The OpenJS Foundation has thwarted a "credible takeover attempt" similar to the one that resulted in a backdoor being put in the open source XZ Utils package by someone called "Jia Tan." The malicious maintainer achieved that position through a successful long-term social engineering campaign. Lasse Collin, the project's author and primary maintainer, was convinced to share the duty of keeping the project running smoothly.

The threat actor known as "TA558" has been using steganography as an obfuscation method in the delivery of a variety of malware, including Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, XWorm, and more. Positive Technologies reported that the group used steganography extensively, sending VBSs, PowerShell code, and RTF documents containing an embedded exploit, inside images and text files. The campaign has been dubbed "SteganoAmor" due to its use of steganography and choice of file names.

Fabian Baumer and Marcus Brinkmann from Ruhr University Bochum discovered a vulnerability in PuTTY 0.68 through 0.80 that enables attackers with access to 60 cryptographic signatures to recover the private key used to generate them. PuTTY is a popular open source terminal emulator, serial console, and network file transfer tool that supports SSH, Telnet, SCP, and SFTP. According to the researchers, the vulnerability stems from how PuTTY generates ECDSA nonces, which are temporary unique cryptographic numbers, for the NIST P-521 curve used for SSH authentication.

The "RansomHub" ransomware group is now publishing data allegedly stolen from the healthcare transaction processor Change Healthcare in February. The incident disrupted Change Healthcare's operations and caused healthcare system outages. It was launched by an affiliate of the Alphv/BlackCat Ransomware-as-a-Service (RaaS), known as "Notchy." In early March, BlackCat pulled an exit scam, and Notchy claimed they had not received their share of the $22 million ransom paid by Change Healthcare and were still in possession of 4TB of stolen company data.

According to security researchers at Pentera, a substantial 93% of enterprises admitting to a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss.  During the research, the researchers found that enterprises are allocating an average of $164,400, nearly 13% of their total IT security budgets to pentesting programs.  These initiatives serve multiple purposes, including validating the efficacy of security controls, gauging potential attack impact, and prioritizing security investments.

A new security flaw, dubbed "LeakyCLI" by the Orca Security team, impacts command-line tools used in cloud environments. The vulnerability exposes sensitive credentials in logs, posing a risk to organizations that use Amazon Web Services (AWS) and Google Cloud. The problem reflects a previously identified vulnerability in Azure Command-Line Interface (CLI), which Microsoft addressed in November 2023. Although Microsoft fixed it, AWS and Google Cloud CLIs are still vulnerable to the same flaw.