Threat actors are using Digital Document Publishing (DDP) sites hosted on platforms such as FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet to perform phishing, credential harvesting, and session token theft, bringing further attention to how threat actors repurpose legitimate services. According to Cisco Talos researcher Craig Jackson, hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack because these sites often have a positive reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security.

Repositories for Machine Learning (ML) models, such as Hugging Face, provide threat actors with the same opportunities to sneak malicious code into development environments as open source public repositories. In a presentation titled "Confused Learning: Supply Chain Attacks through Machine Learning Models," two Dropbox researchers will demonstrate multiple techniques that threat actors can use to distribute malware through ML models on Hugging Face.

Resecurity reported on the growing number of cyber incidents targeting the aerospace and aviation sectors. Researchers have emphasized the importance of conducting rigorous cybersecurity risk assessments for airports as well as proactive threat intelligence because of the activities of major ransomware groups and advanced threat actors. As geopolitical tensions rise, the civil aviation and aerospace industries face an increased risk of destructive cyberattacks. Resecurity has documented recent notable activities by threat actors launching attacks against these sectors.

New research by Ontinue’s Advanced Threat Operations (ATO) team has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all incidents in 2023.  The researchers conducted an extensive analysis of data collected from 600,000 endpoints.  According to the researchers, ransomware emerged as a formidable challenge for organizations across industries last year, with the IT and construction sectors facing disproportionate risks.

Threat researchers at SlashNext have discovered a new cyberattack involving the use of cloaked emails to trick Machine Learning (ML) systems, leading to the infiltration of enterprise networks. SlashNext refers to the tactic as a "Conversation Overflow" attack, which bypasses advanced security measures to deliver phishing messages directly to victims' inboxes. The malicious emails have two different components, with the visible portion prompting the recipient to perform an action, such as entering credentials or clicking links.

A team of researchers from Graz University of Technology in Austria and the University of Rennes in France demonstrated a new Graphics Processing Unit (GPU) attack that affects several popular browsers and graphics cards. The study focused on WebGPU, an Application Programming Interface (API) that allows web developers to use the system's GPU to perform high-performance computations in a web browser. Through this API, they demonstrated an attack that works from the web browser using JavaScript.

Nations Direct Mortgage recently started informing more than 83,000 individuals that their personal information was compromised in a December 2023 data breach.  The company says the incident was identified on December 30 and resulted in unauthorized access to certain systems containing clients’ personal information and other Nations Direct data.  The compromised information, the company reveals, includes names, addresses, Social Security numbers, and Nations Direct loan numbers.

"Earth Krahang," a previously unknown Advanced Persistent Threat (APT) group linked to China, compromised 70 organizations in 23 countries as part of a cyber espionage campaign. Most of the targeted organizations are government entities. According to Trend Micro researchers who discovered the campaign, the group targeted public-facing servers, exploited known vulnerabilities, and sent spear-phishing emails to deliver previously unknown backdoor malware. The campaign mainly focused on Southeast Asia but also targeted entities in America, Europe, and Africa.

"AcidPour," a new destructive malware with data-wiping capabilities, has been discovered in the wild. It targets Linux x86 Internet of Things (IoT) and networking devices. Data wipers are a type of malware used in destructive attacks to delete files and data on targeted devices. This type of malware is typically used to disrupt an organization's operations for political reasons or to divert attention from a larger attack. AcidPour, discovered by SentinelLabs security researcher Tom Hegel, is a variant of the "AcidRain" data wiper.

Security researchers are warning that hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords.  The researchers were able to hack Chattr, the AI hiring system that serves multiple organizations in the US, including fast food chains such as Applebee's, Chick-fil-A, KFC, Subway, Taco Bell, and Wendy's.  The researchers noted that a weakness in Chattr's Firebase implementation allowed them to gain full privileges to the database by registering a new user.