch malicious container images hosted on Docker Hub. This article continues to discuss observations regarding the cryptojacking campaign targeting misconfigured Kubernetes clusters.

Panera Bread is starting to notify employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack.  The company and its franchises own 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, spread across 48 states in the U.S. and Ontario, Canada.  Panera said that the files breached contained names and Social Security numbers and noted that other information provided in connection with employment may have also been in the files involved.

Ascension has recently revealed that a ransomware gang gained access to its systems after an employee accidently downloaded a malicious file.  The incident, took place in May 2024 and forced the US private healthcare provider to divert ambulances and postpone patient appointments.  Additionally, the attack prevented access to electronic health records (EHR), and took down various systems used to book tests, procedures, and medications.  The company is still working to restore its systems.

Safety and location services company Life360 has recently announced that it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. Life360 provides real-time location tracking, crash detection, and emergency roadside assistance services to more than 66 million members worldwide. The company says that an attacker breached a Tile customer support platform and gained access to names, addresses, email addresses, phone numbers, and device identification numbers.

A new hybrid Machine Learning (ML) model exploitation technique called "Sleepy Pickle" has highlighted the Pickle format's security risks. According to Trail of Bits, the attack weaponizes the ubiquitous format used to package and distribute ML models in order to corrupt the model, thus threatening an organization's downstream customers. Security researcher Boyan Milanov emphasizes that Sleepy Pickle is a stealthy and novel attack on the ML model itself instead of the underlying system.

According to a new Trend Micro report, a backdoor in Executable and Linkable Format (ELF) files used by Chinese hackers has been incorrectly identified as a variant of existing malware for years. Trend Micro introduced "Noodle RAT," a Remote Access Trojan (RAT) used by Chinese-speaking groups involved in espionage or cybercrime. Noodle RAT, also known as "ANGRYREBEL" or "Nood RAT," has been active since at least 2018. This article continues findings regarding Noodle RAT.

Police in Kyiv have recently identified a 28-year-old man suspected of working with big-name Russian ransomware groups to make their malware undetectable.  According to the Ukranian Cyber Police, the Kharkiv native collaborated with Conti and LockBit to deliver cryptor technology designed to obfuscate ransomware payloads so they remained undetectable to anti-malware tools.  The technology was used at the end of 2021 to infect the computer networks of a Dutch multinational in the Netherlands and Belgium for the Conti ransomware-as-a-service group.