"Kimsuky," a North Korean cyber espionage group, is now using North Korea's nuclear threats to lure victims into executing malicious payloads. Researchers at Rapid7 Labs observed Kimsuky using new tactics to target victims. The group has used weaponized Office documents and ISO files, and starting last year, they began abusing shortcut (LNK) files. The attackers trick users into executing LNK files by passing them off as benign documents or files. However, these files contain hidden PowerShell commands or even full binaries.

Threat actors are trying to compromise Social Security numbers through a tax phishing attack aimed at small business owners and self-employed filers. According to Malwarebytes Labs, the social engineering scammers are most likely using a cheap email list of self-employed US residents. These emails can be obtained for as little as a few cents each, either on the dark web or through legitimate lead brokers.

A team of security researchers won a Tesla Model 3 and $200,000 for discovering a zero-day vulnerability in a vehicle's Electronic Control Unit (ECU). After one day of Pwn2Own Vancouver 2024, held by Trend Micro's Zero Day Initiative (ZDI), the Synacktiv team topped the leaderboard. Not much is known about the vulnerability because all bugs discovered during the competition are responsibly reported to the appropriate vendor for patching. However, it is known that the team used a single integer overflow flaw to exploit a Tesla ECU with Vehicle (VEH) CAN BUS Control.

Artificial Intelligence (AI)-generated deepfakes can be difficult or impossible to distinguish from the real thing. AI has already been used to mimic voices, exploit celebrities' likenesses, and impersonate world leaders, raising concerns that it will lead to increased misinformation, consumer scams, and a widespread loss of trust. Therefore, recently introduced bipartisan legislation would require the identification and labeling of AI-generated online images, videos, and audio.

Researchers have detailed "AndroxGh0st," a tool used to target Laravel applications and steal sensitive data. It scans and extracts important information from .env files, revealing login information for Amazon Web Services (AWS) and Twilio. It is classified as an SMTP cracker, exploiting SMTP through different strategies, including credential exploitation, web shell deployment, and vulnerability scanning. Threat actors have been using AndroxGh0st to access Laravel .env files and steal credentials for cloud-based applications.

Vitaly Simonovich, a threat intelligence researcher at Cato Networks, points out that even a fake data breach can have serious consequences. In February 2024, someone created a fake news story claiming a data breach at the Maine Attorney General's office, which tricked the Attorney General's office into posting it on its website. Epic Games fell victim to a fake data breach by a cybercrime group claiming it had stolen source code and sensitive user data. Simonovich emphasizes how such fabricated attacks cause panic and harm business reputations.

The House of Representatives recently passed new legislation prohibiting data brokers from selling Americans' personal information to foreign adversary countries or entities under their control.  The bipartisan bill, known as the Protecting Americans' Data from Foreign Adversaries Act of 2024, was introduced on March 5 and passed by a vote of 414 – 0.  Previously, the bill passed out of the Energy and Commerce Committee with a vote of 50-0.

An Iran-linked hacking group claims to have infiltrated a sensitive Israeli nuclear facility's computer network in an incident described by the hackers as a protest against the war in Gaza. The hackers say they stole and released thousands of documents from the Shimon Peres Negev Nuclear Research Center, including PDFs, emails, and PowerPoint slides. This article continues to discuss the hackers claiming to have breached an Israeli nuclear facility's computer network.