​The Department of Justice (DoJ) recently charged two suspects for allegedly leading a crime ring that laundered at least $73 million from cryptocurrency investment scams, also known as "pig butchering." In pig butchering scams, criminals approach targets using various messaging apps, dating platforms, or social media platforms to build trust and introduce them to investment schemes that help them drain the victims' cryptocurrency wallets.

Microsoft Threat Intelligence noted that "Storm-1811," a financially motivated threat actor tracked since mid-April, has been following the same playbook as the recent Black Basta ransomware vishing campaign. The threat group's social engineering campaign tries to trick victims into allowing them to use Windows Quick Assist to access their machines remotely.

Cyble Research and Intelligence Labs (CRIL) discovered a new Android banking Trojan dubbed "Antidot." According to researchers, the malware is sophisticated as it includes overlay attacks, keylogging, and obfuscation capabilities. Antidot presents itself as a Google Play update application. The fake update page displayed upon installation is in various languages, including German, French, Spanish, English, and more, suggesting that the malware targets Android users in different regions.

A critical vulnerability in a Python package used by Artificial Intelligence (AI) application developers enables arbitrary code execution. The flaw, dubbed "Llama Drama," was discovered by researcher Patrick Peng. It relates to the Jinja2 template rendering Python tool, which generates HTML, and the llama_cpp_python package that integrates AI models with Python. This article continues to discuss the potential exploitation and impact of the Llama Drama vulnerability. 

The U.S. Department of Health and Human Services recently announced that the WebTPA Employer Services (WebTPA) data breach disclosed earlier this month impacts nearly 2.5 million individuals. Some of the impacted people are customers at large insurance companies. WebTPA is a GuideWell Mutual Holding Corporation subsidiary and a third-party administrator (TPA) that provides customized administrative services to health plans and insurance companies. WebTPA said the threat actor had access to personal data for five days between April 18 and April 23, 2023.

Australian healthcare company MediSecure has recently suffered a “large scale” ransomware attack, putting individuals’ personal and health information at risk. The electronic prescriptions provider confirmed the incident in a statement on May 16, which it admitted has impacted the personal and health information of individuals. The company did not give any information about the nature of the information that has been potentially accessed. Medisecure’s website and phone lines are also out of operation currently.

A malicious campaign has used a legitimate GitHub profile to spread information-stealing malware. Russian-speaking threat actors have impersonated 1Password, Bartender 5, and other legitimate applications to distribute Atomic macOS Stealer (AMOS), Vidar, Lumma, and Octo malware. The malware operations shared Command-and-Control (C2) infrastructure, suggesting the use of a centralized setup in cross-platform attacks to increase efficiency.

According to researchers at Belgium's KU Leuven, attackers can exploit a fundamental design flaw in the IEEE 802.11 Wi-Fi standard to trick victims into connecting to a less secure wireless network. The Virtual Private Network (VPN) review site Top10VPN, which worked with one of the KU Leuven researchers to release details about the flaw, warns that such attacks increase the risk of traffic interception and manipulation. The flaw impacts Wi-Fi clients across all Operating Systems (OS).

Researchers have found almost a dozen security flaws that affect the GE HealthCare Vivid Ultrasound product family. The exploitation of these vulnerabilities could allow malicious actors to tamper with patient data and install ransomware. From implanting ransomware on the ultrasound machine to accessing and manipulating patient data on vulnerable devices, the Operational Technology (OT) security vendor Nozomi Networks said these flaws have many effects.

Google recently announced the release of Chrome 125 to the stable channel with patches for nine vulnerabilities, including four reported by external researchers. The most critical bug is CVE-2024-4947, a high-severity type confusion flaw in the V8 JavaScript engine that has already been exploited. Google noted that successfully exploiting the vulnerability could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.