The threat actor known as "TA558" has been using steganography as an obfuscation method in the delivery of a variety of malware, including Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, XWorm, and more. Positive Technologies reported that the group used steganography extensively, sending VBSs, PowerShell code, and RTF documents containing an embedded exploit, inside images and text files. The campaign has been dubbed "SteganoAmor" due to its use of steganography and choice of file names.

Fabian Baumer and Marcus Brinkmann from Ruhr University Bochum discovered a vulnerability in PuTTY 0.68 through 0.80 that enables attackers with access to 60 cryptographic signatures to recover the private key used to generate them. PuTTY is a popular open source terminal emulator, serial console, and network file transfer tool that supports SSH, Telnet, SCP, and SFTP. According to the researchers, the vulnerability stems from how PuTTY generates ECDSA nonces, which are temporary unique cryptographic numbers, for the NIST P-521 curve used for SSH authentication.

The "RansomHub" ransomware group is now publishing data allegedly stolen from the healthcare transaction processor Change Healthcare in February. The incident disrupted Change Healthcare's operations and caused healthcare system outages. It was launched by an affiliate of the Alphv/BlackCat Ransomware-as-a-Service (RaaS), known as "Notchy." In early March, BlackCat pulled an exit scam, and Notchy claimed they had not received their share of the $22 million ransom paid by Change Healthcare and were still in possession of 4TB of stolen company data.

According to security researchers at Pentera, a substantial 93% of enterprises admitting to a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss.  During the research, the researchers found that enterprises are allocating an average of $164,400, nearly 13% of their total IT security budgets to pentesting programs.  These initiatives serve multiple purposes, including validating the efficacy of security controls, gauging potential attack impact, and prioritizing security investments.

A new security flaw, dubbed "LeakyCLI" by the Orca Security team, impacts command-line tools used in cloud environments. The vulnerability exposes sensitive credentials in logs, posing a risk to organizations that use Amazon Web Services (AWS) and Google Cloud. The problem reflects a previously identified vulnerability in Azure Command-Line Interface (CLI), which Microsoft addressed in November 2023. Although Microsoft fixed it, AWS and Google Cloud CLIs are still vulnerable to the same flaw.

Recently, Shakeeb Ahmed, a former senior security engineer, was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges.  Ahmed, 34, of New York, New York, was arrested in July 2023, one year after the attacks occurred.  He pleaded guilty in December.  According to the Department of Justice (DoJ), in early July 2022, Ahmed defrauded a decentralized cryptocurrency exchange of roughly $9 million.

Researchers from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) successfully demonstrated three side-channel attacks on graphics cards via the WebGPU browser interface. According to the researchers, the attacks were fast enough to succeed during normal Internet surfing. Modern websites place ever-increasing demands on computing power. Therefore, web browsers have had access to the computing capacities of the Graphics Processing Unit (GPU) as well as the Central Processing Unit (CPU).

A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects that install multiple variants of infostealers on macOS and Windows devices. According to Recorded Future's Insikt Group, the campaign's ultimate goal appears to be to defraud victims and steal their cryptocurrency wallets. The campaign mimics legitimate projects by making little changes to project names and branding. Multiple fake social media accounts were even created to impersonate the projects.

Authorities in Australia and the US recently announced the arrest and indictment of two individuals for their roles in developing and selling the Hive remote access trojan (RAT).  Initially developed and distributed under the name of Firebird, the malware was marketed as a remote access tool that could stay hidden and steal sensitive information from the targeted systems.  The Australian man was charged with twelve counts of computer offenses and is scheduled to appear in court on May 7.