A threat actor has been using a cluster of domains posing as legitimate IP scanner software sites to distribute malware through a Windows backdoor dubbed "MadMxShell." According to Zscaler ThreatLabz, the threat actor registered multiple look-alike domains using a typosquatting technique. Then they used Google Ads to push the fraudulent domains to the top of search engine results for specific search keywords, luring potential victims to these IP scanner websites.

An exploit of Palo Alto Networks' Extended Detection and Response (XDR) software could have enabled attackers to manipulate it as a malicious multitool. Shmuel Cohen, a security researcher at SafeBreach, explained how he reverse-engineered and cracked the company's Cortex product. He used it to deploy a reverse shell and ransomware.

The Akira ransomware gang has targeted over 250 organizations in the last year and continues to affect various businesses and critical infrastructure entities in North America, Europe, and Australia, according to recent warnings from the Federal Bureau of Investigation (FBI) and European law enforcement.

Telecommunications giant Frontier Communications recently informed the Securities and Exchange Commission (SEC) that certain systems were shut down following a cyberattack. The incident was identified on April 14, when a third party “gained unauthorized access to portions of its information technology environment.” According to Frontier, the attack was likely the work of a cybercrime group that gained access to various types of data, including personally identifiable information. The company has notified proper authorities, and an investigation into the incident is still ongoing.

Security researchers at CyberSN warn that the overall number of cybersecurity job postings in the US decreased by 22% from 2022 to 2023. The researchers said this decline is alarming and could impact national security, as some of these roles are essential for maintaining organizational and national cyber defenses. The most significant decline is in research roles, which saw a general 69% drop year-on-year between 2022 and 2023. According to the researchers this suggests a move away from proactive threat analysis and mitigation.

CyLab Security and Privacy Institute researchers will present ten papers and participate in one special interest group at the ACM Conference on Human Factors in Computing Systems (CHI 2024). One of the papers is titled "Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical Infrastructure." The researchers interviewed 18 experts in the field of energy critical infrastructure to compare what information they believe is necessary to assess the impact of computer vulnerabilities contained by energy operational technology.

Sophos X-Ops has found 19 "cheap, independently produced, and crudely constructed" junk gun ransomware variants on the dark web. These junk gun variants aim to disrupt the affiliate-based Ransomware-as-a-Service (RaaS) model that has dominated the ransomware market. Instead of selling or buying ransomware to or as an affiliate, attackers develop and sell simple variants for a one-time fee. Other threat actors can use such variants to attack small and medium-sized businesses (SMBs) as well as individuals.