A Chrome 124 update released by Google recently patches a zero-day vulnerability that has an exploit that exists in the wild. The zero-day is tracked as CVE-2024-4671, and it has been described by Google as a high-severity use-after-free bug in the Visuals component. Google did not mention any information on the attacks exploiting the vulnerability. Chrome 124.0.6367.201/.202 for Mac and Windows and Chrome 124.0.6367.201 for Linux contain the patch for CVE-2024-4671. According to Google, this is the second Chrome vulnerability of 2024 that has been exploited in malicious attacks.

Ascension, a non-profit that runs one of the largest healthcare systems in the United States, is trying to contain a significant cyberattack currently causing disruption and “downtime procedures” at hospitals nationwide. The St Louis healthcare giant said computer systems affected include electronic health records, the MyChart patient communication portal, certain phone systems, and systems used for ordering tests, procedures, and medications. The company discovered the hack on May 8th.

Two US healthcare providers have recently announced serious cybersecurity incidents in which patient information was accessed. DocGo provides mobile medical services and transportation in 26 states and the UK. The firm revealed that it recently identified unauthorized activity on its network.

Law enforcement agencies from Austria, Cyprus, and Czechia have recently collaborated to dismantle an online cryptocurrency scam, resulting in the arrest of six Austrians allegedly behind the scheme. The investigation, supported by Europol and Eurojust, targeted the orchestrators of a cryptocurrency launched in December 2017. Europol noted that following six house searches, authorities seized over €500,000 in cryptocurrencies and €250,000 in fiat currency and froze numerous bank accounts. Additionally, two cars and a luxury property valued at €1.4m were confiscated.

University System of Georgia (USG) is starting to notify 800,000 individuals that their personal and financial information was compromised in the May 2023 MOVEit hack. The data breach occurred after the Russia-linked Cl0p ransomware group exploited a vulnerability in Progress Software's MOVEit Transfer managed file transfer (MFT) software and stole data from organizations using it. USG used MOVEit to "transfer and store sensitive data" and is the latest education entity to disclose the attack's impact.

Philadelphia-based real estate company Brandywine Realty Trust recently fell victim to a ransomware attack that disrupted some of its business applications. In a filing with the US Securities and Exchange Commission (SEC) on Monday, the real estate investment trust revealed that the incident occurred on May 1 and involved unauthorized access to portions of its IT environment.

It has recently been revealed that sensitive personal and financial information belonging to UK military personnel has been compromised in a significant state-sponsored data breach. The defense secretary, Grant Schapps, is expected to make a statement in the House of Commons detailing exactly what happened. According to reports, on the morning of May 7 the hackers successfully targeted a third-party payroll provider, with mainly names and bank details exposed.

A Russian national has recently pleaded guilty to his role in a major money laundering conspiracy tied to the infamous BTC-e cryptocurrency exchange. According to the Department of Justice (DoJ), Alexander Vinnik, 44, was one of the operators of the exchange from its launch in 2011 to when law enforcers shut it down in 2017. The DoJ noted that during that time, it processed over $9bn-worth of transactions and served over one million users worldwide, many of whom were cybercriminals looking to clean the proceeds of their illegal activity.