Virginia Tech National Security Institute faculty created "Cyber Snackz Adventures in Cybersecurity," an activity book that teaches elementary school students about Internet safety through engaging educational activities and coloring pages. According to Stephanie Travis, director of the Senior Military College Cyber Institute at the Virginia Tech National Security Institute, the book delves into protecting personal information online and not clicking on sketchy links in a way young children can understand.

According to Corvus Insurance, new ransomware gangs filled the void left by LockBit and ALPHV/BlackCat in the first quarter of 2024. The cyber insurance firm has published "Ransomware Groups Don't Die, They Multiply," which reveals that ransomware activity increased by 21 percent in the first quarter of 2024 compared to the same time in 2023. At 1,075, the number of recorded victims in the first quarter of 2024 is significantly higher than in the same period in 2023, at 699.

JFrog researchers found multiple campaigns planting millions of malicious "imageless" containers on Docker Hub over the past five years, highlighting how open source registries can enable supply chain attacks. More than four million Docker Hub repositories are imageless and contain only the repository documentation, according to JFrog security researcher Andrey Polkovnichenko. The documentation is unrelated to the container. Instead, it is a page that directs users to phishing or malware sites.

Tanto Security warns that three critical-severity vulnerabilities in the Judge0 open source service enable attackers to conduct sandbox escapes and take over the host machine. Judge0 is an online service for executing arbitrary code in a secure sandbox. This service facilitates the development of applications that require online code execution, such as programming, e-commerce, recruitment platforms, online code editors, and more.

According to the FCC, four of America’s largest mobile operators sold access to customer location data to third parties without gaining customer consent or putting adequate safeguards in place. The FCC is fining Sprint ($12m), T-Mobile ($80m), AT&T ($57m), and Verizon ($47m) close to $200m in total for breaking the law.

According to security researchers at Sophos, average ransom payments surged by 500% in the past year to reach $2m per payment. This compares to an average payment of $400,000 calculated by Sophos in its 2023 study, demonstrating that ransomware operators are seeking increasingly large payoffs from victims. The researchers noted that nearly two-thirds (63%) of ransom demands made in the past year were $1m or more, with 30% of demands demanding over $5m. This is despite a reduction in the rate of organizations being hit by ransomware in the past year, at 59%.

"Muddling Meerkat," a new cluster of activity, has been suspected of being linked to a Chinese state-sponsored threat actor's manipulation of the Domain Name System (DNS) to probe networks since October 2019, with a surge in activity observed in September 2023. The hackers behind this activity manipulate Mail Exchange (MX) records by injecting fake responses through China's Great Firewall (GFW).

Apple M-series chips, designed to perform more consistently and faster than Intel processors, have a vulnerability that can expose cryptographic keys, enabling a malicious actor to reveal encrypted data. "GoFetch," a critical side-channel security flaw, exploits a vulnerability in M-chips Data Memory-Dependent Prefetcher (DMP). By scanning the cache and prefetching information, DMP predicts which memory addresses the code will most likely access. This technology enhances computer speed and overall computing performance.

The US Department of Homeland Security (DHS), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), has published new safety and security guidelines that address cross-sector Artificial Intelligence (AI) risks to the safety and security of critical infrastructure in the US. The guidelines cover three broad categories of system-level risk: attacks using AI, attacks targeting AI systems, and failures in AI design and implementation.