The BlackCat/ALPHV ransomware gang claims to have breached Henry Schein's network and stolen data, including payroll and shareholder information. Henry Schein is a healthcare solutions provider with operations and affiliates in 32 countries and an estimated revenue of more than $12 billion. On October 15, the company disclosed that it was forced to take some systems offline in order to contain a cyberattack that had impacted its manufacturing and distribution businesses the day before.

Security researchers at Zscaler ThreatLabz recently discovered the malware BunnyLoader. Hackers record keyboard activity and take over the clipboard on devices where the malware is launched. It can steal browser data and system information, with cryptocurrency wallets also being at risk. All the information collected by the malware in the background is delivered to the hackers via a ZIP archive. Stolen information can be related to credit card data, passwords, downloads, credentials from Virtual Private Network (VPN) services, chat apps, and cryptocurrency wallets.

Attackers are distributing spyware that stealthily collects private data from WhatsApp users on Android devices through the same mods previously discovered for the Telegram service. They counted 340,000 attempts to distribute the spyware via the WhatsApp mod. They believe the actual number of attempted attacks is higher due to the nature of the distribution channel. Although the attack affected users globally, Azerbaijan accounted for 46 percent of the victims. Other countries with a high number of victims include Yemen, Saudi Arabia, Egypt, and Turkey.

Fully Homomorphic Encryption (FHE) enables computation on encrypted data, or ciphertext, to maintain data protection at all times. It allows the use of untrusted networks and improves data privacy. FHE is a sophisticated cryptographic method considered the "holy grail of encryption," as it allows users to process encrypted data while the data or models remain encrypted, guaranteeing data privacy throughout the data computation process.

The US Department of Commerce's National Institute of Standards and Technology (NIST) is seeking participants in a new consortium to support the development of innovative methods for assessing Artificial Intelligence (AI) systems in order to improve the safety and trustworthiness of the technology. This consortium is a key component of the new NIST-led US AI Safety Institute.

Rapid7 cybersecurity researchers have issued a warning regarding the potential exploitation of a recently disclosed critical vulnerability in the Apache ActiveMQ, tracked as CVE-2023-46604, to launch the HelloKitty ransomware. Apache ActiveMQ is a Java-written open-source message broker software serving as a Message-Oriented Middleware (MOM) platform. ActiveMQ facilitates asynchronous communication and data exchange among various applications by providing messaging and communication capabilities.

New research on popular Artificial Intelligence (AI) image generators reveals that they could be hacked to create inappropriate and potentially harmful content. Although most online art generators claim to block violent, pornographic, and other forms of inappropriate content, Johns Hopkins University researchers were able to manipulate two of the most well-known systems to generate the type of images that the products' safeguards are supposed to prevent.

Non-privileged threat actors could exploit 34 different vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers in order to gain complete control of the devices and run arbitrary code on the underlying systems. According to Takahiro Haruyama, a senior threat researcher at VMware Carbon Black, a threat actor without privilege can erase or modify firmware and elevate operating system privileges by exploiting the drivers.

Researchers are bringing attention to a real issue that accompanies Artificial Intelligence (AI) technology, which is teaching it how to forget. According to scientists, 'Machine Unlearning' is an essential weapon against AI risks. They are helping to develop new methods for making AI models known as Deep Neural Networks (DNNs) forget data that poses a risk to society. The issue is that re-training AI programs to 'forget' data is expensive and time-consuming.

The Boeing Company has confirmed that a cyber incident, previously claimed by the LockBit ransomware gang, impacted some operations. The LockBit ransomware group claimed the cyber incident on its leak site on October 27. The company was given a deadline of six days to contact LockBit before the gang would publish all the data it had stolen in the alleged attack. However, Boeing was removed from LockBit's leak page sometime between October 30 and October 31.