Claroty analyzed the Industrial Control System (ICS) malware "Fuxnet," used recently by Ukrainian hackers in an attack on a Russian underground infrastructure company. The hacker group known as "Blackjack," which is suspected to be affiliated with Ukraine's security services, claimed to have launched attacks on several critical Russian organizations. The hackers targeted Internet Service Providers (ISPs), utilities, data centers, and Russia's military, allegedly causing damage and stealing sensitive information.

Before Iran's missile attack against Israel, the pro-Iranian cyber gang "Handala" claimed to have breached radar systems and sent 500,000 text messages to Israeli citizens. Iran-backed cyberattacks have increased recently, with multiple hacker groups now turning their attention to Israeli targets. Hackers, who have previously targeted the Israeli government and private institutions, shared screenshots of an allegedly compromised RADA system. According to Israeli officials, the number of cyberattacks against the country has increased threefold in recent weeks.

Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls.  The "maximum severity" security flaw, CVE-2024-3400, affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect (gateway or portal) enabled.  The company noted that unauthenticated threat actors can exploit it remotely to gain root code execution via command injection in low-complexity attacks that don't require user interaction.

Juniper Networks recently published dozens of advisories detailing more than a hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products.  Three of the advisories are marked as "critical severity," and all address security defects in third-party software used in the affected products.  The first advisory resolves nine vulnerabilities in the open source data transfer tool cURL, including four critical severity issues.  Two of the critical bugs were disclosed in 2018 and two in 2023.

Global chipmaker giant Nexperia has recently revealed it suffered a cyberattack amid reports that ransomware hackers stole sensitive documents and intellectual property from the company.  The Chinese-owned firm, headquartered in the Netherlands, confirmed on April 12 that “an unauthorized third party” accessed certain IT servers in March 2024.  Nexperia said that it is currently working with external specialists to determine the nature and scope of the incident and has informed relevant authorities in the Netherlands, including law enforcement.

The first-ever "World Cybercrime Index" has been compiled by an international team of researchers after conducting three years of intensive research. It ranks the most significant sources of cybercrime at the national level in order to identify the most critical cybercrime hotspots around the world. Relatively few countries hold the greatest cybercriminal threat, according to the Index. Russia leads the list, followed by Ukraine, China, the US, Nigeria, and Romania. The study will allow the public and private sectors to concentrate their resources on key cybercrime hotspots.

Researchers at Checkmarx have observed threat actors manipulating GitHub search results in order to infect developers with persistent malware. As part of the campaign, attackers created malicious repositories using popular names and topics. They then boosted their search rankings using automated updates and fake stars. To avoid detection, the threat actors hid a malicious payload within Visual Studio project files. The payload results in the execution of malware similar to the "Keyzetsu clipper," which targets cryptocurrency wallets.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 24-02 in response to a recent campaign by the Russian state-sponsored cyber actor "Midnight Blizzard." The actor targeted Microsoft corporate email accounts, potentially accessing messages sent to Federal Civilian Executive Branch (FCEB) agencies.

The US Cybersecurity and Infrastructure Security Agency (CISA) warned Sisense customers about a password compromise and encouraged them to reset their passwords immediately. CISA advises Sisense customers to reset their credentials for the platform and passwords leading to any other sensitive data potentially accessed through Sisense services. The Software-as-a-Service (SaaS) platform uses Artificial Intelligence (AI)-driven analytics to provide insights to thousands of companies.

According to Metomic's "State of Data Security in Financial Services" report, many sensitive documents stored on platforms like Google Drive, Slack, and other collaborative work applications have been left unattended for months or years. This has resulted in data sprawl issues for businesses and significant data security risks for individuals and their employers. Eighty-six percent of the files had not been updated in 90 days, 70 percent in over a year, and 48 percent in over two years.