AMD developed Secure Encrypted Virtualization (SEV) to make its cloud services more secure, but even the latest versions of the security feature, SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging), were vulnerable to a software-based attack. This discovery was made by CISPA researcher Ruiyi Zhang, who devised a type of attack called CacheWarp, which, in the worst-case scenario, allows attackers to gain in-depth access to data and even manipulate it. This was not possible with previous attack techniques. According to AMD, the vulnerability has been addressed with an update.

Non-profit cybersecurity center for critical sectors SektorCERT recently revealed that hackers compromised 22 energy organizations in a coordinated attack against Denmark’s critical infrastructure.  SektorCERT noted that as part of the attack in May 2023, the hackers compromised the victim organizations within a few days, making this the largest attack against Danish critical infrastructure to date.  SektorCERT stated that Denmark is constantly under attack,  but it is unusual that one sees so many concurrent, successful attacks against the critical infrastructure.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first Roadmap for Artificial Intelligence (AI), adding to the Department of Homeland Security (DHS) and broader whole-of-government initiative to ensure the secure development and implementation of AI capabilities. CISA's Roadmap for AI outlines different lines of effort, which include responsibly using AI to support the agency's mission, assessing AI systems, protecting critical infrastructure from malicious AI use, and more.

TA402, also known as Molerats and Frankenstein, a pro-Palestinian cyber espionage group focused on compromising government targets in the Middle East, is using a sophisticated initial access downloader. According to Proofpoint researchers, TA402, which has been active for over a decade, is now using a new tool called IronWind. The group used it in three campaigns targeting systems within government agencies throughout the Middle East and Northern Africa.

The US Cybersecurity and Infrastructure Security Agency (CISA) requires US federal agencies to patch five vulnerabilities exploited by attackers to compromise Juniper networking devices. Most of these vulnerabilities are not particularly dangerous on their own, but they can and have been chained together by attackers to enable Remote Code Execution (RCE) on Internet-facing devices. Juniper Networks patched four flaws impacting the J-Web Graphical User Interface (GUI) of Junos OS-powered devices in late August 2023, and advised customers to update their SRX firewalls and EX switches.

Researchers have discovered a new hacking group named "AlphaLock," which presents itself as a "pentesting training organization" that provides training to hackers and then monetizes their services through a dedicated affiliate program. AlphaLock seems relatively sophisticated and active on Telegram, Matrix, and the dark web forum XSS. Their business model is composed of the Bazooka Code Pentest Training and the ALPentest Hacking Marketplace. This article continues to discuss the business model and launch of the AlphaLock group.

Threat actors are targeting publicly accessible Docker Engine Application Programming Interface (API) instances as part of a campaign to co-opt the machines into the OracleIV Distributed Denial-of-Service (DDoS) botnet. According to Cado researchers, the attackers are exploiting this misconfiguration to deliver a malicious Docker container built from an image named 'oracleiv_latest,' containing Python malware compiled as an ELF executable.