A new Python Package Index (PyPI) package mimicked the popular 'requests' library to target macOS devices with the Sliver C2 adversary framework. The campaign discovered by Phylum uses steganography in a PNG image file for covert installation of the Sliver payload. The malicious PyPI package has been removed, but its discovery shows Sliver's growing use of remote access to corporate networks.

Recorded Future has highlighted a cyber campaign carried out by Russian-speaking actors involving the exploitation of GitHub and FileZilla to deploy multiple malware variants. The adaptive tactics and advanced capabilities used make tracking and defending against this threat difficult. The threat actor, who is most likely based in the Commonwealth of Independent States (CIS), targeted various Operating Systems (OS) and computer architectures in the credential harvesting campaign, demonstrating their ability to adapt.

According to New Jersey's Cybersecurity and Communications Integration Cell (NJCCIC), millions of phishing emails have been sent through the Phorpiex botnet since April to conduct a large-scale LockBit Black ransomware campaign. The attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The NJCCIC noted that the LockBit Black encryptor deployed in these attacks is likely built using the LockBit 3.0 builder leaked by a disgruntled developer on Twitter in September 2022.

According to a Cato Networks survey, organizations still run insecure protocols across their Wide Access Network (WAN), making cybercriminals' movement easier. The Cato CTRL SASE Threat Report Q1 2024 examines security threats and their network characteristics for all aggregate traffic and all endpoints across sites, remote users, and cloud resources. Threat actors have less trouble snooping critical data in transit once they penetrate a network.

The City of Helsinki, located in Finland, is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. Though information about the attack was circulated on May 2, 2024, the city's authorities shared more details in a press conference recently. According to the authorities, an unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server.

Years have passed since the identification of "Heartbleed," a critical OpenSSL vulnerability, but questions remain regarding branded vulnerabilities and the appropriate naming of vulnerabilities. Branding the serious OpenSSL vulnerability with a name and logo garnered media attention and raised awareness.

CISPA-Faculty Professor Dr. Cas Cremers, his postdoc Mang Zhao, and Dr. Eyal Ronen have developed a new security method for Zoom, one of the most popular software products for video conferencing. In their paper titled "Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements," they present a modified key exchange protocol. It is only performed between Zoom users and does not involve Zoom's servers. The process happens inside the software without user intervention.

The MITRE Corporation has made "EMB3D," a threat-modeling framework for vendors of embedded devices used in critical infrastructure environments, officially available. According to the non-profit corporation, the model aims to create a shared understanding of embedded device cyber threats and the security measures needed to mitigate them. The model's draft, developed in collaboration with Niyo 'Little Thunder' Pearson, Red Balloon Security, and Narf Industries, was released on December 13, 2023.

Firstmac Limited just started warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services. The company is headquartered in Brisbane, Queensland, and employs 460 people. The firm has issued 100,000 home loans and currently manages $15 billion in mortgages.

Threat actors have been conducting Domain Name System (DNS) tunneling to track when targets open phishing emails and click on malicious links. They are also applying the method to scan networks for vulnerabilities.