Information stealers, including "Atomic Stealer," are being delivered to Apple macOS users through malicious ads and fake websites. According to Jamf Threat Labs, the infostealer attacks targeting macOS users involve different methods to compromise victims' Macs, but they all aim to steal sensitive data. One of the attacks targets users searching for Arc Browser on search engines such as Google, serving fake ads that direct them to lookalike websites distributing the malware. The malicious website cannot be accessed directly because it generates an error.

UK police recently arrested hundreds of suspects and seized $15m as part of an ongoing crackdown on rampant fraud in the country.  Now in its third iteration, Operation Henhouse was coordinated again by the National Economic Crime Centre and City of London Police.  According to the National Crime Agency (NCA), activity in February and March led to 438 arrests, 211 voluntary interviews, £13.9m seized in cash and assets, and account freezing orders of £5.1m.

Security researchers have discovered a new version of the Android "Vultur" banking Trojan with more advanced remote control capabilities and a better evasion mechanism. ThreatFabric researchers first documented the malware in March 2021, and by late 2022, they had observed it being distributed via dropper apps on Google Play. At the end of 2023, the mobile security platform Zimperium listed Vultur as one of the year's top ten most active banking Trojans, with nine of its variants targeting 122 banking apps across 15 countries.

WatchGuard reports that evasive, basic, and encrypted malware increased in the fourth quarter of 2023, contributing to a boost in total malware. The average number of malware detections increased by 80 percent, meaning a significant volume of malware threats arrived at the network perimeter. The Americas and Asia-Pacific experienced the greatest growth in malware instances. About 55 percent of malware traveled via encrypted connections, representing a 7 percent increase from the third quarter.

Have I Been Pwned (HIBP) recently announced that data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems.  PandaBuy allows international users to purchase products from various e-commerce platforms in China, including Tmall, Taobao, and JD.com.

A supply chain attack involving backdoored versions of the XZ Utils data compression library has impacted major Linux distributions. According to Andres Freund, a Microsoft software engineer who discovered the backdoor, the malicious code was introduced in the tarball download package for XZ Utils version 5.6.0, which was released in February 2024. Version 5.6.1 was released shortly after, with updated malicious code that included more obfuscation and fixes for errors that occurred in some configurations.

Kevin Fu, a Northeastern University professor of electrical and computer engineering and White House cybersecurity adviser, emphasized that the cyberattack on Change Healthcare should be a wake-up call for the healthcare industry to focus on securing its infrastructure. Although the recent attack mainly affected online billing and revenue systems, hackers can infiltrate medical devices that provide critical care. Fu suggests that healthcare providers consult with the Healthcare Sector Coordinating Council's Joint Security Plan for cybersecurity guidance.

AT&T recently announced that data on roughly 73 million current and former customers was exposed on the dark web, including social security numbers and other personal information.  According to the company, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.  The source of the data is still being assessed.  The company said a “robust investigation” is underway, supported by internal and external cybersecurity teams.

The Federal Communications Commission (FCC) is asking Communications Service Providers (CSPs) to give an update on how they are refurbishing their networks to prevent cybercriminals and spies from exploiting vulnerabilities in the Signaling System No. 7 (SS7) and Diameter protocols that enable malicious actors to track targets.

According to recent research published by the Large Language Model (LLM) security vendor Lasso Security, the use of LLMs by software developers provides a greater opportunity for attackers to distribute malicious packages to development environments than previously thought. The study is a follow-up to a report published last year on the possibility of attackers exploiting LLMs' tendency to hallucinate or generate seemingly plausible but factually incorrect results in response to user input.