The Intelligence Advanced Research Projects Activity (IARPA) launched the Trojans in Artificial Intelligence (TrojAI) program, which aims to defend AI systems by researching and developing technology capable of detecting and mitigating Trojan attacks. Although AI improves the Intelligence Community's (IC) capabilities, it also raises serious security concerns. The IC faces the challenge of protecting AI systems from malicious Trojan attacks, also known as backdoor or data poisoning attacks. These attacks rely on training AI to react to a certain trigger in its inputs.

According to the Cybersecurity and Infrastructure Security Agency (CISA), a Roundcube email server vulnerability patched in September 2023 is being actively exploited in Cross-Site Scripting (XSS) attacks. The security vulnerability, tracked CVE-2023-43770, is a persistent XSS flaw that enables attackers to gain access to restricted information. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that these security flaws pose significant risks to the federal enterprise.

The US Department of Justice (DOJ) has announced the seizure of online infrastructure used to sell a Remote Access Trojan (RAT) called Warzone RAT. According to the DOJ, the domains were used to sell the computer malware capable of accessing and stealing data from victims' computers. The international law enforcement effort has also arrested and indicted two people in Malta and Nigeria for their roles in selling and supporting the malware, as well as helping other cybercriminals use the RAT. They have been charged with unauthorized damage to protected computers.

Fortinet has recently patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762 and CVE-2024-23313), one of which is “potentially” being exploited in the wild.  CISA noted that CVE-2024-21762 is an out-of-bounds write vulnerability in FortiOS, which may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

Many environments and individual user accounts have been compromised as part of an ongoing campaign that targets Microsoft Azure corporate clouds. The activity includes data exfiltration, financial fraud, impersonation, and more against organizations in different geographic regions and industry verticals. Researchers have found that the activity is refined, with tailor-made phishing aimed at the highest-profile, highest-value individuals.

Rhysida ransomware victims can successfully decrypt files encrypted by the ransomware because of an implementation vulnerability discovered by researchers and used to create a decryptor. Rhysida is a Ransomware-as-a-Service (RaaS) gang that carries out double extortion tactics. It was first observed in May 2023, gaining notoriety for targeting the British Library, the Chilean Army, healthcare delivery organizations, and Holding Slovenske Elektrarne (HSE).